Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 28 Feb 2008, 09:58
Hornstar's Avatar
Hornstar Hornstar is offline
 
Join Date: Jun 2005
Real name: Matt
Urgent: how to disable login strike without admincp access

A couple days ago my site has been put behind a proxy to protect it from being dossed. However now it appears when anyone fails to login 5 times, it is banning everyone from being able to login for 15 minutes, as it appears the proxy is placing everyone on the same IP.

If I turn off the proxy my site will go down due to the dos attack, so that is not an option.

I have closed my forums with tools.php but it appears even after 15 minutes, I am still getting the message you have to wait 15 minutes.

I cant log into my admincp to disable it.

I need another way to disable it. Any ideas?
Reply With Quote
  #2  
Old 28 Feb 2008, 10:03
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Real name: Hanson
Put up a temporary page in place of index.php and login, disable the striking system, and remove that temporary index file.

EDIT: I just realised it was you, Matt. I've heard about the recent DDoS attacks on the server. What are you using to try to prevent the attacks? Have you tried using mod_evasive?
__________________
Former vBulletin.org Staff Member

View My Modifications
29 Releases and Counting... Latest Modification: dmActivityStream - vBookie Integration (4.x)

Please do not PM me to ask for support - please use the relevant thread or forum.
Reply With Quote
  #3  
Old 28 Feb 2008, 10:20
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Only 1 good solution: Configure your proxy to forward the clients IP, instead of using the proxyservers IP for all connections.
__________________
Marco van Herwaarden
Ex vBulletin.org Coordinator
Reply With Quote
  #4  
Old 28 Feb 2008, 10:24
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
PS If the attack is done by accessing a page on your server by too many people/bots, there might be a quick workaround to stop this.

I also admin a site that gets hit by attacks pretty often. First what i do when it happens is to password protect the site with a .htaccess, using a simple user/pasword. I provide the user and pass in the login prompt. Like this any human can see the user/pass and get in. All bots etc... will be stopped by the login prompt, reducing the server load a lot.

Just leave that extra login until the attack is over/stopped.

Only "problem" is members who do not read.
__________________
Marco van Herwaarden
Ex vBulletin.org Coordinator
Reply With Quote
  #5  
Old 28 Feb 2008, 10:27
Hornstar's Avatar
Hornstar Hornstar is offline
 
Join Date: Jun 2005
Real name: Matt
I will wait 15 minutes and try again, however I just put up the temp index.php page and tried one last time before waiting another 15 minutes, and this is the message I get:

Wrong username or password. You have used up your failed login quota! Please wait 15 minutes before trying again. Don't forget that the password is case sensitive. Forgotten your password? Click here!


Does that mean my password is wrong that I am entering or that I am locked out or both?



I have gone into phpmyadmin and changed my password through that to ensure I am entering it correctly, just want to ensure after I wait 15 mintues, I wont be getting a wrong password problem, as I do not have any email attached on my account to reset it any other way.


As for the ddos (botnet) attack, I have tried everything including a hardware firewall, I am now behind a proxy which authenticates the traffic before it is allowed to go my server, it is working, but at a cost and slower performance to the network, but it is working at least.

--------------- Added 28 Feb 2008 at 10:47 ---------------

Well to ensure my password is correct, I am now adding a new email in through phpmyadmin and then will reset it. And then will wait another 15 minutes. But even after that last 15 minutes, I got the same message straight away.

Last edited by Hornstar; 28 Feb 2008 at 10:47. Reason: Auto-Merged DoublePost
Reply With Quote
  #6  
Old 28 Feb 2008, 10:47
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Login attempts are logged by IP-address. If your proxyserver only forwards it's own IP, then all attempts (regardless of username or client-IP) will be summed together. Once there have been 5 failed logins (from any PC/user account), all logins wil be blocked for 15 minutes!

Solution: See post #3
__________________
Marco van Herwaarden
Ex vBulletin.org Coordinator
Reply With Quote
  #7  
Old 28 Feb 2008, 10:49
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Real name: Hanson
Originally Posted by hornstar1337 View Post
Does that mean my password is wrong that I am entering or that I am locked out or both?
Both
Originally Posted by hornstar1337 View Post
I have gone into phpmyadmin and changed my password through that to ensure I am entering it correctly, just want to ensure after I wait 15 mintues, I wont be getting a wrong password problem, as I do not have any email attached on my account to reset it any other way.
How are you setting the password? Are you encrypting it properly first?
__________________
Former vBulletin.org Staff Member

View My Modifications
29 Releases and Counting... Latest Modification: dmActivityStream - vBookie Integration (4.x)

Please do not PM me to ask for support - please use the relevant thread or forum.
Reply With Quote
  #8  
Old 28 Feb 2008, 10:53
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
There is no use in resetting passwords etc..

See my posts.
__________________
Marco van Herwaarden
Ex vBulletin.org Coordinator
Reply With Quote
  #9  
Old 28 Feb 2008, 10:56
Hornstar's Avatar
Hornstar Hornstar is offline
 
Join Date: Jun 2005
Real name: Matt
Well it successfully reset through the forums just now, so it has to be set 100% correctly now. I will wait one last 15 minutes before trying again, but if it does not work after this 15 minutes, then I will need other options to make sure I am the only one that is able to see the login button or to disable to strike altogether by altering the login.php I will let you know how I go in the next 15 minutes, hopefully you will be able to think of some other ways to help if it fails. thanks.

--------------- Added 28 Feb 2008 at 11:00 ---------------

Originally Posted by Marco van Herwaarden View Post
Login attempts are logged by IP-address. If your proxyserver only forwards it's own IP, then all attempts (regardless of username or client-IP) will be summed together. Once there have been 5 failed logins (from any PC/user account), all logins wil be blocked for 15 minutes!

Solution: See post #3
I have forwarded post #3 to my proxy company and will hope they can do that.

However if they wont/cant then I will need to disable the strike system altogether on my site.

I tried again, and I got the wrong password/username try again in 15 minutes, so hopefully there are other options as well. thanks.

Last edited by Hornstar; 28 Feb 2008 at 11:00. Reason: Auto-Merged DoublePost
Reply With Quote
  #10  
Old 28 Feb 2008, 11:04
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
If they won't do that, then you should reconsider using their services.

A lot more might not go as expected if everyone reaches the webserver using the same IP.
__________________
Marco van Herwaarden
Ex vBulletin.org Coordinator
Reply With Quote
  #11  
Old 28 Feb 2008, 11:05
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
I tried again, and I got the wrong password/username try again in 15 minutes, so hopefully there are other options as well. thanks.
Not only you, but everyone (members, guests, bots, ...) should not load any vB page for 15 minutes to have this reset!
__________________
Marco van Herwaarden
Ex vBulletin.org Coordinator
Reply With Quote
  #12  
Old 28 Feb 2008, 11:08
Hornstar's Avatar
Hornstar Hornstar is offline
 
Join Date: Jun 2005
Real name: Matt
Originally Posted by Marco van Herwaarden View Post
Not only you, but everyone (members, guests, bots, ...) should not load any vB page for 15 minutes to have this reset!
yeah, that is why I followed dismounteds instructions about putting up a temp index.php so they can not login on the forums homepage, but if other people are on other pages, this wont help much. I will need to basically need to find another way to stop everyone except myself login access for the next 15 minutes somehow. any ideas?
Reply With Quote
  #13  
Old 28 Feb 2008, 11:10
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
See post #4, use a .htaccess to control this.

But you really will not get out of trouble until you either remove the proxyserver, or update it's configuration. You really should address this issue before even thinking of other solutions.
__________________
Marco van Herwaarden
Ex vBulletin.org Coordinator
Reply With Quote
  #14  
Old 28 Feb 2008, 11:47
Hornstar's Avatar
Hornstar Hornstar is offline
 
Join Date: Jun 2005
Real name: Matt
Okay did the .htaccess and it worked. I have now globally turned off the strike system. However overall, I will need to do what you said, either get them to change the way the proxy works, or find another option.

Thanks.
Reply With Quote
  #15  
Old 24 Jan 2009, 19:43
gmerin gmerin is offline
 
Join Date: Dec 2008
Since nobody mentioned this, I thought I might just throw this out for anyone else who gets in this situation with the login strike system: once triggered the striking system is restricting any account login (not just the one you failed to login to) from your ip address. This info is stored in the database table strikes which contains 3 fields (striketime, strikeip, username). After backing up the table and/or database (if modifying the database directly makes you anxious), you could (1) truncate the table strikes or delete from strikes where strikeip = <yourip>

i have dyslexic fingers and use this method regularly as an alternative to permanently disabling the login striking system.
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 04:06.

Layout Options | Width: Wide Color: