User IP being blocked but can't find it in block list

6 years 7 months ago #296252 by webtechplus
Hi we have a user who cannot login when they are on their normal IP address. They can login with a proxy and then go back to their normal IP and view the site as usual. However when they try to login when on their normal IP address they keep getting

Your login attempt has been blocked. Reason: Too many failed login attempts.

So I assume this is a CB issue because that alert message is generated in CB. However when I look up the bans I have searched the IP address, and every IP address on the users profile and none of them are blocked so we are kind of stumped as to what is going on.

We have Google reCaptcha on our login form could this be causing a potential issue? They did mention that the reCaptcha was causing problems for them before and now this error is getting displayed for them however reCaptcha is working fine.


Thanks for support and feedback
We hope that we can assist you if you need and ask, all the best from the WTP Team

Please Log in to join the conversation.

6 years 7 months ago #296256 by krileon
They attempted to login X times and failed to do so so they were automatically blocked. Whether that actually generates a block in the database is dependent on if you configured it to do so. By default it does not and simply denies future login attempts until a configured time has passed since their last login attempt. You can see their attempts within CB AntiSpam > Attempts. You can configure all of this within CB AntiSpam > Parameters > Login > Auto Block. There is also auto blocking feature for Captcha, Registration, and Forgot Login.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

6 years 7 months ago #296338 by webtechplus
Hi Kyle

If a user is blocked after X amount of attempts shouldn't it say in CB that their account is blocked? I have checked the configuration under CB AntiSpam > Parameters > Login > Auto Block and it has been enabled the block duration should only be for one hour.

The user can still log in if he on another IP Address (using a VPN) it's just his main IP which seems to be causing the issue.


Thanks for support and feedback
We hope that we can assist you if you need and ask, all the best from the WTP Team

Please Log in to join the conversation.

6 years 7 months ago #296343 by krileon

If a user is blocked after X amount of attempts shouldn't it say in CB that their account is blocked?

No, not unless you set it to create a block. By default it just denies the login attempt and saves your database the storage and query.

The user can still log in if he on another IP Address (using a VPN) it's just his main IP which seems to be causing the issue.

Check within CB AntiSpam > Attempts for the IP Address being blocked. You can see how many attempts were made there for that IP Address. VPNs conceal a users IP Address so more than likely multiple people are using the same VPN company and are all being funneled through the same IP Address. There's nothing I can implement to do anything about this. The VPN is working exactly as it should. It's up to you how you want to handle that (e.g. disable login blocking, increase the attempt limit, decrease the block time, whitelist the VPN ip address, etc..).

The defaults for login auto blocking are 5 failed login attempts within a month results in 1 hour of denied logins. All attempts should clear on the next successful login from that ip address. Continuing to make failed attempts resets the time on the block. They need to make a successful login attempt after 1 hour of being blocked. However, it does appear the timeframe parameter isn't working entirely correctly. It's supposed to reset the attempts if the next attempt is outside of the timeframe, but that doesn't seam to be the case and will fix, but that'd only cause an issue if they failed to login, hit the attempt limit, and came back like 2 months later and failed again.

forge.joomlapolis.com/issues/6730


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

Moderators: beatnantkrileon
Time to create page: 0.353 seconds

Facebook Twitter LinkedIn