Bug Breach Check Rate

Status
Not open for further replies.

manucod

Customer
  • ErrorException: Received unexpected response code 429 (Too Many Requests)
  • src/XF/Error.php:77

    It say there are too many requests but I monitored it and it's certainly not more than a couple a minute ( i have the basic subscription for the pwnd api.

    the forum is pretty small so there is no way I'm over the rate.
    I've had the error more than 4 or 5 times today.



array(4) {
["url"] => string(18) "/forum/login/login"
["referrer"] => string(28) "https://www.myforum.io/forum/"
["_GET"] => array(1) {
["/forum/login/login"] => string(0) ""
}
["_POST"] => array(7) {
["_xfToken"] => string(8) "********"
["login"] => string(6) "Zacian"
["password"] => string(8) "********"
["g-recaptcha-response"] => string(1782) "P1_eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.hadwYXNza2V5xQTHb7wB5qUbCYpCAp3AOLQJhD_n16wzzPzi3vnrRUC1TuPRiERlGjKnuonTd5urMJVanZDUcgscx5Ul5n7NG99f2BQnW_NDggu3i1dw6zcvFTrrmxbjEqq_wu5sMh37U3BThCp828u5P3clrseeHtyzeeFoXJibtg-q3dTNMmW2Dr1YA_8W5-Syjr8DZEn1NrIrif6jmlnlSoxgmV5GBou91ND4VBVHc11wTQPGMmlKc-TOlypOo-uvRISIr8n7TFkHNdl6099lYdwRwD5Yy3jF1Q99KyZY_FhrrWUVK9iFFnF3vcrEFqxm-VBaQawB7MLHILB-UJrZVAWp1Rn_fT4d9yJa5Xbe2tIrN2szQ-lJ6GCkVCB5QHI3Cmcv8Vt8GynPP2D0TdET8gM3TJV2GHdDZONnlHnaM2HrENjWpsygS68o18LEwiAOfCohVA_2HKQu2iqnNAGJI5sCUgdCivBR04IVfGUhAyUYiIXz9sl3p9T4km8geXTDBGjKgoRD_CPKIQOI4MBWagYTvkalwg51INFgylUa5Ok0GFwUh30OSVNSGpfyPnQrTMa61iKtTmDQDmBkpotsXDLkYgSYYiPjLRqRxzfjKqFNfe78Zq-I_qm5vHZS-jEeIPYTr0Gg8w60whMOI_GScG4swN3-kyJ6VFXijB7UQliGAmx12lZeuciySQYvrKisLNfx24bUF6zhd4lYi-OURQoMOMypII-YbGieeSer9WeoKuKrmCJxNr311tD1WSvKPV5JZ_32eCHm5m-rXkEHruGCqXi0ChWr70jzlFyCMNhT00H6aukkNfI20I2jp5VbVXZdPbAYzkTQoJoc2e5vLadDXFm_MevaeH8L-bB1Q-ngcyMXPWl7-n3DfTsBSqvaYZcdad69Tipl6kmMTN7JnXH3206PUSaLSGS9mtA5i5R-kpDb6vRQAYSPMFMbZENx03Tp5Q-t_tKU2lGlJWsYz843paZBo5oHUYB4aCy8IJaNCHlnYkypyn6jbEt_dt3ewplXKkjs3Wpf7rnnSstaDa7lwAA2PGoh_T1vzoFm-o23SWB1y1cAnPN3vHGWj37taVkzq-NI9aZabErfpTvlLG7W93SHJLpPMsRFw_GP6yq8wqIvl7X-mx4KGXcQ7cU4zfe3c59qF2IgFOcG2i-j3sn7zqV-XcGRYkhThmekaxw5FRU0f4WO1oqYOQAQ3oxABz5wAq7-37PaLBp2kjsbjdOcKGonJ0iaZg2j2oSafARiKd2jguVnq2HckuR2GH69V3mt2BQe1pwzwy9sIhyOjS4aw2KJnhJNpIS8sYWi1Kc5g7v3qMpWK7xIURFgD5FoPRoP3WEUurYw4x-z1mb4DKrbFHUNbsR2FE1nXPHCQgKI72wY9PYVMT0AT2gTdeFh_Iwpb1BSEdBCsB2hXMqF6T4ESYOA4dWy7gbKKbGscSb01z2IS1aABn3cePaAK_98Ldccz2ktPpeYQWiLDqMpheTfN8DmfksVgfs2HbysDFHb29l34IuCX3FNudndEaMoBWdYARKGa2dd8Mxfkg9QKxmZ-IvTm9_duRusN_EHrZ-xluTqE-sz1YvYcIIvQQyoGED5TWr-j5d6zk36m1Va43z9wnblCZHDkZRU8ssdaNKjZXhwzmZLjV2oc2hhcmRfaWTOFDyEH6Jrcqc5MWQ0YmNjonBkAA.mJzx1ENDDTtd61zMx7q3RZWdU0FzDvxXf0pAEYB4ORI"
["h-captcha-response"] => string(1782) "P1_eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.hadwYXNza2V5xQTHb7wB5qUbCYpCAp3AOLQJhD_n16wzzPzi3vnrRUC1TuPRiERlGjKnuonTd5urMJVanZDUcgscx5Ul5n7NG99f2BQnW_NDggu3i1dw6zcvFTrrmxbjEqq_wu5sMh37U3BThCp828u5P3clrseeHtyzeeFoXJibtg-q3dTNMmW2Dr1YA_8W5-Syjr8DZEn1NrIrif6jmlnlSoxgmV5GBou91ND4VBVHc11wTQPGMmlKc-TOlypOo-uvRISIr8n7TFkHNdl6099lYdwRwD5Yy3jF1Q99KyZY_FhrrWUVK9iFFnF3vcrEFqxm-VBaQawB7MLHILB-UJrZVAWp1Rn_fT4d9yJa5Xbe2tIrN2szQ-lJ6GCkVCB5QHI3Cmcv8Vt8GynPP2D0TdET8gM3TJV2GHdDZONnlHnaM2HrENjWpsygS68o18LEwiAOfCohVA_2HKQu2iqnNAGJI5sCUgdCivBR04IVfGUhAyUYiIXz9sl3p9T4km8geXTDBGjKgoRD_CPKIQOI4MBWagYTvkalwg51INFgylUa5Ok0GFwUh30OSVNSGpfyPnQrTMa61iKtTmDQDmBkpotsXDLkYgSYYiPjLRqRxzfjKqFNfe78Zq-I_qm5vHZS-jEeIPYTr0Gg8w60whMOI_GScG4swN3-kyJ6VFXijB7UQliGAmx12lZeuciySQYvrKisLNfx24bUF6zhd4lYi-OURQoMOMypII-YbGieeSer9WeoKuKrmCJxNr311tD1WSvKPV5JZ_32eCHm5m-rXkEHruGCqXi0ChWr70jzlFyCMNhT00H6aukkNfI20I2jp5VbVXZdPbAYzkTQoJoc2e5vLadDXFm_MevaeH8L-bB1Q-ngcyMXPWl7-n3DfTsBSqvaYZcdad69Tipl6kmMTN7JnXH3206PUSaLSGS9mtA5i5R-kpDb6vRQAYSPMFMbZENx03Tp5Q-t_tKU2lGlJWsYz843paZBo5oHUYB4aCy8IJaNCHlnYkypyn6jbEt_dt3ewplXKkjs3Wpf7rnnSstaDa7lwAA2PGoh_T1vzoFm-o23SWB1y1cAnPN3vHGWj37taVkzq-NI9aZabErfpTvlLG7W93SHJLpPMsRFw_GP6yq8wqIvl7X-mx4KGXcQ7cU4zfe3c59qF2IgFOcG2i-j3sn7zqV-XcGRYkhThmekaxw5FRU0f4WO1oqYOQAQ3oxABz5wAq7-37PaLBp2kjsbjdOcKGonJ0iaZg2j2oSafARiKd2jguVnq2HckuR2GH69V3mt2BQe1pwzwy9sIhyOjS4aw2KJnhJNpIS8sYWi1Kc5g7v3qMpWK7xIURFgD5FoPRoP3WEUurYw4x-z1mb4DKrbFHUNbsR2FE1nXPHCQgKI72wY9PYVMT0AT2gTdeFh_Iwpb1BSEdBCsB2hXMqF6T4ESYOA4dWy7gbKKbGscSb01z2IS1aABn3cePaAK_98Ldccz2ktPpeYQWiLDqMpheTfN8DmfksVgfs2HbysDFHb29l34IuCX3FNudndEaMoBWdYARKGa2dd8Mxfkg9QKxmZ-IvTm9_duRusN_EHrZ-xluTqE-sz1YvYcIIvQQyoGED5TWr-j5d6zk36m1Va43z9wnblCZHDkZRU8ssdaNKjZXhwzmZLjV2oc2hhcmRfaWTOFDyEH6Jrcqc5MWQ0YmNjonBkAA.mJzx1ENDDTtd61zMx7q3RZWdU0FzDvxXf0pAEYB4ORI"
["remember"] => string(1) "1"
["_xfRedirect"] => string(28) "https://myforum.com/forum/"
}
}

#0 src/XF.php(219): XF\Error->logError(Object(XF\Phrase), false)
#1 src/addons/DBTech/Security/Repository/Watcher.php(324): XF::logError(Object(XF\Phrase))
#2 src/addons/DBTech/Security/XF/Service/User/Login.php(70): DBTech\Security\Repository\Watcher->breachCheck(Object(DBTech\Security\XF\Entity\User))
#3 src/XF/Service/User/Login.php(126): DBTech\Security\XF\Service\User\Login->recordFailedAttempt()
#4 src/XF/Pub/Controller/Login.php(96): XF\Service\User\Login->validate('*****', NULL)
#5 src/XF/Mvc/Dispatcher.php(352): XF\Pub\Controller\Login->actionLogin(Object(XF\Mvc\ParameterBag))
#6 src/XF/Mvc/Dispatcher.php(259): XF\Mvc\Dispatcher->dispatchClass('XF:Login', 'Login', Object(XF\Mvc\RouteMatch), Object(XF\Pub\Controller\Login), NULL)
#7 src/XF/Mvc/Dispatcher.php(115): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(XF\Pub\Controller\Login), NULL)
#8 src/XF/Mvc/Dispatcher.php(57): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#9 src/XF/App.php(2487): XF\Mvc\Dispatcher->run()
#10 src/XF.php(524): XF\App->run()
#11 index.php(20): XF::runApp('XF\\Pub\\App')
#12 {main}
 
Since I'm sure there are less request a second than 10 and since it still errors out I think it's related to your code. I'll ask the support of the api to check on their end. If it turns out it's not a them or me issue then ill happily tell the tale on trustpilot including the support answers I got from here.
It shows very little goodwill from you, if you act this way. Even if it was an api issue or another issue with my server you could still try and give support or point out that I should do x and y before z.
 
Please understand you are the first person to report this issue, and as far as I know there’s nothing that can be done on your end.

Do please let me know whether they are able to provide the API logs. If there’s duplicate requests, they could be caused by an addon conflict.

With regards to the request volume, if your site is being hit by spam bots that could very easily be triggering such request limits. Make sure you’re using CAPTCHA, I would recommend Cloudflare Turnstile.
 
Please understand you are the first person to report this issue, and as far as I know there’s nothing that can be done on your end.

Do please let me know whether they are able to provide the API logs. If there’s duplicate requests, they could be caused by an addon conflict.

With regards to the request volume, if your site is being hit by spam bots that could very easily be triggering such request limits. Make sure you’re using CAPTCHA, I would recommend Cloudflare Turnstile.
thanks a lot, that answer helps a lot more. Ill report back here if I can get down to the bottom of this with haveibeenpwnd.
 
Hello @manucod,

We hope your ticket regarding DragonByte Security has been addressed to your satisfaction. This ticket has now been scheduled to be closed.

If your ticket has not been resolved, you can reply to this thread at any point in the next 7 days in order to reopen the ticket, afterwards this thread will be closed.

Please do not reply to this thread if your ticket has been resolved.

Thank you.


- DragonByte Technologies, Ltd.
 
Status
Not open for further replies.

DragonByte Security

XenForo 1.5.3+ XenForo 2.0.x XenForo 2.1.x XenForo 2.2.x
Seller
DragonByte Technologies
Release date
Last update
Total downloads
2,202
Customer rating
5.00 star(s) 1 ratings
Top