Login gives captcha on first attempt

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Anti-Spam Guide
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
CarolC1
Registered User
Posts: 653
Joined: Sat Dec 02, 2006 4:26 pm

Login gives captcha on first attempt

Post by CarolC1 »

I get this on my first attempt to log in, and I could swear I entered my password right.

Board owner is having the same problem.

Code: Select all

You exceeded the maximum allowed number of login attempts. In addition to your username and password you now also have to enter the confirm code from the image you see below.
The board is set to allow 3 attempts before it gives the captcha.

When I tried to duplicate it on the test board it took 3 tries like it should, and the error screen had a different url. Does this mean anything?

Code: Select all

http://www.***/forum/ucp.php?mode=login&redirect=.%2Fucp.php%3Fmode%3Dlogin  (live board)

http://www.***/forum/ucp.php?mode=login  (test board)
This is not my board, the version is 3.0.6.
Last edited by Pit$Bull on Sat Jan 01, 2011 9:50 pm, edited 1 time in total.
Reason: Topic icon changed
Pit$Bull
Former Team Member
Posts: 23099
Joined: Sat Dec 02, 2006 4:08 pm
Name: Can't Remember

Re: Login gives captcha on first attempt

Post by Pit$Bull »

Sounds like someone is unsuccessfully trying to login to your account.
CarolC1
Registered User
Posts: 653
Joined: Sat Dec 02, 2006 4:26 pm

Re: Login gives captcha on first attempt

Post by CarolC1 »

Thanks very much for your reply. Is there such a thing as maybe a computer program that tries to break the password on lots of usernames, not just admin? The reason I'm asking is, this is a board I am volunteering with and I don't think (?) there is anything to show I am an admin...? My name is the default blue of registered users, and it does not show up in the Administrators legend, and I have fewer than 20 posts on that board. The board owner said something about getting reports from users of login problems, and I asked to have any reports forwarded to me so I could see them, but so far I have not seen them and do not know if it is the same issue.

I edited the registration agreement this week, which is a ucp language file, don't see how that could affect this. I can run it through Winmerge and be sure there is no problem with it. We also switched the search backend to fulltext mysql. Other than that, no changes this week.

Thank you again.
Pit$Bull
Former Team Member
Posts: 23099
Joined: Sat Dec 02, 2006 4:08 pm
Name: Can't Remember

Re: Login gives captcha on first attempt

Post by Pit$Bull »

Please fill out the Support Request Template Generator and post it back here to enable us to assist you better.
CarolC1
Registered User
Posts: 653
Joined: Sat Dec 02, 2006 4:26 pm

Re: Login gives captcha on first attempt

Post by CarolC1 »

Support Request Template
What version of phpBB are you using? phpBB 3.0.6
What is your board's URL? *edit*
Who do you host your board with? *edit*
How did you install your board? Someone else installed the board, I am a recent volunteer
Is your board a fresh install or a conversion? Update from a previous version of phpBB3
Do you have any MODs installed? Yes
Is registration required to reproduce this issue? Yes
What version of phpBB3 did you update from? not sure
What MODs do you have installed? *edit*
What styles do you currently have installed? ProSilver
What language(s) is your board currently using? English
Which database type/version are you using? MySQL 5
What is your level of experience? New to PHP and familiar with phpBB
What username can be used to view this issue?
Please do not provide this information if the user requires more than "regular user" privilages.
this may require an admin account, I would have to ask board owner, please let me know if I should
What password can be used to view this issue?
When did your problem begin? approx 3 days ago
Please describe your problem. 2 admin accounts are getting the "too many attempts" message when they try to log in, and getting captcha on first attempt
Generated by SRT Generator ($Rev: 3988 $)

thanks
Last edited by CarolC1 on Sat Jun 12, 2010 4:54 pm, edited 1 time in total.
Pit$Bull
Former Team Member
Posts: 23099
Joined: Sat Dec 02, 2006 4:08 pm
Name: Can't Remember

Re: Login gives captcha on first attempt

Post by Pit$Bull »

If you login, logout then login again in succession are you still required the captcha?
CarolC1
Registered User
Posts: 653
Joined: Sat Dec 02, 2006 4:26 pm

Re: Login gives captcha on first attempt

Post by CarolC1 »

I can't duplicate it right now but going from memory the answer is 'no'.

thanks
Pit$Bull
Former Team Member
Posts: 23099
Joined: Sat Dec 02, 2006 4:08 pm
Name: Can't Remember

Re: Login gives captcha on first attempt

Post by Pit$Bull »

One of your users is trying to gain admin access and guessing at the password.

I like the mission of your board, I'm into rescue myself. :)
CarolC1
Registered User
Posts: 653
Joined: Sat Dec 02, 2006 4:26 pm

Re: Login gives captcha on first attempt

Post by CarolC1 »

Thank you! I sincerely hope you will join, and I will pass along what you said.

P.S. I'm glad your dog won!!! :D
SHIVA_
Registered User
Posts: 181
Joined: Sun Dec 18, 2005 8:03 pm
Location: US
Contact:

Re: Login gives captcha on first attempt

Post by SHIVA_ »

guys, this issue with "You exceeded the maximum allowed number of login attempts." seems to happening all over the web to php forums. Can the problem be a php bug and a not a bot attempting at logging in?
Stoepsel
Registered User
Posts: 395
Joined: Sun Oct 23, 2005 11:23 am

Re: Login gives captcha on first attempt

Post by Stoepsel »

It's certainly not a bug.

On my board, I now add user log entries whenever a login attempt fails due to "maximum login attempts exceeded". I am seeing entries in quite regular intervals, which mostly are being routed through the Tor network. It very much looks like automated attempts to guess the passwords of already registered members on my board.

If I were to hazard a guess (read: pure speculation at this point), it is a new tactic employed by spam bots to gain access to phpBB boards, perhaps because the automated registration of new members is proving increasingly difficult when a phpBB board uses the standard anti-bot measures, like Q&A CAPTCHA, custom profile fields, forced approval of posts by newly registered users, etc.

Make sure you use strong passwords using upper- and lower-case letters, numbers and special characters to make guessing your password next to impossible. Make your fellow administrators and moderators do the same and encourage your normal board members to follow suit.
SHIVA_
Registered User
Posts: 181
Joined: Sun Dec 18, 2005 8:03 pm
Location: US
Contact:

Re: Login gives captcha on first attempt

Post by SHIVA_ »

Thanks!
solutionsetcetera
Registered User
Posts: 16
Joined: Tue Jul 08, 2008 11:24 pm

Re: Login gives captcha on first attempt

Post by solutionsetcetera »

Stoepsel wrote:It's certainly not a bug.
I am not sure I agree. I logged in to *this* board yesterday and saw this same behavior here. It has been at least a week or two since I had been here. Hard to believe someone is trying to log into this board with my user ID.

Since upgrading to 308 from 302 I have had a couple of comments from users in my forums saying they have seen this.

Just curious what browser the OP was using. One theory is that Safari's Top Site pane might be causing this try to refresh the thumbnails. While that sounds a little far-fetched, I am indeed using Safari… and this board is in my top sites.
solutionsetcetera
Registered User
Posts: 16
Joined: Tue Jul 08, 2008 11:24 pm

Re: Login gives captcha on first attempt

Post by solutionsetcetera »

Stoepsel wrote:On my board, I now add user log entries whenever a login attempt fails due to "maximum login attempts exceeded".
Cool. Can you share with us how you did this?
Stoepsel
Registered User
Posts: 395
Joined: Sun Oct 23, 2005 11:23 am

Re: Login gives captcha on first attempt

Post by Stoepsel »

In language\en\acp\common.php, FIND:

Code: Select all

    'LOG_USER_GROUP_RESIGN'            => '<strong>User resigned membership from group</strong><br />» %s', 
AFTER, ADD:

Code: Select all

    'LOG_USER_LOGIN_ATTEMPTS_EXCEEDED'    => '<strong>User exceeded maximum login attempts, activating CAPTCHA</strong><br />» %s', 
In includes\functions.php, FIND

Code: Select all

        // Special cases... determine
        switch ($result['status'])
        {
            case LOGIN_ERROR_ATTEMPTS: 
AFTER, ADD:

Code: Select all

                add_log('user', $user->data['user_id'], 'LOG_USER_LOGIN_ATTEMPTS_EXCEEDED', $username); 
The log entries will be shown in ACP > Maintenance > User logs.
Locked

Return to “[3.0.x] Support Forum”