Page 2 of 2

Re: You exceeded the maximum allowed number of login attempt

Posted: Thu Jan 06, 2011 7:04 pm
by haggisv
I agree, it's such a waste of bandwidth and resources! It pretty much doubles you hosting requirements, if not more.

Re: You exceeded the maximum allowed number of login attempt

Posted: Mon Jan 10, 2011 3:17 pm
by -ds-
After checking my server logs the largest hits (2000+ in 9 days) came from

adsl-dyn-142.95-102-44.t-com.sk

Re: You exceeded the maximum allowed number of login attempt

Posted: Mon Jan 10, 2011 7:57 pm
by patchouly
I've been having the same problem. A lot of my members are getting frustrated. It seems like a lot of the attempts are coming from Germany.

Has anyone heard anything more about this or know of any way to stop it?

Re: You exceeded the maximum allowed number of login attempt

Posted: Mon Jan 10, 2011 8:07 pm
by Pit$Bull
Check the "Log me on automatically each visit" when logging in, they cant cause an issue if you stay logged in.

Re: You exceeded the maximum allowed number of login attempt

Posted: Tue Jan 11, 2011 12:00 am
by haggisv
I find that my site slows down significantly when these waves of login attemps come in as well.

If I temporarily disable new registrations, will this reduce the load on the server?

Re: You exceeded the maximum allowed number of login attempt

Posted: Tue Jan 11, 2011 12:04 am
by Pit$Bull
haggisv wrote:If I temporarily disable new registrations, will this reduce the load on the server?
No, they are trying to log in not register.

Re: You exceeded the maximum allowed number of login attempt

Posted: Tue Jan 11, 2011 8:51 am
by callumacrae
If you're worried about bandwidth, block the offending IPs in your htaccess. Apart from that, make sure you're using a good CAPTCHA and you will be fine.

It might also help to deny newly registered users the permissions to view the memberlist.

~Callum

Re: You exceeded the maximum allowed number of login attempt

Posted: Wed Jan 12, 2011 12:03 am
by daveht
Pit$Bull wrote:Check the "Log me on automatically each visit" when logging in, they cant cause an issue if you stay logged in.
That didn't work! I am always logged in and it did it to me also today. My members are also complaining about this. Are the powers to be aware of this and are they working on this???

Thanks!
Dave

Re: You exceeded the maximum allowed number of login attempt

Posted: Wed Jan 12, 2011 12:16 am
by Noxwizard
If you're checking the box and getting logged out, that's a different issue. The problem of visiting your board and immediately being presented with a CAPTCHA is a difficult problem. Malicious users are trying to gain access to your account by guessing passwords. In order to make that more difficult, a CAPTCHA is displayed after a certain amount of failed logins. It isn't removed until you successfully log in.

Re: You exceeded the maximum allowed number of login attempt

Posted: Wed Jan 12, 2011 2:32 pm
by franfj
In my forum this attacks have stopped after a few days, it seems that a bot was trying to obtain the users password, a lot of attacks come from Tor proxy servers and a few from other proxy servers.