'You exceeded the maximum allowed number of login attempts'

What's new in the forums? Important announcements? Check in here!

Moderators: Brewer, brendaj

'You exceeded the maximum allowed number of login attempts'

Unread postby Chris » Tue Feb 08, 2011 12:19 pm

Several users have had issues when logging in for the first time on any given day when they get a message "You exceeded the maximum allowed number of login attempts" and have to re-enter their usename/password and type in the captcha. This is a known issue with many high-profile forums... (see http://www.phpbb.com/community/viewtopic.php?f=46&t=2115563&start=15 for some more info).. It appears that infected computers have some malicous programs running on them that are performing systematic attacks on user's passwords for many forums on the internet, once they get in they are saving a list of the usernames and passwords to be used for spam... The requirement to complete the captcha makes it impossible for these malicious automated password cracking attempts to continue, but unfortunately it also affects us when we attempt to logon while these attacks are underway... There have been many other forums that have reported the same problems, the people who make the PHPbb software are aware of this and hopefully they will deliver a fix that blocks consecutive bad logons on a per IP basis rather than on a per user basis sometime soon...

Here is a quote from one of the many other forums being hit with the same attacks: ( http://foldingforum.org/viewtopic.php?p=170999#p170999 )
A number of our members have reported receiving the "You exceeded the maximum number of login attempts" message while trying to login to the forum, and are then prompted to enter the confirmation code as well as their username and password.

Unfortunately it seems that several phpbb based forums have been attacked in the same manner which involves a bot persistently trying to login to member's accounts. The forum software catches this and after 3 attempts prompts with the challenge question.
There is no indication that the bot has ever got past this challenge (as it is specific to our forum) as it would require both the correct password, and the correct challenge answer.


I have been using the 'log me in automatically' feature on my home machines and it has helped a lot...
User avatar
Chris
Site Administrator
Site Administrator
 
Posts: 581
Joined: Fri Sep 10, 2004 8:22 pm

Return to Announcements and Site News

Who is online

Users browsing this forum: No registered users and 2 guests

cron