Exceeded maximum allowed number of login attempts?

[Jonathan]

I can say now that it also happens to me. Unfortunately for whatever it is that causes this, my password is stronger than its hash.

*Stays outta here for now.*

[Tank Program]

It seems like there may be some sort of brute forcing system going on. I've patched phpBB so that it will record these failed login attempts to get the IPs, which I'll then ban.

These failed login attempts also seem to show up in the log files. The issue is that just this month there are 13398 logins and/or attempts. I'll have to find some sort of log analyser or write one to extract the IPs that could be behind this stuff. (Unless anyone knows of any existing software...)

[Z-Man]

Waitwhat? I was right?

Probably not really related, but "View active topics" stopped working today. The list is empty now, but reliably showed all current topics previously.

[Word]

the view active topics button seems to be broken for me...

[AI-team]

the view active topics button seems to be broken for me...

for me as well ):

[Tank Program]

Hrmph. I upgraded phpBB while I was at it, that may be the cause.

Edit: Right. Got that fixed.

[Tank Program]

Apologies if anyone gets banned that's a real person. Contact me on IRC or Twitter if this happens.

[Word]

I'm reading this with a proxy, otherwise I couldn't have found this at all.



edit: strange bug...whenever i hit submit i'm now redirected to a topic called "FISHY!"

edit2: now I'm back without proxy, thank you

[Jonathan]

edit: strange bug...whenever i hit submit i'm now redirected to a topic called "FISHY!"

Probably a message. If you allow these little cracker fish to grow, they'll eventually get huge and destroy the ecosystem. Or something.

How does this banning work? It doesn't ban the first time an IP gets the exceeded message, right? Because that would ban everyone trying to login on their own account, if it had been hit before.

[Tank Program]

No, learned from accidentally banning Word. I haven't implemented anything yet, but it looks like there's a fairly specific criterion to look for. I don't want to write more here in case someone catches on...

[Z-Man]

INW was also accidentally banned, just for the record.

[INW]

I was banned as well but Z-Man fixed it XD

Odd forums lately lol

[Tank Program]

Right. Haven't had the time to workout the banning thing. Until I get around to that I'm aiming for a more sustainable approach. I've made some simple modifications to the login process. If anyone has any trouble logging in, please let me know.

[Cosmic Dolphin]

Did it again to me when I logged in today. Took two tries because I couldn't read the captcha...

[Tank Program]

Has this happened to anybody else recently? Specifically those who went through the captcha once before and then wound up back at it after I made the modifications? I know it's happened to some folks, but I don't know if it was the captcha leftover from before...