When a user login using the form we know log an error level information with information about the user:
- username used
- IP
- User agent
For example:
> Authentication failure for user "eza", from IP "127.0.0.1", with UA: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36".
It’ll allows server admin using fail2ban to configure it to block these people if they generate too much failure authentication.