Login history

January 28, 2016, 03:11:48 am

Sorry, this is mostly a reminder (but if anyone has already the answer is welcome to post it

).

Is login history available to anyone when enabled?
If the button hidden in the profile if the tracking disabled?

The rationale for the first question is a recent security breach at TheAdminZone: as far as I understood, someone was able to alter the template adding a keylogger-like javascript getting all the passwords from users the used the login function in a certain time frame.
I know I use the login very seldom because I'm always logged in, so it would be nice to know if I logged during this period.
In Elk this log is not yet so useful is such cases (being the template php-based it would be easy to modify it adding a query that cleans the log, and that's why any template modification (or even preview) made by the admin panel is immediately notified to the admins via email), but if/when we will manage to move away from php templates it may be very useful to have an accessible login history to have an idea of the last time I did a login (and from where, the IP in that case would be my own IP, so I would like to see it, because if the IP is a Chinese one it would ring a bell... true it is that with IPv6 coming that part would be somehow less relevant... oh well).

The rationale for the second is: I see the button here as moderator, but without entries, so either it's not enabled or I really never logged in. And the second is somehow unlikely. Even though not impossible.