vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Urgent: how to disable login strike without admincp access (https://vborg.vbsupport.ru/showthread.php?t=171633)

Hornstar 02-28-2008 07:58 AM
Urgent: how to disable login strike without admincp access
 
A couple days ago my site has been put behind a proxy to protect it from being dossed. However now it appears when anyone fails to login 5 times, it is banning everyone from being able to login for 15 minutes, as it appears the proxy is placing everyone on the same IP.

If I turn off the proxy my site will go down due to the dos attack, so that is not an option.

I have closed my forums with tools.php but it appears even after 15 minutes, I am still getting the message you have to wait 15 minutes.

I cant log into my admincp to disable it.

I need another way to disable it. Any ideas?

Dismounted 02-28-2008 08:03 AM
Put up a temporary page in place of index.php and login, disable the striking system, and remove that temporary index file.

EDIT: I just realised it was you, Matt. :p I've heard about the recent DDoS attacks on the server. What are you using to try to prevent the attacks? Have you tried using mod_evasive?

Marco van Herwaarden 02-28-2008 08:20 AM
Only 1 good solution: Configure your proxy to forward the clients IP, instead of using the proxyservers IP for all connections.

Marco van Herwaarden 02-28-2008 08:24 AM
PS If the attack is done by accessing a page on your server by too many people/bots, there might be a quick workaround to stop this.

I also admin a site that gets hit by attacks pretty often. First what i do when it happens is to password protect the site with a .htaccess, using a simple user/pasword. I provide the user and pass in the login prompt. Like this any human can see the user/pass and get in. All bots etc... will be stopped by the login prompt, reducing the server load a lot.

Just leave that extra login until the attack is over/stopped.

Only "problem" is members who do not read.

Hornstar 02-28-2008 08:27 AM
I will wait 15 minutes and try again, however I just put up the temp index.php page and tried one last time before waiting another 15 minutes, and this is the message I get:

Wrong username or password. You have used up your failed login quota! Please wait 15 minutes before trying again. Don't forget that the password is case sensitive. Forgotten your password? Click here!


Does that mean my password is wrong that I am entering or that I am locked out or both?



I have gone into phpmyadmin and changed my password through that to ensure I am entering it correctly, just want to ensure after I wait 15 mintues, I wont be getting a wrong password problem, as I do not have any email attached on my account to reset it any other way.


As for the ddos (botnet) attack, I have tried everything including a hardware firewall, I am now behind a proxy which authenticates the traffic before it is allowed to go my server, it is working, but at a cost and slower performance to the network, but it is working at least.

--------------- Added [DATE]1204195632[/DATE] at [TIME]1204195632[/TIME] ---------------

Well to ensure my password is correct, I am now adding a new email in through phpmyadmin and then will reset it. And then will wait another 15 minutes. But even after that last 15 minutes, I got the same message straight away.

Marco van Herwaarden 02-28-2008 08:47 AM
Login attempts are logged by IP-address. If your proxyserver only forwards it's own IP, then all attempts (regardless of username or client-IP) will be summed together. Once there have been 5 failed logins (from any PC/user account), all logins wil be blocked for 15 minutes!

Solution: See post #3

Dismounted 02-28-2008 08:49 AM
Quote:
Originally Posted by hornstar1337 (Post 1452758)
Does that mean my password is wrong that I am entering or that I am locked out or both?
Both
Quote:
Originally Posted by hornstar1337 (Post 1452758)
I have gone into phpmyadmin and changed my password through that to ensure I am entering it correctly, just want to ensure after I wait 15 mintues, I wont be getting a wrong password problem, as I do not have any email attached on my account to reset it any other way.
How are you setting the password? Are you encrypting it properly first?

Marco van Herwaarden 02-28-2008 08:53 AM
There is no use in resetting passwords etc..

See my posts.

Hornstar 02-28-2008 08:56 AM
Well it successfully reset through the forums just now, so it has to be set 100% correctly now. I will wait one last 15 minutes before trying again, but if it does not work after this 15 minutes, then I will need other options to make sure I am the only one that is able to see the login button or to disable to strike altogether by altering the login.php I will let you know how I go in the next 15 minutes, hopefully you will be able to think of some other ways to help if it fails. thanks.

--------------- Added [DATE]1204196434[/DATE] at [TIME]1204196434[/TIME] ---------------

Quote:
Originally Posted by Marco van Herwaarden (Post 1452768)
Login attempts are logged by IP-address. If your proxyserver only forwards it's own IP, then all attempts (regardless of username or client-IP) will be summed together. Once there have been 5 failed logins (from any PC/user account), all logins wil be blocked for 15 minutes!

Solution: See post #3
I have forwarded post #3 to my proxy company and will hope they can do that.

However if they wont/cant then I will need to disable the strike system altogether on my site.

I tried again, and I got the wrong password/username try again in 15 minutes, so hopefully there are other options as well. thanks.

Marco van Herwaarden 02-28-2008 09:04 AM
If they won't do that, then you should reconsider using their services.

A lot more might not go as expected if everyone reaches the webserver using the same IP.


All times are GMT. The time now is 10:32 PM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01031 seconds
  • Memory Usage 1,740KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete