weird logging problem. they work, but log the wrong events

[evil_smurf]

from /var/log/directadmin/security.log

2006:03:07-16:20:36: *** 71.xxx has tried to login with an invalid username: '(null)' ***
2006:03:08-03:12:28: *** 71.xxx has tried to login with an invalid username: '(null)' ***
2006:03:08-03:13:15: *** 71.xxx has tried to login with an invalid username: '' ***


The above IP is mine, and a new entry is created just like that whenever I login CORRECTLY into my user account. It seems to appear when other people login to their accounts as well:

2006:03:07-16:18:30: *** 24.xxx has tried to login with an invalid username: '(null)' ***
2006:03:07-16:18:30: *** 24.xxx has tried to login with an invalid username: '(null)' ***


I'm assuming that that security.log is supposed to log when people login/out correctly as well as incorrectly, but it seems to be mistaken correct logins for incorrect ones.

Is this a bug or misconfiguration?


Thanks for your help

 

[evil_smurf]

nvm i figured out that the login stuff is housed in the dated log files. very weird format however.

those unsuccessful login attempts that are logged whenever you just visit the page though need to be fixed =)

 

[Thijssss]

I can see the same thing in directadmin/security.log file happening on my own ip while my login was ok.

Guess it's not really a problem, but is there some sort of solution or bugfix out for this? I have the latest version of DA.

 

[jw00dy]

I show the exact same thing. I have mine set to blacklist someone after 3 failed login attempts. I just tested and loading the DA Admin login page logs 1 failed login attempt. So I refreshed and a 2nd was logged. After one more refresh, it logged the 3rd, and blacklisted my IP.

No biggie as I just removed myself from the blacklist file via SSH, but a little anoying and could possibly lock out my users.

I think I'll bump that number to 5 or 10 just so they don't, but I'd say it's certainly a bug. Just loading the page should not log a failed login attempt.