Question Security email problem.

Status
Not open for further replies.

madness85

Customer
With failed logs i have options ban IP and email webmaster. For some reason when it trys to send the email, this is the output.

Code:
Apr 12 21:13:54 vmi364414 postfix/pickup[10778]: 2E0AC7A0CF8: uid=33 from=<admin@mysite.me>
Apr 12 21:13:54 vmi364414 postfix/cleanup[11498]: 2E0AC7A0CF8: message-id=<eb5111bbaf63df231bfe88568f5eb1cc@mysite.me>
Apr 12 21:13:54 vmi364414 postfix/qmgr[28895]: 2E0AC7A0CF8: from=<admin@mysite.me>, size=4703, nrcpt=1 (queue active)
Apr 12 21:13:54 vmi364414 postfix/local[11500]: 2E0AC7A0CF8: to=<admin@mysite.me>, relay=local, delay=0.1, delays=0.04/0.02/0/0.03, dsn=5.1.1, status=bounced (unknown user: "admin")
Apr 12 21:13:54 vmi364414 postfix/cleanup[11498]: 3FF9A7A0CF9: message-id=<20200412201354.3FF9A7A0CF9@mysite.me>
Apr 12 21:13:54 vmi364414 postfix/bounce[11501]: 2E0AC7A0CF8: sender non-delivery notification: 3FF9A7A0CF9
Apr 12 21:13:54 vmi364414 postfix/qmgr[28895]: 3FF9A7A0CF9: from=<>, size=6547, nrcpt=1 (queue active)
Apr 12 21:13:54 vmi364414 postfix/qmgr[28895]: 2E0AC7A0CF8: removed
Apr 12 21:13:54 vmi364414 postfix/local[11500]: 3FF9A7A0CF9: to=<admin@mysite.me>, relay=local, delay=0.05, delays=0.03/0/0/0.01, dsn=5.1.1, status=bounced (unknown user: "admin")
Apr 12 21:13:54 vmi364414 postfix/qmgr[28895]: 3FF9A7A0CF9: removed

from=<> should be the email in my admin panel.


Fixed, postfix issue.
 
Last edited:
another issue is security watchers.

1.png

I fail with a none existent user

1.png

After 5 attempts it should ban the IP and email webmasters email, but it actually displays account locked and doesn't ban the IP. Not sure how the account can be locked if it doesn't exist.
 
Last edited:
The login strike log shows only 4 attempted logins per username. Are you sure you don't want the "Mass Non-Existent Logins" watcher instead?
 
The difference is that with "Failed Non-Existent Logins", the watcher is triggered on the Xth login attempt (5th in your case) with the same username from the same IP. "Failed Mass Non-Existent Logins" is triggered on the Xth login attempt with any username from the same IP.
 
The difference is that with "Failed Non-Existent Logins", the watcher is triggered on the Xth login attempt (5th in your case) with the same username from the same IP. "Failed Mass Non-Existent Logins" is triggered on the Xth login attempt with any username from the same IP.
On the 5th attempt it displays
Oops! We ran into some problems.
Your account has temporarily been locked due to failed login attempts.

5 attempts, same none existent username and same IP.

There are only 4 attempts logged in the panel.
 
The reason why 5 failed logins does not work is because of this XenForo setting:

1587385502036.png

If you select "Lock out" there, login strikes watchers with 5 or more hits will not function.

This is a core XenForo feature and not provided DB Security.
 
Hello @madness85,

We hope your ticket regarding DragonByte Security has been addressed to your satisfaction. This ticket has now been scheduled to be closed.

If your ticket has not been resolved, you can reply to this thread at any point in the next 7 days in order to reopen the ticket, afterwards this thread will be closed.

Please do not reply to this thread if your ticket has been resolved.

Thank you.


- DragonByte Technologies, Ltd.
 
Hello @madness85,

As we have not heard back from you, your ticket regarding DragonByte Security has now been closed.

If your ticket has not been resolved, please feel free to start a new support ticket and link back to this ticket.

If you have time, please leave a review on XenForo.com's Resource Manager.

Thank you.


- DragonByte Technologies, Ltd.
 
Status
Not open for further replies.

DragonByte Security

XenForo 1.5.3+ XenForo 2.0.x XenForo 2.1.x XenForo 2.2.x
Seller
DragonByte Technologies
Release date
Last update
Total downloads
2,177
Customer rating
5.00 star(s) 1 ratings
Back
Top