Print

[derival]

Having issues with 1.5:

1. Was unable to login with either admin accounts
2. Changed the password through the password recovery process
3. Attempted to login with the new password but account came up as banned.
4. I entered phpMyadmin and deleted the banned account (it is banned as my ip address)
5. attempted to login again but login fails and the IP address is banned again in phpMyAdmin

Is there a was to fix coppermine so it will no ban my IP address?

[Αndré]

Open the config table with PHPMyAdmin and increase the value for login_threshold.

[derival]

login_threshhold was at default of 8 and just changed it to 25

I deleted the ip address banned and the attempted to login again

Same thing happened

Increased the threshold to 50, deleted the ip ban again and waited 20 minutes - same issue with ip being immediatly banned.

[Αndré]

When you say you delete the banned ip address, I assume you delete the row in the database table "banned". Please verify that you remove the ban record from the correct database / table prefix combination.

[derival]

Here is the steps I am taking:

1. under phpMyadmin I browse the "cpg14x_banned" Table

from there I delete the ban_id using the red X


Here is what is listed in the fields before I delete the record:

- The ban one ups each attempt I try (currently on number 11)
- has NULL for user_id
- empty for both user_name and email
- ip_addr = my current ip address
- expiry date a time as to when the ban will expire (I have attempted to login multiple times after the expiry goes away but the login just fails and a new record for the ip ban gets added to the banned field)
- brute_force 50 for each attempt


By the way thank you so much for trying to help out.

[Αndré]

Something isn't working as expected imo:

- The ban one ups each attempt I try (currently on number 11)

Do you mean the ban_id?

- brute_force 50 for each attempt

Usually a ban record will be created in the banned table when a user enters wrong credentials. If he enters the wrong credentials again, the same record will be used and the brute_force value will be counted down by one each time. From what you describe I assume you have a new ban record for each login failure?

[derival]

Something isn't working as expected imo:Do you mean the ban_id?

Yes ban_id

Usually a ban record will be created in the banned table when a user enters wrong credentials. If he enters the wrong credentials again, the same record will be used and the brute_force value will be counted down by one each time. From what you describe I assume you have a new ban record for each login failure?

I assumed that would happen with each login attempt but oddly enough each attempt on the same user name does not count down it stays as 50 on each attempt. I am going to re-install coppermine when I get a chance today and see if that corrects the situation.

[Zooper]

Was there ever a solution to this problem? I'm encountering exactly the same issue.

Whenever I try to login, I get instantly banned. No matter the login_threshold value.

Tried emptying banned table. Just results in me getting banned again with my admin account when I try logging in again.

My user/pass is correct, I've triple-checked its right, reset it mulitple times, created new user/pass details in the database to test also.
No matter what I do, any login instantly bans that IP.

Reinstalling didn't help either.

Checked for other threads, this is the only one with the same issue I found. So replying to bump it back up.

http://www.redflava.com/gallery

[Zooper]

As an added note, when I check through security.log.php

The "Failed login attempt with username" output, doesn't label any username next to it for some reason. I imagine this has something to do with the problem, since the timing has coincided with this banning problem:

Instead of Jun 18, 2012 at 03:10 PM - Failed login attempt with Username: admin
it displays Jun 18, 2012 at 03:10 PM - Failed login attempt with Username:

[Αndré]

Was there ever a solution to this problem?

I don't know. Unfortunately derival hasn't posted if re-installing solved his issue.

However, without detailed information it's impossible to help you. Please read this thread and post as the details I already asked derival and also post a test user account (no admin account!).

[Zooper]

To answer the questions you asked Derival :

Banned table in mysql has been emptied - logging in still results in a ban.
Login_threshold increased to 100 - logging in still results in a ban.

Test Account :
user: coppermine
test: copper534329

On another side note, I encountered an error when I tried to view the empty banned table :
Allowed memory size of 94371840 bytes exhausted (tried to allocate 491520 bytes) in /usr/local/dh/web/phpmyadmin/sql.php on line 558

Could memory allocation be causing this problem? Or is this something else that's unrelated? I've already contacted my hosting company about it anyway.

Thanks for reading.

[Αndré]

Test Account :
user: coppermine
test: copper534329

I was able to enter that data (btw, it seems to be invalid) about 8 times before I got the message that I'm currently banned from the gallery. You said you're banned immediately (= after the first attempt). So I wasn't able to reproduce the issue with my system/browser.

My user/pass is correct, I've triple-checked its right, reset it mulitple times, created new user/pass details in the database to test also.

How exactly did you reset/create the password? I hope you didn't enter them in plain text, as you need to store MD5 hashes.

I encountered an error when I tried to view the empty banned table :
Allowed memory size of 94371840 bytes exhausted (tried to allocate 491520 bytes) in /usr/local/dh/web/phpmyadmin/sql.php on line 558

We cannot support phpMyAdmin's issues.

[Zooper]

How exactly did you reset/create the password? I hope you didn't enter them in plain text, as you need to store MD5 hashes.

I entered the details correctly, and I used md5. I inserted them into the user table, and input all the correct fields. Then verified it was inserted correctly, which it was.

I was able to enter that data (btw, it seems to be invalid) about 8 times before I got the message that I'm currently banned from the gallery. You said you're banned immediately (= after the first attempt). So I wasn't able to reproduce the issue with my system/browser.

I don't get the "you are banned message" instantly, I get the login failed message. If I spam it, I get the banned message.

But basically even just trying to log in once, I noticed I get added to the banned table, which I presume is why we are getting login failed.

We cannot support phpMyAdmin's issues.

I know you don't support phpmyadmin issues, but I thought someone might recognize the error and its connection with coppermine in relation to this problem.

[Αndré]

I don't get the "you are banned message" instantly, I get the login failed message. If I spam it, I get the banned message.

Whenever I try to login, I get instantly banned. No matter the login_threshold value.

So we have a different issue than the topic starter had.

even just trying to log in once, I noticed I get added to the banned table, which I presume is why we are getting login failed.

That's correct. It's needed to avoid brute force attacks, that's why the brute_force value decreases by 1 at each failed login attempt. If it's 0, then you get the banned message.

I entered the details correctly

Please lets try Coppermine's password recovery feature (http://www.redflava.com/gallery/forgot_passwd.php). Alternatively, search the board for adminpass.php to reset the admin password to a known value.

[Zooper]

I'd already tried the forgot password feature, when you click the link the email it gives the error :

Forgot password session invalid or has expired.

I understand the brute force situation now, you get put on the banned table for any type of failed log in and then when brute force counts down to 0, you are banned? I thought anytime you got put on the banned table, it meant you are banned. I think the problem is still similar to the thread start however.

[Zooper]

Also tried adminpass.php method. The login details resulted in the same login failure also.

[Αndré]

you get put on the banned table for any type of failed log in and then when brute force counts down to 0, you are banned?

Correct.

Did the login ever worked on your current gallery setup? Do you (or your host) changed any server setup? I think there's something really basically wrong if the password recovery also doesn't work.

[Zooper]

The login has worked since 2yrs ago, when I installed it.

In regards the server setup, I've personally made no changes. The gallery has been dormant for a while, just an archive gallery, nothing new has been added, or anything been changed in its files by me. I just wanted to login and change a few things recently and I get this login failed problem.

The only thing that recently happened done by my hosting, was that my webserver got changed from nginx to apache.

[Αndré]

Ideally I'd need access to the MySQL database (e.g. via phpMyAdmin) to have a look at the users and/or ban table and test some things. I'll send you a PM with my contact details if you agree.

[Zooper]

Ideally I'd need access to the MySQL database (e.g. via phpMyAdmin) to have a look at the users and/or ban table and test some things. I'll send you a PM with my contact details if you agree.

Sure, that would be more than helpful. I'd appreciate it, thanks.