Urgent: how to disable login strike without admincp access
 

A couple days ago my site has been put behind a proxy to protect it from being dossed. However now it appears when anyone fails to login 5 times, it is banning everyone from being able to login for 15 minutes, as it appears the proxy is placing everyone on the same IP.

If I turn off the proxy my site will go down due to the dos attack, so that is not an option.

I have closed my forums with tools.php but it appears even after 15 minutes, I am still getting the message you have to wait 15 minutes.

I cant log into my admincp to disable it.

I need another way to disable it. Any ideas?

Put up a temporary page in place of index.php and login, disable the striking system, and remove that temporary index file.

EDIT: I just realised it was you, Matt. :p I've heard about the recent DDoS attacks on the server. What are you using to try to prevent the attacks? Have you tried using mod_evasive?

Only 1 good solution: Configure your proxy to forward the clients IP, instead of using the proxyservers IP for all connections.

PS If the attack is done by accessing a page on your server by too many people/bots, there might be a quick workaround to stop this.

I also admin a site that gets hit by attacks pretty often. First what i do when it happens is to password protect the site with a .htaccess, using a simple user/pasword. I provide the user and pass in the login prompt. Like this any human can see the user/pass and get in. All bots etc... will be stopped by the login prompt, reducing the server load a lot.

Just leave that extra login until the attack is over/stopped.

Only "problem" is members who do not read.

I will wait 15 minutes and try again, however I just put up the temp index.php page and tried one last time before waiting another 15 minutes, and this is the message I get:

Wrong username or password. You have used up your failed login quota! Please wait 15 minutes before trying again. Don't forget that the password is case sensitive. Forgotten your password? Click here!


Does that mean my password is wrong that I am entering or that I am locked out or both?



I have gone into phpmyadmin and changed my password through that to ensure I am entering it correctly, just want to ensure after I wait 15 mintues, I wont be getting a wrong password problem, as I do not have any email attached on my account to reset it any other way.


As for the ddos (botnet) attack, I have tried everything including a hardware firewall, I am now behind a proxy which authenticates the traffic before it is allowed to go my server, it is working, but at a cost and slower performance to the network, but it is working at least.

--------------- Added [DATE]1204195632[/DATE] at [TIME]1204195632[/TIME] ---------------

Well to ensure my password is correct, I am now adding a new email in through phpmyadmin and then will reset it. And then will wait another 15 minutes. But even after that last 15 minutes, I got the same message straight away.

Login attempts are logged by IP-address. If your proxyserver only forwards it's own IP, then all attempts (regardless of username or client-IP) will be summed together. Once there have been 5 failed logins (from any PC/user account), all logins wil be blocked for 15 minutes!

Solution: See post #3

Both
How are you setting the password? Are you encrypting it properly first?

There is no use in resetting passwords etc..

See my posts.

Well it successfully reset through the forums just now, so it has to be set 100% correctly now. I will wait one last 15 minutes before trying again, but if it does not work after this 15 minutes, then I will need other options to make sure I am the only one that is able to see the login button or to disable to strike altogether by altering the login.php I will let you know how I go in the next 15 minutes, hopefully you will be able to think of some other ways to help if it fails. thanks.

--------------- Added [DATE]1204196434[/DATE] at [TIME]1204196434[/TIME] ---------------

I have forwarded post #3 to my proxy company and will hope they can do that.

However if they wont/cant then I will need to disable the strike system altogether on my site.

I tried again, and I got the wrong password/username try again in 15 minutes, so hopefully there are other options as well. thanks.

If they won't do that, then you should reconsider using their services.

A lot more might not go as expected if everyone reaches the webserver using the same IP.

Not only you, but everyone (members, guests, bots, ...) should not load any vB page for 15 minutes to have this reset!

yeah, that is why I followed dismounteds instructions about putting up a temp index.php so they can not login on the forums homepage, but if other people are on other pages, this wont help much. I will need to basically need to find another way to stop everyone except myself login access for the next 15 minutes somehow. any ideas?

See post #4, use a .htaccess to control this.

But you really will not get out of trouble until you either remove the proxyserver, or update it's configuration. You really should address this issue before even thinking of other solutions.

Okay did the .htaccess and it worked. I have now globally turned off the strike system. However overall, I will need to do what you said, either get them to change the way the proxy works, or find another option.

Thanks.

Since nobody mentioned this, I thought I might just throw this out for anyone else who gets in this situation with the login strike system: once triggered the striking system is restricting any account login (not just the one you failed to login to) from your ip address. This info is stored in the database table strikes which contains 3 fields (striketime, strikeip, username). After backing up the table and/or database (if modifying the database directly makes you anxious), you could (1) truncate the table strikes or delete from strikes where strikeip = <yourip>

i have dyslexic fingers and use this method regularly as an alternative to permanently disabling the login striking system.

How can anyone try to login using your IP? I would not spend much time in solutions to lift the block, but you should focus on he question how it is possible that others are using your IP.

Thanks man; perfect fix. :)

This information is much appreciated , as I was in a same position because of my proxy server.
I was pulling my hair for 2 days.

Thank You million times !

Had the same exact problem:

Fixed the problem myself.

My host settings somehow cause the forum to think everyone's IP is the same.

So I went to the control panel of my host and to the Mysql file. In the strike table, delete the file entries. This will let you sign in but won't solve the problem.

Then go sign into your forum , go to your Admin panel, and then and turn off the setting that makes the forum lock you out after five sign in attempts. In the Admin panel, go to Options = general settings = then select NO for this:

Use Login "Strikes" System
Setting this to no will disable the system that prevents a user (with a specific IP address) from logging into an account after entering an incorrect password 5 times.