Update 000_intro.md

website/docs/admin/000_intro.md

@@ -261,15 +261,30 @@ To restrict OpenAdmin access to your team, whitelist your server's IP addresses
 As an additional security measure, HTTP Basic Authentication can be enabled for the admin panel.
 
 ### Brute-Force Protection
-OpenAdmin includes built-in [rate limiting](https://i.postimg.cc/VfgmKCvx/ratelimiting.png) and [IP blocking](https://i.postimg.cc/053g4dsB/2024-11-01-12-25.png) to protect against brute-force attacks. You can configure the maximum number of failed login attempts allowed per IP (default is `5`) and the total number of failed attempts (default is `20`), after which the offending IP will be temporarily blocked by the firewall for one hour.
 
-Limits are configurable in: `/etc/openpanel/openadmin/config/admin.ini` file:
+Both user and admin interfaces have a built-in rate limiting and IP address blocking to protect against brute-force attacks. You can configure the maximum number of failed login attempts allowed per IP (default is `5`) and the total number of failed attempts (default is `20`), after which the offending IP will be temporarily blocked by the firewall for one hour.
+
+For user panel imits are configurable in: `/etc/openpanel/openpanel/conf/openpanel.config` file:
+```bash
+[USERS]
+login_ratelimit=5
+login_blocklimit=20
+```
+
+![user ratelimit](/img/panel/v1/user_block.png)
+
+For admin panel imits are configurable in: `/etc/openpanel/openadmin/config/admin.ini` file:
 ```bash
 [PANEL]
 login_ratelimit=5
 login_blocklimit=20
 ```
 
+![admin ratelimit](/img/admin/admin_block.png)
+
+If a user successfully logs in, the counter for `login_blocklimit` will reset.
+Failed login attempts and blocked IP addresses are logged in the `/var/log/openpanel/admin/failed_login.log` file for OpenAdmin and in the `/var/log/openpanel/user/failed_login.log` file for OpenPanel.
+
 ### IP blocking per domain
 
 Users can block IP addresses per domain name.