diff --git a/backend/server.js b/backend/server.js
index e44d9ff..b3c5b72 100644
--- a/backend/server.js
+++ b/backend/server.js
@@ -574,6 +574,13 @@ app.post('/api/login',
       const user = UserDB.findByUsername(username);
 
       if (!user) {
+        // 记录失败尝试
+        if (req.rateLimitKeys) {
+          loginLimiter.recordFailure(req.rateLimitKeys.ipKey);
+          if (req.rateLimitKeys.usernameKey) {
+            loginLimiter.recordFailure(req.rateLimitKeys.usernameKey);
+          }
+        }
         return res.status(401).json({
           success: false,
           message: '用户名或密码错误'
@@ -588,6 +595,13 @@ app.post('/api/login',
       }
 
       if (!UserDB.verifyPassword(password, user.password)) {
+        // 记录失败尝试
+        if (req.rateLimitKeys) {
+          loginLimiter.recordFailure(req.rateLimitKeys.ipKey);
+          if (req.rateLimitKeys.usernameKey) {
+            loginLimiter.recordFailure(req.rateLimitKeys.usernameKey);
+          }
+        }
         return res.status(401).json({
           success: false,
           message: '用户名或密码错误'
@@ -1587,6 +1601,10 @@ app.post('/api/share/:code/verify', shareRateLimitMiddleware, async (req, res) =
       }
 
       if (!ShareDB.verifyPassword(password, share.share_password)) {
+        // 记录密码错误
+        if (req.shareRateLimitKey) {
+          shareLimiter.recordFailure(req.shareRateLimitKey);
+        }
         return res.status(401).json({
           success: false,
           message: '密码错误'
@@ -1594,6 +1612,11 @@ app.post('/api/share/:code/verify', shareRateLimitMiddleware, async (req, res) =
       }
     }
 
+    // 清除失败记录（密码验证成功）
+    if (req.shareRateLimitKey) {
+      shareLimiter.recordSuccess(req.shareRateLimitKey);
+    }
+
     // 增加查看次数
     ShareDB.incrementViewCount(code);