blocked myself blocked myself
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

blocked myself

Started by deathwish, December 21, 2006, 10:57:47 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

deathwish

Call me an idiot but... I forgot my password for the gallery and logged a couple of times until I saw... "You are currently banned from using this site". Is there anything I can do now? ??? :-[

Joachim Müller

The ban is temporary. It kicks in after a set number of failed login attempts to protect your site from brute force attacks and lasts for a set number of time. Once you can access your site again, set the thresholds accordingly (as you see fit).
First thing to try is the "forgot password" link on the login screen (which can of course only work if you have entered a valid email address for the admin account you use). If this fails, there are two options to reset your password: either change it directly inside the database using phpMyAdmin (remember that the password is not being stored in plain text, but as an md5-hash - use the corresponding phpMyAdmin option) or upload the password recovery file that has been posted by Sami some time ago. Search the board for this small password reset script (good search terms would be "forgot admin password" or "password recovery").

rustyp

How long is the ban?

How long do I wait before deleting and reinstalling the whole album AGAIN

How can I disable the feature to BAN the OWNER of the board because he forgot his password?

I think I tried it 4 times then got ban from my own album lmao

Rather than banning the owner administrator why not just have it delete the whole mess on the spot since I cant get back in, save me some time...

rustyp

Notify me of replies.

Always forget to check that box until after I hit reply!

Nibbler

Well, the ban length is whatever you chose in config. The default is 10 minutes. If you do not want this feature then set the 'Number of failed login attempts until temporary ban' to some high number and allow people to keep guessing your password for as long as they like.

rustyp

Quote from: Nibbler on February 27, 2007, 08:57:26 PM
Well, the ban length is whatever you chose in config. The default is 10 minutes. If you do not want this feature then set the 'Number of failed login attempts until temporary ban' to some high number and allow people to keep guessing your password for as long as they like.

I waited like a 1/2 hr still ban...

If I ever figure out how to get back in exactly where do I go to change the number I want to set it to like 700 tries, I bet nobody can guess my password in less than 1000 tries, heck does someone actually think someone could guess MY password in 4 tries lmao, IMO less than 100 tries would mean your so paranoid you shouldn't even be on the internet and should be seeking some help.


Nibbler

Follow GauGau's instructions above to get yourself unbanned. All config options are explained in the manual.

5 guesses per 10 minutes per IP can allow hundreds of guesses per day. I bet a substantial number of sites out there could be brute forced within a few days.

rustyp

ok I fired up phpMyAdmin now what, I am looking at my account how do I tell if it is ban and how do I unban?

Keep in mind I have used phpMyAdmin like 2 times in my entire life so will need some detail in the reply.

Nibbler

Browse to your Coppermine database, locate the prefix_banned table, click on 'empty'.

rustyp

Quote from: Nibbler on February 27, 2007, 09:17:12 PM
Follow GauGau's instructions above to get yourself unbanned. All config options are explained in the manual.

5 guesses per 10 minutes per IP can allow hundreds of guesses per day. I bet a substantial number of sites out there could be brute forced within a few days.

I cant follow his instructions because to me they are incomplete, I searched for the password recovery file that has been posted by Sami and found nothing so scratch that, I need step by step instructions on changing it with phpmyadmin, I see the hash but now what?



I guess I dont understand the ban after attempt thing the way its setup, the concept seems pretty simple to me, give a guy 100 times in his account life to choose the wrong pass word then ban his account not ban him after 4 tires, your "
5 guesses per 10 minutes per IP can allow hundreds of guesses per day" makes no sense to me, why would you even give someone the option to keep using different ip addresses? if someone tried to access the same account with more than 2 ip's he is a rat lol why allow him to keep trying with a different ip? I guess I am too honest is why I dont get it, I am not use to thinking like a thief.

rustyp

Quote from: Nibbler on February 27, 2007, 09:23:00 PM
Browse to your Coppermine database, locate the prefix_banned table, click on 'empty'.

That worked!

Thank you ,thank you ,thank you now where exactly do I go to change the stupid login attempt thing?

I click start
then run
then type?

You get the picture..

Nibbler

The thing you are missing here is that this is not about accounts. The person attempting to login *may* not actually be the person who owns the account. The restriction is therefore based on the IP address of the person attempting to login to the account.

To change config settings you login to Coppermine as admin and click on the 'config' button. This has nothing whatsoever to do with windows.