diff -u b/modules/user/user.api.php b/modules/user/user.api.php --- b/modules/user/user.api.php +++ b/modules/user/user.api.php @@ -491,7 +491,7 @@ if (!empty($username)) { // Do something with the blocked $username and $ip. For example, send an // e-mail to the user and/or site administrator. - + // Drupal core uses this hook to log the event: watchdog('user', 'Flood control blocked login attempt for %user from %ip.', array('%user' => $username, '%ip' => $ip)); } diff -u b/modules/user/user.module b/modules/user/user.module --- b/modules/user/user.module +++ b/modules/user/user.module @@ -2257,11 +2257,16 @@ * Implements hook_user_flood_control(). */ function user_user_flood_control($ip, $username = FALSE) { - if (!empty($username)) { - watchdog('user', 'Flood control blocked login attempt for %user from %ip.', array('%user' => $username, '%ip' => $ip)); - } - else { - watchdog('user', 'Flood control blocked login attempt from %ip.', array('%ip' => $ip)); + if (variable_get('log_user_flood_control', TRUE)) { + if (!empty($username)) { + watchdog('user', 'Flood control blocked login attempt for %user from %ip.', array( + '%user' => $username, + '%ip' => $ip + )); + } + else { + watchdog('user', 'Flood control blocked login attempt from %ip.', array('%ip' => $ip)); + } } } only in patch2: unchanged: --- a/sites/default/default.settings.php +++ b/sites/default/default.settings.php @@ -659,3 +659,18 @@ $conf['file_scan_ignore_directories'] = array( 'node_modules', 'bower_components', ); + +/** + * Logging of user flood control events. + * + * Drupal's user module will place a temporary block on a given IP address or + * user account if there are excessive failed login attempts. By default these + * flood control events will be logged. This can be useful for identifying + * brute force login attacks. Set this variable to FALSE to disable logging, for + * example if you are using the dblog module and prefer to minimise database + * writes. + * + * @see user_login_final_validate() + * @see user_user_flood_control() + */ +# $conf['log_user_flood_control'] = FALSE;