Question Security email problem.

madness85 · Apr 12, 2020

With failed logs i have options ban IP and email webmaster. For some reason when it trys to send the email, this is the output.

Code:

Apr 12 21:13:54 vmi364414 postfix/pickup[10778]: 2E0AC7A0CF8: uid=33 from=<admin@mysite.me> Apr 12 21:13:54 vmi364414 postfix/cleanup[11498]: 2E0AC7A0CF8: message-id=<eb5111bbaf63df231bfe88568f5eb1cc@mysite.me> Apr 12 21:13:54 vmi364414 postfix/qmgr[28895]: 2E0AC7A0CF8: from=<admin@mysite.me>, size=4703, nrcpt=1 (queue active) Apr 12 21:13:54 vmi364414 postfix/local[11500]: 2E0AC7A0CF8: to=<admin@mysite.me>, relay=local, delay=0.1, delays=0.04/0.02/0/0.03, dsn=5.1.1, status=bounced (unknown user: "admin") Apr 12 21:13:54 vmi364414 postfix/cleanup[11498]: 3FF9A7A0CF9: message-id=<20200412201354.3FF9A7A0CF9@mysite.me> Apr 12 21:13:54 vmi364414 postfix/bounce[11501]: 2E0AC7A0CF8: sender non-delivery notification: 3FF9A7A0CF9 Apr 12 21:13:54 vmi364414 postfix/qmgr[28895]: 3FF9A7A0CF9: from=<>, size=6547, nrcpt=1 (queue active) Apr 12 21:13:54 vmi364414 postfix/qmgr[28895]: 2E0AC7A0CF8: removed Apr 12 21:13:54 vmi364414 postfix/local[11500]: 3FF9A7A0CF9: to=<admin@mysite.me>, relay=local, delay=0.05, delays=0.03/0/0/0.01, dsn=5.1.1, status=bounced (unknown user: "admin") Apr 12 21:13:54 vmi364414 postfix/qmgr[28895]: 3FF9A7A0CF9: removed

from=<> should be the email in my admin panel.

Fixed, postfix issue.

madness85 · Apr 12, 2020

another issue is security watchers.

I fail with a none existent user

After 5 attempts it should ban the IP and email webmasters email, but it actually displays account locked and doesn't ban the IP. Not sure how the account can be locked if it doesn't exist.

Fillip H. · Apr 13, 2020

madness85 said:
but it actually displays account locked

Can you please clarify this? Where does it display "account locked"?

madness85 · Apr 13, 2020

Fillip H. said:
Can you please clarify this? Where does it display "account locked"?

On the mobile phone I'm using to fail login.

Fillip H. · Apr 14, 2020

The login strike log shows only 4 attempted logins per username. Are you sure you don't want the "Mass Non-Existent Logins" watcher instead?

madness85 · Apr 14, 2020

Fillip H. said:
The login strike log shows only 4 attempted logins per username. Are you sure you don't want the "Mass Non-Existent Logins" watcher instead?

Have I set it up incorrectly? What's the technical differences between the two?

Fillip H. · Apr 14, 2020

The difference is that with "Failed Non-Existent Logins", the watcher is triggered on the Xth login attempt (5th in your case) with the same username from the same IP. "Failed Mass Non-Existent Logins" is triggered on the Xth login attempt with any username from the same IP.

madness85 · Apr 14, 2020

Fillip H. said:
The difference is that with "Failed Non-Existent Logins", the watcher is triggered on the Xth login attempt (5th in your case) with the same username from the same IP. "Failed Mass Non-Existent Logins" is triggered on the Xth login attempt with any username from the same IP.

On the 5th attempt it displays
Oops! We ran into some problems.
Your account has temporarily been locked due to failed login attempts.

5 attempts, same none existent username and same IP.

There are only 4 attempts logged in the panel.

Fillip H. · Apr 15, 2020

What about the watcher log? Are there any entries there?

madness85 · Apr 15, 2020

Fillip H. said:
What about the watcher log? Are there any entries there?

Watcher log

No entries have been logged

Fillip H. · Apr 20, 2020

The reason why 5 failed logins does not work is because of this XenForo setting:

If you select "Lock out" there, login strikes watchers with 5 or more hits will not function.

This is a core XenForo feature and not provided DB Security.

madness85 · Apr 20, 2020

Fillip H. said:
The reason why 5 failed logins does not work is because of this XenForo setting:

View attachment 9287

If you select "Lock out" there, login strikes watchers with 5 or more hits will not function.

This is a core XenForo feature and not provided DB Security.

That makes sense, I forgot about that core feature.

DragonByte Technologies · Apr 28, 2020

Hello @madness85,

We hope your ticket regarding DragonByte Security has been addressed to your satisfaction. This ticket has now been scheduled to be closed.

If your ticket has not been resolved, you can reply to this thread at any point in the next 7 days in order to reopen the ticket, afterwards this thread will be closed.

Please do not reply to this thread if your ticket has been resolved.

Thank you.

- DragonByte Technologies, Ltd.

DragonByte Technologies · May 5, 2020

Hello @madness85,

As we have not heard back from you, your ticket regarding DragonByte Security has now been closed.

If your ticket has not been resolved, please feel free to start a new support ticket and link back to this ticket.

If you have time, please leave a review on XenForo.com's Resource Manager.

Thank you.

- DragonByte Technologies, Ltd.

Question Security email problem.

madness85

madness85

Fillip H.

madness85

Fillip H.

madness85

Fillip H.

madness85

Fillip H.

madness85

Fillip H.

madness85

DragonByte Technologies

Company Information

DragonByte Technologies

Company Information

Similar threads

DragonByte Security

We value your privacy