it is impossible for a normal user to deblock his Account :(

PostPosted: Sun May 06, 2007 3:54 pm
Author: Juppertje
Your phpBB Version: 2.0.22
phpBB Type: Integramod 141
MODs: No
Your knowledge: Beginner
What was done before the problem appeared?
[i]played with ACP/CrackerTracker/Settings :(

Re: it is impossible to deblock account for a normal user :(

PostPosted: Sun May 06, 2007 4:41 pm
Author: Juppertje
I know that i can deblock all accounts that are blocked in phpmyadmin with UPDATE phpbb_users SET phpBBSecurity_login_tries = '0' WHERE user_id > '-2';

But why can a normal user not deblock him self when he presses on deblock your account when he does press that he see only a screen to reset his/hers cookies

I think i have somthing wrong in ACP/CrackerTracker/Settings ?

is there somwhere a screen shot or a list how the settings has to be set?

with kind regards J Uppert

Re: it is impossible for a normal user to deblock his Accoun

PostPosted: Sun May 06, 2007 7:47 pm
Author: .QUACK.Major.Pain
I've had complaints about that too. They had to try many many times until it worked

Re: it is impossible for a normal user to deblock his Accoun

PostPosted: Mon May 07, 2007 11:13 am
Author: Juppertje
It is a serious problem manny user can't unblock their own account ;)

Re: it is impossible for a normal user to deblock his Accoun

PostPosted: Mon May 07, 2007 12:02 pm
Author: Helter
they can unblock thier own accounts without help. The prob comes when phpbb security and CTracker are both locked. Users will have to go through the unlocking procedure twice.

the easiest way to make this less likely is to go to acp/security/configuration

set "Auto Ban" to "disabled"
set "Login Attempts" to "9"

this should leave CTracker to be the only one blocking login

in acp/CTracker/configuration

set "Spammer Protection" to "disabled"
set "Password Reset Check" to "disabled"

Re: it is impossible for a normal user to deblock his Accoun

PostPosted: Mon May 07, 2007 2:35 pm
Author: Juppertje
txs for you answer but password reset check disabled? then theire is nothing to check the password?

Re: it is impossible for a normal user to deblock his Accoun

PostPosted: Mon May 07, 2007 2:54 pm
Author: Juppertje
Okay i have exactly done what you said but and tested it with a user account but still we have the same problem the screen to deblock the accoutn does not appear afther the account is blocked by ctcracker

Re: it is impossible for a normal user to deblock his Accoun

PostPosted: Mon May 07, 2007 4:49 pm
Author: Helter
password reset check disabled, means that you may continue to request a new password. If it is enabled, it will only reset the password once and will not reset it again until you correctly enter it.

these settings will not unlock accounts that are already locked, but will affect accounts locked in the future. Those that are locked now will have to go through the unlocking precedure for both ctracker and phpbb security

Re: it is impossible for a normal user to deblock his Accoun

PostPosted: Mon May 07, 2007 11:12 pm
Author: Frost
You might want to be careful who you do this for, and think about it before you disable security because users claim they can't get in. There is no reason why any one user, or many for that matter, should have that much of a problem.

Now, I can speak from personal experience (Helter knows what I'm talking about) that sometimes this happens to anyone, and you just kind of get stuck in a rut about it.

But my concern here is from an old member trying to brute force his way into other member's accounts on a trading site. I was admin/owner of several, and this became a quick fad amongst some of the members who liked to cheat and steal. They would get several people to band together and start complaining, then hope the settings would get turned down enough for them to have several tries each on a member's account.

This may not be the case with you, but just a caution,

Re: it is impossible for a normal user to deblock his Accoun

PostPosted: Tue May 08, 2007 12:53 am
Author: Juppertje
I know i have to be carefull but this are all oficial clubmembers i know them in person and 90% of the people of our board are clubmembers

I tried it my self with a second club account and got blocked so far so good but the screen does not appear to unblock that account i cannot see the code i have to fill in neither the block off user name and email account so it does not work <img>

Manny clubmembers come only 3 or 4 times a year on our board and bij then they forgot theire password and that's why they block them selves

Re: it is impossible for a normal user to deblock his Accoun

PostPosted: Sat Jan 22, 2011 11:59 am
Author: AlaskaMat
"HelterSkelter" wrote:they can unblock thier own accounts without help. The prob comes when phpbb security and CTracker are both locked. Users will have to go through the unlocking procedure twice.

the easiest way to make this less likely is to go to acp/security/configuration

set "Auto Ban" to "disabled"
set "Login Attempts" to "9"

this should leave CTracker to be the only one blocking login

in acp/CTracker/configuration

set "Spammer Protection" to "disabled"
set "Password Reset Check" to "disabled"

I am also having problems with my AKMat site being attacked by Brute Force. Many members are being locked out, so I found this thread and tried to follow your instructions. But when I go to the acp, mine reads "CrackerTracker" as opposed to "CTracker," and I don't have a configuraton selection. Can you explain to me how to achieve the second part of your instructions?

Also, is there a way to determine the IP address that these hack attemps are coming from so that I can block it?

Much thanks

Re: it is impossible for a normal user to deblock his Accoun

PostPosted: Sat Jan 22, 2011 7:49 pm
Author: Helter
Thomas, your running a newer version of CTracker. Your path should be as follows

"HelterSkelter" wrote:they can unblock their own accounts without help. The prob comes when phpbb security and CTracker are both locked. Users will have to go through the unlocking procedure twice.

the easiest way to make this less likely is to go to acp/security/configuration

set "Auto Ban" to "disabled"
set "Login Attempts" to "9"

this should leave CTracker to be the only one blocking login

in acp/CrackerTracker/settings

set "Spammer Detection" to "off"
set "Password Reset Checker" to "Deactivate"

If you continue to have problems let me know.
FYI in December the spam bots broke googles "re-captcha" It is an alternative to our captcha and very popular in phpBB3 boards. This seems to have started a stampede of new attacks on all versions of phpBB. Youll notice I disabled it here and replaced it with a simple question/answer for registrations and downloads. Ill look into IM141 and see if we can do the same thing. I know captcha can be a pain sometimes

Re: it is impossible for a normal user to deblock his Accoun

PostPosted: Sat Jan 22, 2011 8:40 pm
Author: AlaskaMat
Got it. Thanks as always for the support, Helter.

Re: it is impossible for a normal user to deblock his Accoun

PostPosted: Sun Jan 23, 2011 1:46 am
Author: Helter
your welcome as always. You might consider setting one forum as viewable to guests only, make an information post about your site but done let anyone post to it and set all the rest of your forums to viewable to logged in users only and be sure your memberlist is set so guests cannot view it. Then the bots cannot hammer your users accounts. they are probably searching your posts or memberlist to get account names to try to hack via brute force

Re: it is impossible for a normal user to deblock his Accoun

PostPosted: Sun Jan 23, 2011 3:13 pm
Author: AlaskaMat
Ahhh - good advice. I thought I had all my forms set to registered only, but found two that were not. That explains how they were accessing user names.

Re: it is impossible for a normal user to deblock his Accoun

PostPosted: Tue Jan 25, 2011 11:18 am
Author: AlaskaMat
"HelterSkelter" wrote:...they are probably searching your posts or memberlist to get account names to try to hack via brute force

I think I have correctly adjusted my settings so you must be logged on to see the member list or forums. Unfortunately I got hit/locked out again last night. Are there any other settings I can adjust to stop the bots?

Re: it is impossible for a normal user to deblock his Accoun

PostPosted: Tue Jan 25, 2011 3:31 pm
Author: Helter
you can go to acp/CrackerTracker/Logmanager/Incorrect Logins

check the ips here to see if they are legit or known troublemakers

if you feel they are not your members and they are malicious, go to
acp/CrackerTracker/settings - IP, Proxy & UserAgent Blocker - set to activate
Then go to acp/CrackerTracker/IP&Agent Blocker/
and add the ip address to block them from the site.