Support » Plugin: Cerber Security, Antispam & Malware Scan » Account lock / IP block (previous issue seems fixed)

  • Resolved gingerbooch

    (@gingerbooch)


    Hi,

    I had an issue wich seems to be fixed now. Let me tell you more.

    I am using Nextend Facebook Login. This plugin allows you to create an account with Facebook (no password needed) or to link an existing account with Facebook Login (you can connect with classic password or with facebook account).

    Previously, I had an issue. I could lock an account with excess password fails. The IP was blocked. Then I could not connect with password to an existing account because the IP was blocked but I could still connect to an existing account with Facebook Login, with the same IP. I don’t remember about creating a new account with Facebook Login while IP was blocked.

    Now it seems that you block the failed password logins by account and/or IP. I did the test again. Once the account is locked I receive an unlock email, this new option is nice. If I want to create an account with Facebook Login I still can because the IP is not blocked. Ok this is normal.

    Then I tried to lock an account which also has a Facebook connect possibility on it. Once the account is locked, the user can’t login with Facebook Login because the lock is on the account level. This is logical and very good too.
    Previously, if the user account was also linked to Facebook Login, he could connect while his IP was blocked.

    I went further with another account, until I blocked the IP.
    Then I tried to connect with Facebook Login, with an account wich was not locked. And I can’t login anymore. Perfect. My problem is solved !!

    I had no time to open a thread previously and I was going to write about this today. I’m glad to find this has been fixed. Is it you ? Or maybe Nextend fixed it as I told them about this issue. I don’t know which was responsible.

    About the account locking feature, where can I set the maximum number of attempt before locking an account ?
    And is it possible to get a “locked accounts” view inside Cerber ? This would be nice.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Gioni

    (@gioni)

    Hi!

    If you get “an unlock email”, it was definitely generated by another plugin. There is no such feature in the Cerber plugin. So everything you’ve described is the functionality of that another plugin. Cerber doesn’t block user account due to failed login attempts or other violations, it blocks the offender IP instead. I believe that locking a user account due to failed login attempts is weird and useless.

    Hi @gioni,

    So funny !! Thank you for your answer 😀

    You’re right the account lock is from Theme My Login plugin, I did not realize this.
    So this feature is active since I changed my WP-Cerber IP blocking to more attempts than the account lock which was effective in TML. That’s why I never noticed it before.

    This feature is not such a problem for me, on the contrary. Most of my login IP blocks from Cerber were from users real fails. Finally that feature is a good way to prevent them from blocking their IP, like a warning.

    If they are really responsible of it, they can unlock their account with the mail and they have a few more chances before WP-Cerber blocks them. The good moment for them to think of using the lost password option. Anyway, the lock is not forever, their is a duration.

    Also if they receive that mail while they did not try to login, they can contact me to say that someone seems trying to hack their account.

    And finally WP-Cerber is still efficient after all. Just less maintenance for me when users harass they own account lol.
    I will leave it that way, it is a good combination for this website. It mostly depends on your users average age 😉

    About the real issue I was facing with Facebook Login, do you think they did something on their plugin or did you enforce something on yours ?

    Thanks 🙂

    Plugin Author Gioni

    (@gioni)

    I’m sorry I can’t say for sure. This would require some kind of investigation because you use at least three plugins that can affect the user authentication process. But we definitely do not change user login related functionality in this particular release.

    • This reply was modified 1 year, 3 months ago by Gioni.
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Account lock / IP block (previous issue seems fixed)’ is closed to new replies.