"You have used up your failed login quota!" appears ALWAYS! Help!

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • ElForro
    Member
    • Mar 2006
    • 74
    • 3.5.x
    #1

    "You have used up your failed login quota!" appears ALWAYS! Help!

    I didn't touch anything in the AdminCP, but people have been working with my server and database, etc..

    Since then, the message: "You have used up your failed login quota! Please wait 15 minutes before trying again." appears each time a user tries to log in. Even I can't log in to the admincp! The message appears the first time, and I can't log in.

    I don't know where to look in order to try to resolve this. Where are this "5" tries saved? In the mysql, in some table?

    Please, I need help to try to fix this ASAP!

    Edit: Maybe the value of "5" tries is set to "0" or something like that in my database? Where should I look?

    Edit 2: I've received an email wich says the iP wich is trying to login and failed was: 10.0.0.1

    I'm jure that's the problem..

    Edit 3: I see that my table "session" is filled with "10.0.0.1" in the "host" column. What query should I execute in order to avoid this problem? Set it to 0, null?
    Last edited by ElForro; Mon 10 Sep '07, 5:30pm.
    Tags: None
    • Steve Machol
      Former Customer Support Manager
      • Jul 2000
      • 154488
      #2
      I have answered this in your support ticket.
      Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
      Change CKEditor Colors to Match Style (for 4.1.4 and above)

      Steve Machol Photography

      Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


        Comment

        • Andy Huang
          Senior Member
          • Feb 2004
          • 4602
          #3
          One thing worth while mentioning is that the IP address issue is caused by a server end feature which acts like a proxy server... This is usually done when your hosting provider tries to clusterize a bunch of server with your files, and have a "front end" server that serves the content. It works like this:

          Code:
          [client]
   |
   |  Request
   |
   V
_____________
| Front End |
| Server    |
-------------
   |\\\   Request
   |  -------------------------------------------------
   |              \                  \                 \
   V               \                  \                 \
_____________     _____________     _____________     _____________
| Clustered |     | Clustered |     | Clustered |     | Clustered |
| Server    |     | Server    |     | Server    |     | Server    |
-------------     -------------     -------------     -------------
          (excuse my poor drawing up there)

          The thoery is that the front end server will request the requested information from one of the clustered server at the back on behalf of the client, and so it doesn't do much work other than request and serve data; that way, the back end servers can do all the work and they can add more server(s) as needed to host all the sites they are hosting without stressing out their server.

          However, the bad thing with that is that all the requests now come from the same IP address -- the front-end server's IP address. A better way to do this is to have a load balancer and direct the DNS to each of the back end server directly (without the server-in-the-middle requesting it), so that sites can still track client's IP address properly. Unfortunately, unless your hosting provider changes their infracture (which is very unlikely now that they've got it setup), vBulletin (and any other scripts for that matter) will not be able to get the correct IP address as all requests comes from the front-end server.

          This implementation cripples your forum from all IP related things, and here's a brief list of what functionality will be broken and why that I can remember off the back of my hand:
          • User login fail strikes (you've already experienced this), because all users are coming from the same IP address, and so system will think you (or anyone else for that matter) are trying to brute force the password and lock you out from logging in for 15 minutes should the failed attempt of EVERYONE visiting your forum sums up to 5 (or whatever configured) times.
          • IP Address banning, because all users are coming from the same IP address
          • (maybe) User login on browsers without cookie support, because all coming from same IP address, so same SESSION data for all of them


          Unfortunately, there is no known work around for hosting companies with this kind of configuration. You should ask your host if they have a none clustered hosting solution available, or consider a different hosting provider should the above becomes a regular problem for you.
          Best Regards,
          Andy Huang

            Comment

            • jasonlitka
              Senior Member
              • Mar 2006
              • 1489
              • 4.0.x
              #4
              Originally posted by Andy Huang
              Unfortunately, there is no known work around for hosting companies with this kind of configuration. You should ask your host if they have a none clustered hosting solution available, or consider a different hosting provider should the above becomes a regular problem for you.
              Try this:

              class_core.php: HTTP_X_FORWARDED_FOR - vBulletin Community Forum
              http://www.vbulletin.com/forum/showpost.php?p=1104162
              Jason Litka - Utter Ramblings

                Comment

                Previous template Next
                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                Working...
                😀
                😂
                🥰
                😘
                🤢
                😎
                😞
                😡
                👍
                👎