Login gives captcha on first attempt

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Get Involved
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Peculiar_Investor
Registered User
Posts: 1
Joined: Sat Mar 20, 2010 4:46 pm

Re: Login gives captcha on first attempt

Post by Peculiar_Investor »

Deleted.
User avatar
P_I
Registered User
Posts: 1191
Joined: Tue Mar 01, 2011 8:35 pm
Location: Staying home - Calgary
Contact:

Re: Login gives captcha on first attempt

Post by P_I »

One additional item that Admins might want to note. The problem can be a hidden if you have users who rely on ticking "Log me on automatically each visit". Check the database, <board>_users table, user_login_attempts. On our board, we have many users who are blissfully unaware that they have reached the login limit, because of "Log me on automatically each visit" usage. They will only see the issue if they in fact logout and then login again.

I would suggest that this might be a bug in phpBB, should an automatic login be allow when user_login_attempts has exceeded the board setting?
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams
forumrunner
Registered User
Posts: 1
Joined: Wed Mar 02, 2011 12:25 am

Re: Login gives captcha on first attempt

Post by forumrunner »

I found the same thing in my forums, if they were ticking they were oblivious to what was going on.
This started in my forum 3 weeks ago and my forum has been up for over 6 years, this is the first I've seen it to this degree, sure you get the occasional members who goes over there attempts but I am finding it wide spread over the same time I noticed it by contacting members and then doing a post to bring it out in the open to see how many have been effected and I am still counting. That's why I am here looking for a answer
Homer lawtey
Registered User
Posts: 11
Joined: Fri Dec 02, 2005 4:00 pm

Re: Login gives captcha on first attempt

Post by Homer lawtey »

nfs wrote:We've just started to see this on a forum I administer too. I considered the MOD above but decided it doesn't solve the problem. A log entry that says someone has gone over the login limit is no use to me unless the problem is self-inflicted user error. What I need logged are the password failures that caused the overlimit condition.

Our board is not ridiculously busy. So, a quick hack to includes/functions.php ...

FIND

Code: Select all

            // Username, password, etc...
            default:
 
BEFORE, ADD:

Code: Select all

            case LOGIN_ERROR_PASSWORD:
                add_log('user', $user->data['user_id'], 'Password failure', $username);
 
The log entries will be shown in ACP > Maintenance > User logs. Critically, it gets me an IP address without trolling through apache's logs looking for patterns.

Hope it helps.

P.S. Something like this should be standard and ACP configurable in future releases IMHO.
Same problem on our forum over recent days. A quick look in the database shows about 50 of our members have reached 2 failed logins. I also had to enter the reCaptcha on here when I logged in. I've implemented the mod above and it seems to be working, many thanks. One request though, would you be able to make it so that I can click the IP address in the log and then compare that against any posts, user accounts registered from that IP, users active from that IP, any other failed logins from the same IP and also view the whois for it? That would be extremely useful 8-)
User avatar
P_I
Registered User
Posts: 1191
Joined: Tue Mar 01, 2011 8:35 pm
Location: Staying home - Calgary
Contact:

Re: Login gives captcha on first attempt

Post by P_I »

Our board has implemented nfs' solution. To help monitor it, we've implemented a shell script that generates a report showing the Password failures. Here are a couple of fragments from our monitoring script. Note replace <phpbb> with the prefix for your board.

Code: Select all

mysql $mysqlargs -te " SELECT log_ip AS 'IP Address', FROM_UNIXTIME(log_time) AS Date, log_data FROM <phpbb>_log WHERE log_operation='Password failure' AND log_time > $ts_cutoff ORDER BY INET_ATON(log_ip);"
where $mysqlargs contains the standard -h -u and -P parameters for your database. ts_cutoff allows us to control how far back to look for failures (i.e. all or past week).

The following segment allows us to track the trend in the number of users who have exceeded the limit.

Code: Select all

max_loginattempts=$(mysql $mysqlargs -s -e "SELECT config_value FROM <phpbb>_config WHERE config_name='max_login_attempts';");
users_overlimit=$(mysql $mysqlargs -s -e "SELECT count(user_login_attempts) FROM <phpbb>_users WHERE user_login_attempts >= $max_loginattempts");
echo "$users_overlimit users have exceeded limit of $max_loginattempts login failures";
We run the script every night and email the output to our admins and SysOps.
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams
kirbykins
Registered User
Posts: 4
Joined: Sat Mar 12, 2011 2:14 am

Re: Login gives captcha on first attempt

Post by kirbykins »

This may be a solution - http://www.phpbb.com/community/viewtopi ... #p12968139

Would like feedback if it works for someone else.
Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: Login gives captcha on first attempt

Post by Pony99CA »

nfs wrote: P.S. Something like this should be standard and ACP configurable in future releases IMHO.
Absolutely. I've proposed logging guest access to see what guests tried accessing the register or admin pages, and this seems like a logical extension. To avoid getting too much data, the logging of events should be configurable by the admin.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
User avatar
P_I
Registered User
Posts: 1191
Joined: Tue Mar 01, 2011 8:35 pm
Location: Staying home - Calgary
Contact:

Re: Login gives captcha on first attempt

Post by P_I »

Our site had another drive-by attempt over the past couple of days. Since we use the logging modification that nfs posted up-thread, we were able to detect source of the attack. The logs show a sustained attack, all coming through Tor servers. It began about 24 hours ago, is directed at attempting to login under many different user names, but I'll be damned if I can figure out why these users are being targeted. The choice isn't being made by number of posts, nor by recent posts, nor by date joined. The attempts are spaced out in time, which could be an artifact of using the Tor network (because it imposes delays as it shunts traffic), but more likely means that it's a person, not a bot. They come two or three at a time, which probably means that the same password is being tried against multiple accounts.
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams
Darko_Aleksic
Registered User
Posts: 1
Joined: Wed Jan 30, 2013 12:08 am

Re: Login gives captcha on first attempt

Post by Darko_Aleksic »

Hopefully my experience will help someone in a similar situation... Nothing to do with hacks or spams or whatever.

In my case it was "Maximum number of login attempts per IP address". Which is kind of ironic, being that it was added exactly for the issue described above.

Anyway - the board in question was logging local IPs (192.168.x.x) so all attempts came from the same IP. After I set the above setting to 0 (under Server -> Security Settings), everything worked fine.
Locked

Return to “[3.0.x] Support Forum”