SMF 2.0.15 - Sorry, you are out of login chances.

[GL700Wing]

Almost two weeks ago, and due to a combination of changes made by my hosting provider, the SSL certificate on my forum expired.

The hosting provider installed a new SSL certificate from a different certificate provider within a few hours but since then lots of members have had issues logging in to the forum and lots of Sorry, you are out of login chances. Please come back and try again later. error messages for the user Guest from many different IP addresses are being logged (although there are no corresponding failed login attempt messages).

I've searched the forums here for solutions to this problem and, based on what others have done previously, I have done the following:
1. Changed Number of allowed login attempts to 10, Login attempt check time range in minutes to 30, and Account locked retry minutes to 10; and
2. Renamed the cookie. 

Unfortunately these changes haven't resolved the issue.

I have a mod installed that logs the member OS and browser details (eg, name and versions) for each post and for each IP address for which I can find a member I have checked to see if there is a common OS/browser but it seems to be happening for the MacOS, iOS and Windows OSs and for the Safari and Firefox browsers.

I'm all out of ideas so I'm hoping someone here can help.

[Aleksi "Lex" Kilpinen]

I can't really think of a reason why your SSL certificate changing would cause any of those symptoms for a longer period of time.
Also, your quoted settings are not default settings in SMF, I'm assuming you have Login Security installed? What if you uninstall it?

[aegersz]

i think that's part of SMF base code so go to Admin > Security and Moderation and adjust the "Failed login threshold" up - i have mine matching the mod you mentioned

[Aleksi "Lex" Kilpinen]

i think that's part of SMF base code so go to Admin > Security and Moderation and adjust the "Failed login threshold" up - i have mine matching the mod you mentioned

'Login attempt check time range in minutes' and 'Account locked retry minutes' are from Login Security -mod.
The SMF original 'Failed login threshold' sets the the number of failed login attempts before directing the user to the password reminder screen.

[aegersz]

yes, true but i don't know if that is how it works when the mod is on so i'm only suggesting to give it a try because it's all i have got 

[GL700Wing]

I can't really think of a reason why your SSL certificate changing would cause any of those symptoms for a longer period of time.

The problem definitely started after the SSL certificate was changed and all I can think of is that it had something to do with cached browser information on client machines.

Also, your quoted settings are not default settings in SMF, I'm assuming you have Login Security installed? What if you uninstall it?

I do have the Login Security mod installed but I didn't uninstall it as the test that was generating the error is a standard part of the SMF 2.0.15 code.


Just over two days ago, and as it seemed there was nothing else I could do to resolve the issue from the forum side of things and there had not been any replies to my post, I changed the text string for 'login_threshold_fail' to 'Possible Web Browser Cache/Cookie Corruption: Please try using a different web browser or clear the cache/cookies for this website from the browser you are currently using AND restart it.' so those affected by this issue received a more helpful message.  Members affected by this issue have confirmed that using a different browser and/or clearing the browser cache/cookies resolved the issue.  In addition, the number of times the 'login_threshold_fail' error message has been logged has reduced from about 20-30 times per day to zero (I have also reset the 'Login Security' mod values to their default values).

[Aleksi "Lex" Kilpinen]

Login security moves the failed login threshold handling in code, and changes the way SMF handles the login attempts.
If I ran to a problem like that, I would try if removing the mod temporarily would fix it.

But it seems this problem will clear itself over time then.