Ban IP Address in Auth

[Arinji2]

So currently there is a pretty big security issue, so without 2fa anyone with the url of the admin panel can just bruteforce login into any admin account, if you set a max login requests..it gets worse since anyone can block admins from logging in.

We need a way to ban ip address's on failed logins.. not users
https://discord.com/channels/967097582721572934/1213128284854943774

[Arinji2]

Update on this, I made this inhouse by just having a collection for ips which have been saved. I make a request to add an ip from our frontend which makes you login to discord first.
We have cloudflare so the user ip can be found from X-FORWARDED-FOR, then simply on login into the cms I make sure the user ip exists in the collection else redirect to the frontend to login.

[JeffreyArts]

I have 0% experience with PayloadCMS. But would you be able to write this "ip-blacklister" in such a manner that I would be integrate it in my installation as some sort of package, plug-in or extension? Or is it mandatory to weave this feature into the original codebase? Making it more challenging to process future updates of the CMS