An account was just locked. - Repeated 80 times...

Support for IntegraMOD 141

Moderator: Integra Moderator

An account was just locked. - Repeated 80 times...

PostAuthor: sanji » Thu Jan 20, 2011 3:33 pm

Hi,

I got on my 1.4.1 forum the following pm :

An account was just locked. Below are the details.

Account Locked: XXXXX
IP For Who Locked It: 91.213.50.235

This is an automated response, do not reply. If you have an IP tracker installed, check the above IP against the ones you have stored in the database.


And repeated 80 times, for 80 different accounts, last 24 hours... My best guess is that someone tries to brute force all account one after the other.

Two questions :

- how can I prevent that (IPs are different everytime...)
- how can I reset the security so that all those members do not need to answer their security question (preferably by myphp to do it automatically).

I also must mention that all administrator accounts, including mine, where targeted too, and I had to use several time the captcha procedure to unblock my own account...

Thanks <img>

sanji
[img]http://www.secret-japan.com/forum/images/banners/fuji%20secret-japan%2088x31.gif[/img] [url=http]Secret Japan[/url] : discover Japan off the beaten tracks

sanji
Sr Integra Member
Sr Integra Member
 
Posts: 291
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Wed Apr 12, 2006 9:18 pm
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Prosk8er » Thu Jan 20, 2011 3:54 pm

yeah i think thats happening to alot of phpbb boards people are tring to get the passwords ive seen it on a few different sites

Prosk8er
Newbie
Newbie
 
Posts: 1
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Dec 11, 2008 7:30 am
Cash on hand: 0.00
Location: Rochester, Ny

Re: An account was just locked. - Repeated 80 times...

PostAuthor: sanji » Fri Jan 21, 2011 2:45 am

Anything we can do against that ?

And how to reset the count of "errors", so that normal users do not have to enter their safety question ?
[img]http://www.secret-japan.com/forum/images/banners/fuji%20secret-japan%2088x31.gif[/img] [url=http]Secret Japan[/url] : discover Japan off the beaten tracks

sanji
Sr Integra Member
Sr Integra Member
 
Posts: 291
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Wed Apr 12, 2006 9:18 pm
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Michaelo » Sat Jan 22, 2011 6:27 am

I have added this to the portal tools, you can reset all user login attempts or any given user...
I will post the code later...
Kiss Portal Engine phpbbireland (status: Released)
User avatar
Michaelo
Administrator
Administrator
 
Posts: 1646
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Sat Mar 11, 2006 6:14 pm
Cash on hand: 0.00
Location: Dublin, Ireland

Re: An account was just locked. - Repeated 80 times...

PostAuthor: DjPorkchop » Sun Jan 23, 2011 3:06 pm

You know, I was curious about this problem. Every single phpBB2 or 3 board I normally visit, I am having to use the captcha for excessive amount of login attempts. Even at sites I only visit once or twice a month.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
DjPorkchop
Administrator
Administrator
 
Posts: 1591
Likes: 132 posts
Liked in: 26 posts
Images: 0
Joined: Fri Apr 21, 2006 7:59 pm
Cash on hand: 1,570.25
Location: Illinois
IntegraMOD version: phpBB2x

Re: An account was just locked. - Repeated 80 times...

PostAuthor: sanji » Mon Jan 24, 2011 1:30 am

"Michaelo" wrote:I have added this to the portal tools, you can reset all user login attempts or any given user...
I will post the code later...


I have managed to do this through myphp... but this not deter people from continuing to try to log on the site by bruteforce...

In fact, a good idea could be to block an IP which attempt to log - and fails - on several usernames from the same IP.

I am just afraid that some users won't have a password strong enough, even if I do not see the interest of managing to log as a normal user on a forum...

sanji
[img]http://www.secret-japan.com/forum/images/banners/fuji%20secret-japan%2088x31.gif[/img] [url=http]Secret Japan[/url] : discover Japan off the beaten tracks

sanji
Sr Integra Member
Sr Integra Member
 
Posts: 291
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Wed Apr 12, 2006 9:18 pm
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: sudipta » Fri Jan 28, 2011 12:36 am

"sanji" wrote:Hi,

I got on my 1.4.1 forum the following pm :

An account was just locked. Below are the details.

Account Locked: XXXXX
IP For Who Locked It: 91.213.50.235

This is an automated response, do not reply. If you have an IP tracker installed, check the above IP against the ones you have stored in the database.


And repeated 80 times, for 80 different accounts, last 24 hours... My best guess is that someone tries to brute force all account one after the other.

Two questions :

- how can I prevent that (IPs are different everytime...)
- how can I reset the security so that all those members do not need to answer their security question (preferably by myphp to do it automatically).

I also must mention that all administrator accounts, including mine, where targeted too, and I had to use several time the captcha procedure to unblock my own account...

Thanks <img>


Looks like its a recently started problem. We are facing the same issue from 19th January, 2011. Daily we are receiving 200+ PM. I tried blocking IP in the firewall but still facing the same. Its really frustrating. Any work around to block this??

sudipta
Newbie
Newbie
 
Posts: 2
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Oct 04, 2007 11:22 pm
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: sanji » Fri Jan 28, 2011 2:51 am

you can go to Admin / CrackerTracker / Reports, and check all IP addresses used to try to login. You then add those addresses in the IP & Agents blockers (not sure the exact translation, but it is in the same CrackerTracker menu), and you add all those IP addresses one by one. It takes some time, but you make sure that those hackers won't be able to use the same IP address twice...
[img]http://www.secret-japan.com/forum/images/banners/fuji%20secret-japan%2088x31.gif[/img] [url=http]Secret Japan[/url] : discover Japan off the beaten tracks

sanji
Sr Integra Member
Sr Integra Member
 
Posts: 291
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Wed Apr 12, 2006 9:18 pm
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Helter » Fri Jan 28, 2011 6:51 pm

to reset your users accounts, unzip and upload the attached file to your forum root, then browse to reset_login.php. Be sure to delete the file when finished. It will reset both phpBB security and CrackerTracker login tries.
"Success is getting what you want. Happiness is wanting what you get." - Dale Carnegie
User avatar
Helter
Administrator
Administrator
 
Posts: 4553
Likes: 40 posts
Liked in: 115 posts
Images: 0
Joined: Sat Mar 11, 2006 4:46 pm
Cash on hand: 1,954.10
Location: Seattle Wa
IntegraMOD version: phpBB2x

Re: An account was just locked. - Repeated 80 times...

PostAuthor: sudiptaghosh » Sat Jan 29, 2011 10:23 am

Hello Friends,

This is my first post in the forum.
I have received 300 such PM's in last 3 hours on our 1.4.0 forum the following pm :

An account was just locked. Below are the details.

Account Locked: XXXXX
IP For Who Locked It: 78.107.237.16

This is an automated response, do not reply. If you have an IP tracker installed, check the above IP against the ones you have stored in the database.


All administrator accounts where targeted along with the user accounts. The worst part is our site admin suddenly left the organisation & none of us is aware how to upgrade IM to latest version. I am looking for desperate help to upgrade IM to latest version & install CrackerTracker.

I am not sure if this is the best place to ask if any one is willing to do the above on a chargeable basis.

Looking forward for positive response.

Thanks,
SG

sudiptaghosh
Newbie
Newbie
 
Posts: 1
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Sat Jan 29, 2011 9:46 am
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Helter » Sat Jan 29, 2011 9:54 pm

I have some time tomorrow. PM me your ftp info for the 140 site
"Success is getting what you want. Happiness is wanting what you get." - Dale Carnegie
User avatar
Helter
Administrator
Administrator
 
Posts: 4553
Likes: 40 posts
Liked in: 115 posts
Images: 0
Joined: Sat Mar 11, 2006 4:46 pm
Cash on hand: 1,954.10
Location: Seattle Wa
IntegraMOD version: phpBB2x

Re: An account was just locked. - Repeated 80 times...

PostAuthor: AlaskaMat » Sat Feb 12, 2011 6:46 pm

Helter / IntegraMod team,
I have been experiencing the same brute force attacks as the others describe here. To combat this, I have been doing as sanji suggests, and identifying IPs used to attach two or more different screen names and then blocking them. Yesterday I was in the process of adding some more to the blocked list, when suddenly I became blocked myself. Since then I have been getting flooded by emails from my site's members complaining of the same thing. It seems that the hackers have succeeded in gaining access to my ACP and blocking everyone out.

Can anyone advise me on how to regain control of my site?

Thanks in advance!

AlaskaMat
Newbie
Newbie
 
Posts: 21
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Fri Aug 20, 2010 2:43 pm
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Helter » Sun Feb 13, 2011 12:00 am

it looks like you may have added a wildcard to your ban list.
if you used ctracker to ban then youll have to edit your db via phpmyadmin to remove the ban data. If you used phpBB's or phpbb security to ban then rename your root/ctracker folder, then loging and remove the ban data via your acp.
"Success is getting what you want. Happiness is wanting what you get." - Dale Carnegie
User avatar
Helter
Administrator
Administrator
 
Posts: 4553
Likes: 40 posts
Liked in: 115 posts
Images: 0
Joined: Sat Mar 11, 2006 4:46 pm
Cash on hand: 1,954.10
Location: Seattle Wa
IntegraMOD version: phpBB2x

Re: An account was just locked. - Repeated 80 times...

PostAuthor: AlaskaMat » Sun Feb 13, 2011 8:31 am

"HelterSkelter" wrote:it looks like you may have added a wildcard to your ban list.
if you used ctracker to ban then youll have to edit your db via phpmyadmin to remove the ban data.

I was using the CTracker. I do not, however, know how to edit a database. Is there any chance you'll have any free time that you could assist me with this? It is off season (for wrestling) so I'm not in any huge rush for this.

AlaskaMat
Newbie
Newbie
 
Posts: 21
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Fri Aug 20, 2010 2:43 pm
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Helter » Sun Feb 13, 2011 8:40 am

your last entry in the ctracker ban table was blank so it basically banned all ips. I deleted it and your site is accessible again <img>
"Success is getting what you want. Happiness is wanting what you get." - Dale Carnegie
User avatar
Helter
Administrator
Administrator
 
Posts: 4553
Likes: 40 posts
Liked in: 115 posts
Images: 0
Joined: Sat Mar 11, 2006 4:46 pm
Cash on hand: 1,954.10
Location: Seattle Wa
IntegraMOD version: phpBB2x

Re: An account was just locked. - Repeated 80 times...

PostAuthor: AlaskaMat » Sun Feb 13, 2011 4:39 pm

Thanks, Helter. I need adult supervision, sometimes!

AlaskaMat
Newbie
Newbie
 
Posts: 21
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Fri Aug 20, 2010 2:43 pm
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Helter » Sun Feb 13, 2011 9:24 pm

lol...no problem. I think it is a bug in ctracker. It should not accept a null input.
"Success is getting what you want. Happiness is wanting what you get." - Dale Carnegie
User avatar
Helter
Administrator
Administrator
 
Posts: 4553
Likes: 40 posts
Liked in: 115 posts
Images: 0
Joined: Sat Mar 11, 2006 4:46 pm
Cash on hand: 1,954.10
Location: Seattle Wa
IntegraMOD version: phpBB2x

Re: An account was just locked. - Repeated 80 times...

PostAuthor: looser9 » Tue Feb 15, 2011 8:33 am

"HelterSkelter" wrote:to reset your users accounts, unzip and upload the attached file to your forum root, then browse to reset_login.php. Be sure to delete the file when finished. It will reset both phpBB security and CrackerTracker login tries.



What is going to be reset if I use this?

Only the locked accounts or is it also resetting e.g. Forum rules acknowledgement?


Yours, looser9

looser9
Members
Members
 
Posts: 64
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Sat Dec 22, 2007 4:29 am
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Helter » Tue Feb 15, 2011 5:03 pm

it resets phpbb's and Ctrackers "login attempt" counts which essentially unlocks all member accounts
"Success is getting what you want. Happiness is wanting what you get." - Dale Carnegie
User avatar
Helter
Administrator
Administrator
 
Posts: 4553
Likes: 40 posts
Liked in: 115 posts
Images: 0
Joined: Sat Mar 11, 2006 4:46 pm
Cash on hand: 1,954.10
Location: Seattle Wa
IntegraMOD version: phpBB2x

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Teelk » Tue Feb 15, 2011 9:57 pm

I need some clarification of the problem, can users not unlock their own accounts?

IntegraMOD 141 has tools that you should use right away to combat this.

Unfortunately, the most effective way to combat a brute force attack is by blocking IP's. I know, it sucks...

There are some steps you can do to help prevent a successful attack.

CrackerTracker isn't just here to look pretty, it does have some useful features. In Admin/CrackerTracker/Settings scroll down to the Check Password section and activate it, setting the number of days users have to change their passwords before their accounts are locked. Then, directly under this setting make sure the Password Complexity Check is Active and change the Password Complexity mode to something more complex. This forces users to change their password and forces them to come up with something that is difficult to "guess". Finally, I would change the Password Minimum Length to 8, any less then this and you're asking for trouble, any more and people will be cheesed.

Before you do any of this though, do this code change.

FIND
Code: Select all
$lang['ctracker_info_pw_expired']        = "The administrator has made adjustments so that a password may be valid only for <b>%s days</b>. days. We recommend for safety reasons that you change your password now. (<a>Profile</a>)";


REPLACE WITH
Code: Select all
$lang['ctracker_info_pw_expired']        = 'User account passwords expire in <b>%s days</b> days, after which user accounts will be locked if password is not changed. Please click (<a>HERE</a>) to change your password';


Change the code, cause there is a bug there that'll return error messages and won't actually tell your users to reset their passwords. The English is a little shoddy in that MOD, the author is German, and while his English is better then my German, I think that I'll rewrite the language file and post it soon.

We may find that we already have the tools we need to fight this, I don't think there is much more security out there to offer. There is only so much that you can do to prevent these weirdos.
User avatar
Teelk
Dev Team
Dev Team
 
Posts: 1309
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue Mar 14, 2006 6:25 pm
Cash on hand: 0.00
Location: Canada

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Helter » Wed Feb 16, 2011 5:54 am

Great to see you Teelk!
The mod I sent you is also available for phpBB3 and in that version you have the ability to block ip's and email addresses that have been reported to "block forum spam". We use it here. Youll find it in the acp/integramod section. I have not looked to deeply into the phpBB2 version that I sent you, but im hoping it is the same. Im hoping that if you can mod it for PCP it will be the knockout punch for these damn spammers.

is there a way using ctracker, to force reactivation when a users ip address has changed? It might be a pain for some users but often times an email with a reactivation link is much easier than captcha and far more secure
"Success is getting what you want. Happiness is wanting what you get." - Dale Carnegie
User avatar
Helter
Administrator
Administrator
 
Posts: 4553
Likes: 40 posts
Liked in: 115 posts
Images: 0
Joined: Sat Mar 11, 2006 4:46 pm
Cash on hand: 1,954.10
Location: Seattle Wa
IntegraMOD version: phpBB2x

Re: An account was just locked. - Repeated 80 times...

PostAuthor: DjPorkchop » Wed Feb 16, 2011 12:23 pm

Holy Smokes! It's Teelk! Great to see you. I am glad you guys are working on this. I admin a couple other 1.4.1 sites and I have had an issue like this for a bit now.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
DjPorkchop
Administrator
Administrator
 
Posts: 1591
Likes: 132 posts
Liked in: 26 posts
Images: 0
Joined: Fri Apr 21, 2006 7:59 pm
Cash on hand: 1,570.25
Location: Illinois
IntegraMOD version: phpBB2x

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Teelk » Wed Feb 16, 2011 5:21 pm

Thanks guys, good to see you too.

It's been a while so I wasn't aware that CrackerTracker didn't send an activation email. That seems like an obvious thing it should do. So, it just locks the account?

Unfortunately, the phpBB2 version of that MOD isn't quite as sophisticated. It just allows you to block profile items from users who haven't posted x amount of times. I'll look for the phpBB3 version and see if it's adaptable.
User avatar
Teelk
Dev Team
Dev Team
 
Posts: 1309
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue Mar 14, 2006 6:25 pm
Cash on hand: 0.00
Location: Canada

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Teelk » Wed Feb 16, 2011 11:05 pm

Oops... I lied.

The version of that MOD that I had was extremely old. I'm not sure how I got such an old version. I found the latest one, and I'm working on integrating it. It introduces a new CAPTCHA, so it it'll interfere with CrackerTracker, might take some DIY to turn CT's CAPTCHA off to use this one. Maybe I can integrate them, I'm not sure right now. I"ve had some drinks lol... I'll work on it when I'm sobered up.
User avatar
Teelk
Dev Team
Dev Team
 
Posts: 1309
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue Mar 14, 2006 6:25 pm
Cash on hand: 0.00
Location: Canada

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Teelk » Sun Feb 20, 2011 5:03 am

Ok, this MOD does look good Helter, I've almost completed the IM version. It seems that CrackerTracker, phpBB Security, and Advanced Visual Confirmation are all fighting each other over dominance of one part of board security or another. I'm going to try and let the better ones dominate without completely rewriting all of 141's security. I'd prefer to move on to IM3 if at all possible in the near future.

One thing to do at the moment, if you want your users to be able to unlock their own accounts, let phpBB Security do it. Turn off CrackerTracker's login protection in the ACP. phpBB Security will ask the user for their Username, Email address, and the answer to their security question.

This isn't the ideal solution. What should happen is the password should be reset and an email with the new password should be sent to the user's email address. But, for the time being phpBB Security's solution should work ok.
User avatar
Teelk
Dev Team
Dev Team
 
Posts: 1309
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue Mar 14, 2006 6:25 pm
Cash on hand: 0.00
Location: Canada

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Helter » Sun Feb 20, 2011 6:56 am

sounds great Teelk! Your help with IM3 would be greatly appreciated by everyone as my time has been pretty tight lately and your skills are much better than mine <img>
"Success is getting what you want. Happiness is wanting what you get." - Dale Carnegie
User avatar
Helter
Administrator
Administrator
 
Posts: 4553
Likes: 40 posts
Liked in: 115 posts
Images: 0
Joined: Sat Mar 11, 2006 4:46 pm
Cash on hand: 1,954.10
Location: Seattle Wa
IntegraMOD version: phpBB2x

Re: An account was just locked. - Repeated 80 times...

PostAuthor: AlaskaMat » Fri Feb 25, 2011 9:02 pm

"Teelk" wrote:One thing to do at the moment, if you want your users to be able to unlock their own accounts, let phpBB Security do it. Turn off CrackerTracker's login protection in the ACP. phpBB Security will ask the user for their Username, Email address, and the answer to their security question.

Teelk,
I did this, but have a new problem...users have forgotten their security answer. Is there a way for me to either reset their question/answer or provide them the chance to do so?
Thanks

AlaskaMat
Newbie
Newbie
 
Posts: 21
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Fri Aug 20, 2010 2:43 pm
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Teelk » Mon Feb 28, 2011 1:38 pm

Well, you can but it is really not recommended. What you can do is unlock their accounts for them first, the go to Security>>settings in the ACP and enable allow users to change their SQ.

Then I would recommend making a global announcement using CrackerTracker, something along the lines of "Users have 3 days to change their Security Question." Then after the three days disable allow users to change their SQ.
User avatar
Teelk
Dev Team
Dev Team
 
Posts: 1309
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue Mar 14, 2006 6:25 pm
Cash on hand: 0.00
Location: Canada

Re: An account was just locked. - Repeated 80 times...

PostAuthor: mspringgay » Tue Mar 01, 2011 6:50 pm

Could someone one point me to the mod being discussed as potential solution to this problem as I too am getting hit repeatedly by locked accounts. Thanks!

mspringgay
Newbie
Newbie
 
Posts: 24
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Mon Mar 27, 2006 8:10 pm
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Teelk » Sat Mar 05, 2011 7:16 am

Unfortunately, the MOD won't do anyone any good. I've looked into it and the phpBB2 version of the MOD doesn't do much that IM 1.4.x doesn't already do.

If everyone is tired of locked accounts, go to their ACP>>Security>>Configuration.

Change Login Attemps to 99.

Then go to ACP>>CrackerTracker>>Settings and make sure that Login Protection System is activated. And change "Number of Logins up to the Visual Confirmation" to 1.

This shouldn't lock the account, but will force a CAPTCHA on user's next login. Unfortunately, this doesn't stop the brute force attacks, only IP banning will do that. I know it's a pain, but there really is no other option, and when I say that I mean no other option for anyone, whether they use IntegraMOD or any other system.

IP banning from an online list is a possibility, and I've done some work to try to integrate it. But, it's difficult to test, so no guarantees.

P.S. I do apologize for my previous advice about turning off CrackerTracker Login Protection System and letting phpBB Security handle login. But, I have just come back from a 3 year hiatus from IntegraMOD and am relearning much of it.
User avatar
Teelk
Dev Team
Dev Team
 
Posts: 1309
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue Mar 14, 2006 6:25 pm
Cash on hand: 0.00
Location: Canada

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Teelk » Sun Mar 06, 2011 1:10 pm

Search bots are being forced to use Lo-Fi MOD. Lo-Fi MOD still has phpbb and integramod copyrights as text that can be indexed by search engines. Douches who use spam bots to hack forums find those forums on search engines. To remove the text copyrights do the following quick and dirty hack.

OPEN
templates/Integra2/lofi/lofi_footer.tpl and templates/Integra2/lofi/bots/lofi_bots_footer.tpl

FIND
Code: Select all
   Powered by <a>IntegraMOD</a>{INTEGRAMOD_VERSION} © 2004, 2005 The Integramod Group {TRANSLATION_INFO}<br>
   [ Forum powered by <a>phpBB</a>{PHPBB_VERSION} © 2001, 2005 phpBB Group :: {S_TIMEZONE} :: Design by <a>phpBBXS.Com</a> | <a>Lo-Fi Mod</a> ]<br>

REPLACE WITH
<table>
<tr>
<td>
<img>
</td>
<td>
<a><img></a><span>{INTEGRAMOD_VERSION} </span><img></td>
<td>
<img>
</td>
</tr>
</table>
<table>
<tr>
<td>
<img>
</td>
<td>
<a><img></a><span>{PHPBB_VERSION} </span><img></td>
<td>
<img>
</td>
</tr>
</table>
Do this for all templates.
User avatar
Teelk
Dev Team
Dev Team
 
Posts: 1309
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue Mar 14, 2006 6:25 pm
Cash on hand: 0.00
Location: Canada

Re: An account was just locked. - Repeated 80 times...

PostAuthor: AlaskaMat » Sun Mar 06, 2011 3:50 pm

Teelk,
I hate to ask because I'm afraid its a stupid question, but what file do I look in to find/replace the code you provided?
Thanks,

AlaskaMat
Newbie
Newbie
 
Posts: 21
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Fri Aug 20, 2010 2:43 pm
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Teelk » Sun Mar 06, 2011 3:52 pm

Not a stupid question at all, it was stupid of me to forget to include that information. It's in tempates/Integra2/overall_footer.tpl
I'll edit the other post too.

EDIT: Wow... I'm really not with it at all. Ignore where I just told you to look, I edited the other post with the right file.
User avatar
Teelk
Dev Team
Dev Team
 
Posts: 1309
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue Mar 14, 2006 6:25 pm
Cash on hand: 0.00
Location: Canada

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Teelk » Sun Mar 06, 2011 3:59 pm

And I just noticed that this should be done to another file as well.

templates/Integra2/lofi/bots/lofi_bots_footer.tpl

And of coarse to all the templates you use...
User avatar
Teelk
Dev Team
Dev Team
 
Posts: 1309
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue Mar 14, 2006 6:25 pm
Cash on hand: 0.00
Location: Canada

Re: An account was just locked. - Repeated 80 times...

PostAuthor: AlaskaMat » Sun Mar 06, 2011 4:46 pm

Thanks, Teelk
This issue has been driving a lot of us nuts. I'll give it a try.

AlaskaMat
Newbie
Newbie
 
Posts: 21
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Fri Aug 20, 2010 2:43 pm
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: mspringgay » Sun Mar 06, 2011 5:46 pm

Disappointed the mod won't help. Your suggestion of forcing a visual sign on would work just great for me if I was on 1.4.1. Unfortunately still on 1.4.0 just no time to work through an upgrade.

Any how for me its only effecting a couple accounts since mostly run a closed forum. My attempt to minimize the impact has been to abandon one of the accounts adding additional logic to ban any IP attempting to login. Hopefully I'll catch enough of the IPs that the other accounts will stop getting locked up.

Appreciate you looking into ways to prevent the issue.

mspringgay
Newbie
Newbie
 
Posts: 24
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Mon Mar 27, 2006 8:10 pm
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Teelk » Mon Mar 07, 2011 2:24 am

Mspringgay,

I would suggest trying a confirmation right on the login page, [url=http]Anti Robotic Login Flood MOD[/url].

By the looks of it, it should install on 1.4.0 without issue.
User avatar
Teelk
Dev Team
Dev Team
 
Posts: 1309
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue Mar 14, 2006 6:25 pm
Cash on hand: 0.00
Location: Canada

Re: An account was just locked. - Repeated 80 times...

PostAuthor: viragotech » Tue Mar 22, 2011 11:17 pm

"HelterSkelter" wrote:Great to see you Teelk!
The mod I sent you is also available for phpBB3 and in that version you have the ability to block ip's and email addresses that have been reported to "block forum spam". We use it here.


Any way you could share the list of IP and such the forum here is auto blocking. Giving us a head start on them???
User avatar
viragotech
Sr Integra Member
Sr Integra Member
 
Posts: 292
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Wed Jul 04, 2007 11:30 am
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: viragotech » Wed Mar 23, 2011 10:57 am

First line of defense looks to be working. I didn't have 100s of locked account notices this AM. [using stuff from this thread too http://www.integramod.com/forum/viewtop ... =18&t=5792 ]


Progress; finally, if anyone members we have had allot of problems and they are finally starting to come to light. As more and more forums have the same problems now ;)


Also should be some big master list somewhere for a head start.



F'in Spam Bots

People who work in Spam should be publicly hanged as a lesson to others. Very brutal but it works. Watching someone’s neck grow a ft longer will put some perspective on your way of life.
User avatar
viragotech
Sr Integra Member
Sr Integra Member
 
Posts: 292
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Wed Jul 04, 2007 11:30 am
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Texas-Racer » Sun Mar 27, 2011 11:00 am

Our forum was having this same problem for months, they was locking up to 30 accounts at a time. I recently took over ownership of the forum and started investigating. All of the IP's was coming from TOR, I found a master list of all the TOR IP's, took a leap of faith, and banned every single one. The problem instantly stopped. It took me a couple of hours because I had to add a comma after each IP for the mass ban, and there is literally around 1,000 IP's. I banned them under the user admin, ban control.
I still have the list I added the commas to for the ban, this was just last week, and will gladly share that list with anyone that wants them. The TOR list does change as people add their computer to the network, but the master list I found updates every hour and you can check a new attacker against the TOR master list to see if that IP needs banned.
This has not effected any of my members. If they complain they got banned then you should investigate that user a little deeper. If they are using the TOR software to surf the internet simply tell them to turn the software off while using your sight and reveal their real IP.
TOR master list
https://www.dan.me.uk/torlist/
https://www.dan.me.uk/tornodes
Contact me for the list I have with the commas added for the ban list.

Texas-Racer
Newbie
Newbie
 
Posts: 29
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Sun Mar 27, 2011 9:12 am
Cash on hand: 0.00
Location: Amarillo Texas

Re: An account was just locked. - Repeated 80 times...

PostAuthor: viragotech » Sun Mar 27, 2011 11:50 am

Where is the CT Proxy, IP & UserAgent Blocker list kept and can it be manually edited?
User avatar
viragotech
Sr Integra Member
Sr Integra Member
 
Posts: 292
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Wed Jul 04, 2007 11:30 am
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Helter » Sun Mar 27, 2011 1:02 pm

it is stored in your database under "phpbb_ctracker_ipblocker"
"Success is getting what you want. Happiness is wanting what you get." - Dale Carnegie
User avatar
Helter
Administrator
Administrator
 
Posts: 4553
Likes: 40 posts
Liked in: 115 posts
Images: 0
Joined: Sat Mar 11, 2006 4:46 pm
Cash on hand: 1,954.10
Location: Seattle Wa
IntegraMOD version: phpBB2x

Re: An account was just locked. - Repeated 80 times...

PostAuthor: viragotech » Sun Mar 27, 2011 1:13 pm

"HelterSkelter" wrote:it is stored in your database under "phpbb_ctracker_ipblocker"


Thank but that looks like even more work ;) [Plus I can see how many times they failed <img> ]
User avatar
viragotech
Sr Integra Member
Sr Integra Member
 
Posts: 292
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Wed Jul 04, 2007 11:30 am
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: viragotech » Sun Mar 27, 2011 2:41 pm

"Texas-Racer" wrote:TOR master list
https://www.dan.me.uk/torlist/
Contact me for the list I have with the commas added for the ban list.


2509 IPs on that master list YIKES

But yes most of our failed logins trace back to Tor.
User avatar
viragotech
Sr Integra Member
Sr Integra Member
 
Posts: 292
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Wed Jul 04, 2007 11:30 am
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Texas-Racer » Sun Mar 27, 2011 3:16 pm

It did literally take around two hours to add the comas, desperate people do desperate things.

Texas-Racer
Newbie
Newbie
 
Posts: 29
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Sun Mar 27, 2011 9:12 am
Cash on hand: 0.00
Location: Amarillo Texas

Re: An account was just locked. - Repeated 80 times...

PostAuthor: viragotech » Sun Mar 27, 2011 3:45 pm

"Texas-Racer" wrote:It did literally take around two hours to add the comas, desperate people do desperate things.



How many IPs did you add at a time?

The full list or in say 100 ip blocks?

Dunno if you can toss to much data at it or.............

---------
In the past I have blocked whole countries, being sick of it and made folks request access.
User avatar
viragotech
Sr Integra Member
Sr Integra Member
 
Posts: 292
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Wed Jul 04, 2007 11:30 am
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Texas-Racer » Sun Mar 27, 2011 3:56 pm

I copied and pasted the whole list at one time, it said the banlist has been updated successfully pretty quick, but it did take some time for all the IP's to show up...a couple of minutes.

Texas-Racer
Newbie
Newbie
 
Posts: 29
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Sun Mar 27, 2011 9:12 am
Cash on hand: 0.00
Location: Amarillo Texas

Re: An account was just locked. - Repeated 80 times...

PostAuthor: viragotech » Sun Mar 27, 2011 4:52 pm

"Texas-Racer" wrote:I copied and pasted the whole list at one time, it said the banlist has been updated successfully pretty quick, but it did take some time for all the IP's to show up...a couple of minutes.


OK, note to rest I had to change to FF to be able to paste his comma list as is.

In IE and Opera it just did the first line and thats it.
User avatar
viragotech
Sr Integra Member
Sr Integra Member
 
Posts: 292
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Wed Jul 04, 2007 11:30 am
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: looser9 » Mon Mar 28, 2011 3:57 am

"Texas-Racer" wrote:Contact me for the list I have with the commas added for the ban list.



Could you please attach that list to one of your posts!

Then it will be stored for everyone to solve the problem <img>

Yours, looser9

looser9
Members
Members
 
Posts: 64
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Sat Dec 22, 2007 4:29 am
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: viragotech » Mon Mar 28, 2011 4:24 am

[quote=""looser9""]
Could you please attach that list to one of your posts!
Then it will be stored for everyone to solve the problem ;)]
And I can tell ya the forum here won't allow a txt file upload.

Side note, first 12hrs with the list installed has been great, it really puts a dent in their gas tank <img>
User avatar
viragotech
Sr Integra Member
Sr Integra Member
 
Posts: 292
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Wed Jul 04, 2007 11:30 am
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Helter » Mon Mar 28, 2011 6:32 am

you should be able to zip it and attach it to a post
"Success is getting what you want. Happiness is wanting what you get." - Dale Carnegie
User avatar
Helter
Administrator
Administrator
 
Posts: 4553
Likes: 40 posts
Liked in: 115 posts
Images: 0
Joined: Sat Mar 11, 2006 4:46 pm
Cash on hand: 1,954.10
Location: Seattle Wa
IntegraMOD version: phpBB2x

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Texas-Racer » Tue Mar 29, 2011 2:23 pm

The big thing about the TOR list is that new IP's are added daily as people download and use the software, and the list can even shrink as people stop using it. I had to update the ban list last night because I had four new attacks yesterday, so I figured it was time to add the new IP's. If you repeat an IP on the ban list, the forum recognizes it and disregards. The bad news is, there is no way to tell the new IP's on the list from the old ones. So I did the whole process over. I just did it in blocks of 100 this time and then deleted them as I went along. They really like my forum for some reason and they will not go away, so I am sure I will have to update the IP's again. I do still have the the original list with the commas, I will get it zipped and attach it.

Texas-Racer
Newbie
Newbie
 
Posts: 29
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Sun Mar 27, 2011 9:12 am
Cash on hand: 0.00
Location: Amarillo Texas

Re: An account was just locked. - Repeated 80 times...

PostAuthor: viragotech » Tue Mar 29, 2011 3:21 pm

"Texas-Racer" wrote:The big thing about the TOR list is that new IP's are added daily as people download and use the software, and the list can even shrink as people stop using it.


But it gets you well ahead of them, new ones are easily blocked or caught once your ahead of the game.

Forget about it shrinking.
[Those IPs will be block forever by me. Once used for a crime, its done I say.]
User avatar
viragotech
Sr Integra Member
Sr Integra Member
 
Posts: 292
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Wed Jul 04, 2007 11:30 am
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: DjPorkchop » Sat Jun 04, 2011 12:13 pm

Anything new on this problem? I have a site in mind that I need to help out real bad. They are having major issues right now and are considering switching to a new system. They would like to visit the site and login like they used to.

Thanks guys!

Ray
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
DjPorkchop
Administrator
Administrator
 
Posts: 1591
Likes: 132 posts
Liked in: 26 posts
Images: 0
Joined: Fri Apr 21, 2006 7:59 pm
Cash on hand: 1,570.25
Location: Illinois
IntegraMOD version: phpBB2x

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Texas-Racer » Mon Jun 13, 2011 7:46 am

Those attacks stopped for me. If they do like I explained above, it will stop/slow the attacks for them also. It is a PIA, but worth it.

Texas-Racer
Newbie
Newbie
 
Posts: 29
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Sun Mar 27, 2011 9:12 am
Cash on hand: 0.00
Location: Amarillo Texas

Re: An account was just locked. - Repeated 80 times...

PostAuthor: DjPorkchop » Mon Jun 13, 2011 10:03 am

Ok that's cool. Thx for the reply. I'll give it a go.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
DjPorkchop
Administrator
Administrator
 
Posts: 1591
Likes: 132 posts
Liked in: 26 posts
Images: 0
Joined: Fri Apr 21, 2006 7:59 pm
Cash on hand: 1,570.25
Location: Illinois
IntegraMOD version: phpBB2x


Return to IntegraMOD 141

Who is online

Registered users: App360MonitorBot, Bing [Bot], Google [Bot], Majestic-12 [Bot]