Legacy Forum closed after 1 false login into AdminCP

Status
Not open for further replies.
M

Merlok

New member
My forum is closed after one attempt to login with a false password or username into the AdminCP has been made by the same IP address.

The settings in "Security Watchers: General" are:
5 AdminCP access attempts from the same IP address in the past 1 hours: Email Webmaster
20 AdminCP access attempts from the same IP address in the past 1 hours: Email Webmaster, Close Forum, Ban IP Address

So the settings should be ok.

But unfortunately it does not work.


Is this a known bug, or how can I solve this?
 
Upvote 0
This suggestion has been closed. Votes are no longer accepted.
That's not a bug, it will only display entries in the ACP that have actually triggered the event. In other words, the same person has tried to login that many times, and the event displayed is the one that caused the action to be taken :)
 
Thanks for the reply.
But why is my forum closed after only one attempt to login to the AdminCP?

That makes no sense in my eyes. :(
 
Sorry, I wasn't clear enough:

Let's say someone tries to log in to your AdminCP 19 times in the past 1 hour. The security center shows no alerts.

Then they try to log in 1 more time. The security center now shows 1 alert, and takes the actions described.


Does it make more sense now? It is not just 1 login.

I have changed this thread to a feature request and will add links to the full access attempt logs in a future version :)
 
Ah ok. That makes sense. :)

I just did a test for myself using my iPhones Safari browser while connected to my telephone providers 3G network.
I tried to login only one time into the AdminCP using a false password and my IP was banned and the forum closed.

As I use the setting "from the same IP address", and I definitely haven't used my iPhone browser for anything today, there is surely something wrong.
Maybe you want to do a check for your own to see that it is as I described the issue?
 
Hmm, did you access the AdminCP login form more than once before submitting your test failed login?

I'm looking through the code right now, and the AdminCP Access Attempts fires both on the actual form AND when they are attempting to login.

Can you look in the dbtech_vbsecurity_adminstrikes table and look for your mobile IP (you should find it in the Security Watchers page as the latest attempted intruder) and see how many entries are there?

Meanwhile, I'll test it and see how many entries are actually generated by simply 1 visit and 1 login attempt :)
 
Hmm, did you access the AdminCP login form more than once before submitting your test failed login?

I'm looking through the code right now, and the AdminCP Access Attempts fires both on the actual form AND when they are attempting to login.

Can you look in the dbtech_vbsecurity_adminstrikes table and look for your mobile IP (you should find it in the Security Watchers page as the latest attempted intruder) and see how many entries are there?

Meanwhile, I'll test it and see how many entries are actually generated by simply 1 visit and 1 login attempt :)
 
I checked the logs under Admin Strikes, but unfortunately the latest entry there is from the 25.05. :/
Seems a bit weird.
 
Weird indeed, it's quite literally impossible for the code to act on entries 3 days old - if that was the case, this forum would be swamped :D

Can you please PM me with FTP and an AdminCP account and if possible, phpMyAdmin? If so, I may be able to get to the bottom of this :)
 
Ok, done.
Admin access to my forums and FTP access is PM'ed. The phpmyadmin access I wouldn't like to share at the moment. :)

I hope that the admin and FTP access can help to solve my problem.
 
After further testing, the mod seems to be working as intended :)

The mod correctly took the first configured action once it hit the required amount of strikes, and I was unable to replicate it triggering the "20 strikes" action after just 1 strike.

Perhaps the mobile phone opened more connections to the site and that was registered as multiple strikes? I don't know, just a wild guess.
 
Fillip H. said:
After further testing, the mod seems to be working as intended :)

The mod correctly took the first configured action once it hit the required amount of strikes, and I was unable to replicate it triggering the "20 strikes" action after just 1 strike.

Perhaps the mobile phone opened more connections to the site and that was registered as multiple strikes? I don't know, just a wild guess.
Click to expand...

I've decided to remove this addon sadly for the same reason. I'm constantly using my mobile and it's constantly banning ip after one failed login. I think you guys should test if with different mobiles, it's also done this once on my PC using Firefox.

Will defiantly purchase the Future :)
 
Last edited:
Status
Not open for further replies.

Similar threads

Fillip H.
New XenForo Product: DragonByte Security v3.0.0 Beta 1!
Replies
0
Views
2K
Fillip H.
Fillip H.
Fillip H.
vBSecurity v2.1.0 Released
Replies
0
Views
2K
Fillip H.
Fillip H.
Fillip H.
vBSecurity v2.0.0 Released
Replies
0
Views
2K
Fillip H.
Fillip H.
Fillip H.
vBSecurity v1.0.0 (Beta) Released!
Replies
0
Views
2K
Fillip H.
Fillip H.
IcEWoLF
  • Locked
  • Suggestion Suggestion
Legacy Suggestion Goals + goals block
Replies
4
Views
811
Ozzy47
Ozzy47
Back
Top