Bizzarre user logins etc...

[stompbox]

Not yet. It was changed when I went with the default repair_settings.php -  I will try and change it and see.

[Aleksi "Lex" Kilpinen]

Who is your host? Just out of curiosity.

[stompbox]

TrentaHost.

[Aleksi "Lex" Kilpinen]

OK, I don't know them so that didn't help much for now. Just thought if it perhaps was one we had seen before with a similar issue.

[stompbox]

OK, what is the significance of the _ (underscore) after the cookie. Check this out:
From a user and BTW I did rename the cookie.


1) I just started my browser and went to the forum (I didn't even get a chance to log-in)
    Got Banned as guest.
    Cookies:
       SMFDIYCookie_            (content 362)
       Only that cookie was present,  there was *no* PHPSESSID cookie.
2) Exit browser
   Started my browser and went to the forum (not logged in)
   Cookies:
      PHPSESSID
3) Logged-in
     Cookies:
       SMFDIYCookie
       PHPSESSID
    Forum all working.
-------------------

[GigaWatt]

Clear/purge the previous cookies from your browser's cache after you change the cookie name .

[stompbox]

Most of the people having the problems are clearing the cookies. They have browsers that clear everything on exit. I don't get the ban part. Why would the forum ban "guest"? and what is up with the _ underscore on the cookie? Thanks!!!!!!

[GigaWatt]

I don't think the underscore in the cookie name matters... the cookie name can't contain white spaces so an underscore is used, a dash would also do the job. A dot is also probably not allowed. My forum's cookie name doesn't contain any underscores and everything is working OK.

Are there any bans by IP or IP range on your forum?

[stompbox]

But the underscore is added, it's not in the regular cookie name. We have noticed that whenever there's a ban - the cookie has an underscore added to it? Anyone know anything about that?
Yes I have bans by IP but not for guest.

[Kindred]

well, i would suggest not banning by IP. It's bascially useless anyway - and, if you want to ban an IP or range, using .htaccess DENY is better for performance.

[GigaWatt]

As Kindred wrote, banning by IP is a bad idea. IPs get reused all the time... it's pointless. Transfer the ban to a ban by username and/or email. I've had situations where no one from a whole company can't log in on a site because they share the same IP , which was put on a ban list 5, 7, 10 years ago . It's a waste of time, it can only generate more problems.

How did you update the forum to 2.0.15, by patching or by uploading a fresh set of files? Does this behavior also happen when using the default theme (Curve)?

[Aleksi "Lex" Kilpinen]

OK, I've been trying to visit the forum from different browsers, at different times - and all "oddities" I've encounter have been bans.
Please, to begin with go through your ban triggers and make sure you have no IP or hostname bans in effect - For example, any site using Cloudflare could inadvertently ban a majority of their users with just one or two IP addresses....

[stompbox]

No something else is happening. When the ban occurs, the name of the cookie always has an underscore on the end. Simply deleting that cookie will allow access. If you think about it, the IP is not changed. The ban is happening on people that always log out as well.

[GigaWatt]

How did you update the forum to 2.0.15, by patching or by uploading a fresh set of files? Does this behavior also happen when using the default theme (Curve)?

[stompbox]

I used the update via admin. It's still banning people but in all cases if you delete the cookie with the underscore they are ok after that. Does anyone know where to look at the cookie code that creates the underscore?

[GigaWatt]

Is the problem resolved, or are you still having issues. If you are, you could try a clean install of 2.0.15 with no mods or themes other than the default one, see if the problem is solved.