My store is being target of brute force login, and it is being successfull.
Looking the code, login post method doesnt have PublicAntiForgery or honeypot protection, why?
[HttpPost]
[CaptchaValidator]
//available even when a store is closed
[StoreClosed(true)]
//available even when navigation is not allowed
[PublicStoreAllowNavigation(true)]
public virtual ActionResult Login(LoginModel model, string returnUrl, bool captchaValid)
Thanks!