Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 02-28-2008, 07:58 AM
Hornstar Hornstar is offline
 
Join Date: Jun 2005
Location: Australia
Posts: 2,469
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Urgent: how to disable login strike without admincp access

A couple days ago my site has been put behind a proxy to protect it from being dossed. However now it appears when anyone fails to login 5 times, it is banning everyone from being able to login for 15 minutes, as it appears the proxy is placing everyone on the same IP.

If I turn off the proxy my site will go down due to the dos attack, so that is not an option.

I have closed my forums with tools.php but it appears even after 15 minutes, I am still getting the message you have to wait 15 minutes.

I cant log into my admincp to disable it.

I need another way to disable it. Any ideas?
Reply With Quote
  #2  
Old 02-28-2008, 08:03 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Put up a temporary page in place of index.php and login, disable the striking system, and remove that temporary index file.

EDIT: I just realised it was you, Matt. I've heard about the recent DDoS attacks on the server. What are you using to try to prevent the attacks? Have you tried using mod_evasive?
Reply With Quote
  #3  
Old 02-28-2008, 08:20 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Only 1 good solution: Configure your proxy to forward the clients IP, instead of using the proxyservers IP for all connections.
Reply With Quote
  #4  
Old 02-28-2008, 08:24 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

PS If the attack is done by accessing a page on your server by too many people/bots, there might be a quick workaround to stop this.

I also admin a site that gets hit by attacks pretty often. First what i do when it happens is to password protect the site with a .htaccess, using a simple user/pasword. I provide the user and pass in the login prompt. Like this any human can see the user/pass and get in. All bots etc... will be stopped by the login prompt, reducing the server load a lot.

Just leave that extra login until the attack is over/stopped.

Only "problem" is members who do not read.
Reply With Quote
  #5  
Old 02-28-2008, 08:27 AM
Hornstar Hornstar is offline
 
Join Date: Jun 2005
Location: Australia
Posts: 2,469
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I will wait 15 minutes and try again, however I just put up the temp index.php page and tried one last time before waiting another 15 minutes, and this is the message I get:

Wrong username or password. You have used up your failed login quota! Please wait 15 minutes before trying again. Don't forget that the password is case sensitive. Forgotten your password? Click here!


Does that mean my password is wrong that I am entering or that I am locked out or both?



I have gone into phpmyadmin and changed my password through that to ensure I am entering it correctly, just want to ensure after I wait 15 mintues, I wont be getting a wrong password problem, as I do not have any email attached on my account to reset it any other way.


As for the ddos (botnet) attack, I have tried everything including a hardware firewall, I am now behind a proxy which authenticates the traffic before it is allowed to go my server, it is working, but at a cost and slower performance to the network, but it is working at least.

--------------- Added [DATE]1204195632[/DATE] at [TIME]1204195632[/TIME] ---------------

Well to ensure my password is correct, I am now adding a new email in through phpmyadmin and then will reset it. And then will wait another 15 minutes. But even after that last 15 minutes, I got the same message straight away.
Reply With Quote
  #6  
Old 02-28-2008, 08:47 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Login attempts are logged by IP-address. If your proxyserver only forwards it's own IP, then all attempts (regardless of username or client-IP) will be summed together. Once there have been 5 failed logins (from any PC/user account), all logins wil be blocked for 15 minutes!

Solution: See post #3
Reply With Quote
  #7  
Old 02-28-2008, 08:49 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by hornstar1337 View Post
Does that mean my password is wrong that I am entering or that I am locked out or both?
Both
Quote:
Originally Posted by hornstar1337 View Post
I have gone into phpmyadmin and changed my password through that to ensure I am entering it correctly, just want to ensure after I wait 15 mintues, I wont be getting a wrong password problem, as I do not have any email attached on my account to reset it any other way.
How are you setting the password? Are you encrypting it properly first?
Reply With Quote
  #8  
Old 02-28-2008, 08:53 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

There is no use in resetting passwords etc..

See my posts.
Reply With Quote
  #9  
Old 02-28-2008, 08:56 AM
Hornstar Hornstar is offline
 
Join Date: Jun 2005
Location: Australia
Posts: 2,469
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Well it successfully reset through the forums just now, so it has to be set 100% correctly now. I will wait one last 15 minutes before trying again, but if it does not work after this 15 minutes, then I will need other options to make sure I am the only one that is able to see the login button or to disable to strike altogether by altering the login.php I will let you know how I go in the next 15 minutes, hopefully you will be able to think of some other ways to help if it fails. thanks.

--------------- Added [DATE]1204196434[/DATE] at [TIME]1204196434[/TIME] ---------------

Quote:
Originally Posted by Marco van Herwaarden View Post
Login attempts are logged by IP-address. If your proxyserver only forwards it's own IP, then all attempts (regardless of username or client-IP) will be summed together. Once there have been 5 failed logins (from any PC/user account), all logins wil be blocked for 15 minutes!

Solution: See post #3
I have forwarded post #3 to my proxy company and will hope they can do that.

However if they wont/cant then I will need to disable the strike system altogether on my site.

I tried again, and I got the wrong password/username try again in 15 minutes, so hopefully there are other options as well. thanks.
Reply With Quote
  #10  
Old 02-28-2008, 09:04 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If they won't do that, then you should reconsider using their services.

A lot more might not go as expected if everyone reaches the webserver using the same IP.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 06:48 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04502 seconds
  • Memory Usage 2,260KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete