Constant, unrelenting "password incorrect" errors

[rd]

http://www.anxietyzone.com/index.php?action=emailuser;sa=email

This seems very shady to me for some reason. I'm guessing this is you? I don't see why you wouldn't be able to message a user unless:

1. database problems
2. Member deleted or removed
3. No permission granted O.o 

[SlammedDime]

It's unlikely this has anything to do with the database or any problems in the database.

If no one is actually complaining about it to you, I would venture to guess that bots are trying to bruteforce their way into accounts on your board, which there is really nothing you can do about it aside from settings a password lockout that directs people to the password reminder screen after X failed attempts at logging in (Configuration > Security and Moderation > General).

[css_script_writer]

@RoyalDuke - Yes, here is what I see when I'm logged in as Admin and I click on that
link...

"Unable to find user's email address."

I'm assuming that the account was deleted and thus, no email address can be found. I don't remember if this was the mysterious "guest" or someone else. I'll have to have a look.

@SlammedDime - A few people have brought this to the attention of the staff or myself but not very often and not recently. Your bot theory sounds plausible. There are a whole lot of nasty things zipping around the Internet at any given time. I think the login attempt limit is set to 3. Not sure how the guest with the hidden IP was able to login over 100 times within the space of a minute. Very strange.

Still hoping somehow to get the "password incorrect" issue resolved. I'm sure some members are forgetting their passwords, have their caps lock on, etc but there are just way to many of these things and way to many members generating them to be simple human error - at least IMHO.

- Regards, CSS

[css_script_writer]

It's unlikely this has anything to do with the database or any problems in the database.

If no one is actually complaining about it to you, I would venture to guess that bots are trying to bruteforce their way into accounts on your board, which there is really nothing you can do about it aside from settings a password lockout that directs people to the password reminder screen after X failed attempts at logging in (Configuration > Security and Moderation > General).

None of these "password incorrect" errors are from bots actually. Each and every one is a legitimate member and many have been around for quite awhile. Their member name is displayed in the error log (although their status is "guest" until they are actually able to login after a half-dozen attempts). Puzzling...

- Regards, CSS

[seelie]

Here are some details for my situation, which is remarkably similar.  This may help.

The password incorrect errors are all from valid, long time members.  I have spoken to each, and here are the commonalities I have found:

When they use the login feature in the upper left (where it says hello) ... this is where they password fail.  If they use the Login link off the menu bar, there are no issues.  This does coincide that all of my password fail errors in the log are off of login2.php

The majority of users failing use IE8.

[DarkNexxus]

I don't this is user error. I installed my board yesterday, inputted my admin name and password, then converted from vbulletin. After doing so, I got a login error. So I tried my old password, I got a session error. I cleared my cache and tried again, wrong password. I tend to use a group of passwords to keep me familiar and I tried every single one of my passwords, each one came back with wrong password or gave me the session error, told me to log out and back in. It was quite frustrating.

I finally ran the repair tool on it, and I was able to login. When I did, LastPass (password form filler) asked me to save it, so I did. I went today to login, was told I had the wrong password. I verified that lastpass had the correct password, typed in manually, and got the wrong password again. I pulled up the full page login screen and was able to successfully login that way.

[Johnfromhere]

This has been going on for at least a year (search for postings by me - don't know how to ref the thread).
I thought it had cleared at the time but have just installed a new SMF (1.1.11) and the same phenomenon is still there!

Off to do some more searches on the forum to see if anyone has come up with a solid fix.

Regards.
John.

[css_script_writer]

I have read (and it also seems to be what you are saying) that it's the username/password form in the upper-left corner (at least in the default theme) that generates these errors when members use it to login.

It has been suggested that members use the login link (in the main menu) which takes them to a page with a different login box instead. The thing is, I'm not sure how to hide the first login box or display the other one by default. Is there a way to do this in the admin section?.

- Thank you, CSS

[css_script_writer]

It's been 4-5 days and these issues have not gone away. I'd really like to get at least one or two of them resolved if possible and would greatly appreciate any input on how this might be accomplished. A few things I forgot to mention the other day are that I have edited the errors_english.php file and included custom messages for about 6 of the entries. I also have a post-count group set up so that new members are required to have at least one post before using additional features. Could any of these things be causing the problems I'm experiencing?.

Hoping these issues can be resolved and once again, thank you for your time and assistance...

- Regards, CSS

[css_script_writer]

Hi everyone

I realize this thread is somewhat dated and yet this continues to happen on a very frequent basis and is of great concern to me as it looks very suspicious and since no IP address is visible (like there is with all of the other log entires) I am unable to block whoever or whatever is doing this.

I'd be very grateful to anyone here who might be able to provide some assistance in telling me what is going on and how I can block this individual without having an IP address to block in the first place.

Thanks so much!.

NOTE: The referrer link is constantly changing. Please let me know if a screen capture would be helpful.

- Regards, CSS

Thanks RoyalDuke. I'll keep my fingers crossed .

Here are even more errors I've just discovered from the guest with the invisible IP address...

1) http://www.anxietyzone.com/index.php?action=reminder;sa=setpassword;u=16339;code=546dc96847
8: Undefined index: permissions
File: /home/anxietyz/public_html/Sources/Security.php
Line: 837

2) http://www.anxietyzone.com/index.php?action=reminder;sa=setpassword;u=16339;code=546dc96847
2: array_unshift() [<a href='function.array-unshift'>function.array-unshift</a>]: The first argument should be an array
File: /home/anxietyz/public_html/Sources/Load.php
Line: 1581

3) http://www.anxietyzone.com/index.php?action=reminder;sa=setpassword;u=16339;code=546dc96847
8: Undefined index: smiley_set
File: /home/anxietyz/public_html/Sources/Load.php
Line: 1539

4) http://www.anxietyzone.com/index.php?action=reminder;sa=setpassword;u=16339;code=546dc96847
8: Undefined index: name
File: /home/anxietyz/public_html/Sources/Load.php
Line: 1534

5) http://www.anxietyzone.com/index.php?action=reminder;sa=setpassword;u=16339;code=546dc96847
8: Undefined index: ignoreusers
File: /home/anxietyz/public_html/Sources/Load.php
Line: 1531

6) http://www.anxietyzone.com/index.php?action=reminder;sa=setpassword;u=16339;code=546dc96847
8: Undefined index: email
File: /home/anxietyz/public_html/Sources/Load.php
Line: 1530

7) http://www.anxietyzone.com/index.php?action=reminder;sa=setpassword;u=16339;code=546dc96847
8: Undefined index: language
File: /home/anxietyz/public_html/Sources/Load.php
Line: 1529

http://www.anxietyzone.com/index.php?action=reminder;sa=setpassword;u=16339;code=546dc96847
8: Undefined index: mod_cache
File: /home/anxietyz/public_html/Sources/Load.php
Line: 1527

9) http://www.anxietyzone.com/index.php?action=reminder;sa=setpassword;u=16339;code=546dc96847
8: Undefined index: username
File: /home/anxietyz/public_html/Sources/Load.php
Line: 1528

Not to get off of my original topic but what could this "guest" possibly be up to?. Unlike everyone else I've ever seen, they have no IP and they seem to be generating some really strange errors I have never seen before (and lots of them).

- Regards, CSS

[Deaks]

these seem to be more issues with the mods