View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001636 | Composr | securitylogging | public | 2014-05-06 08:19 | 2014-05-06 11:29 |
| Reporter | A.Guttenberger | Assigned To | Chris Graham | ||
| Severity | Major-bug | ||||
| Status | closed | Resolution | fixed | ||
| Product Version | |||||
| Fixed in Version | |||||
| Summary | 0001636: Get always blocked by Hacking-Security | ||||
| Description | I don't know if this is a bug but i cant' find any solution in FAQ's, documentation and the Forum. I will often be blocked by the Website as a hacker. I'm using OC-Portal as Intranet-Portal in a DMZ only with internal IP's. I installed the latest updates 9.0.13. It's no difference betwen Admin-Group or Members. I hope you can give me a simple solution. | ||||
| Steps To Reproduce | Editing the Website and saving new content. Sometimes a normal Login. | ||||
| Additional Information | I'm using IE 11.0.9600.17105 Updateversion 11.0.7 on Win 8.1 or Google Chrome Version 34.0.1847.131 m | ||||
| Tags | No tags attached. | ||||
| Time estimation (hours) | |||||
| Sponsorship open | |||||
|
|
Failure.pdf (136,082 bytes) |
|
|
A brute-force login hack is defined as over 30 invalid logins within the last 15 minutes from your IP address. If you have reset the clock on your server back, that could cause an issue. I'll address that possibility in the next patch release. A workaround is to empty the contents of the failedlogins table, which will delete the failure history used to produce the error. However I think most likely what is happening is your internal network putting all users with the same IP address, and hence counting them all as one in terms of security. A proxy server might cause that. That's not good for security generally, as you can't identify particular users except if they're logged in. I'm just guessing though, I don't know if this really is the case. In v10 we are going to make the settings (30 and 15, as above) configurable. In the mean-time you could remove this line from sources/users_active_actions.php: if ($count>30) log_hack_attack_and_exit('BRUTEFORCE_LOGIN_HACK'); or make 30 a much bigger number. |
