Serious S2Member Bug! Fix it plzlol

The lockdown issue for me is no more funny.

Seem the 5 times wrong password input that bring a 30min login lockdown to EVERYONE not only my admin account!
I have 2 test accounts + 1 admin account. but because of the admin account was locked down, when I try to login the test accounts (non admin), they are locked with 30min also! I tried to access from TWO different computers, the same result, whats is going on?
There also seem no minutes deducted since then! How could it be? another 30min as long as I tried once more? lol

I really need a serious explaination on this issue, cause its will very like put great issues on site!

Thank You

This might be related to s2Member’s brute force IP/login restrictions.

Please see this KBA (Knowledge Base Article) for more information on this configuration:
s2Member® Brute Force IP/Login Restrictions

Hope this helps. :)

Hi Eduan:

So, is it a configuration issue? But there is only 1 selection though, how could the lock suddenly apply to all users once my admin account is over tried? Also, what is someone just want to mess with the system, over try intentionally, our site will be compromised just like that isnt it?

The reason all those users were locked is because they all share the same IP address, yours.

So if the your IP address is locked, then all the users that have/use that same IP address will be locked.

Does this answer your question?

But, I did use two different computer—same network to access two different account, yet one is in ethernet one is using wireless.
So, does that still be the IP address issue? Just wondering.

• This reply was modified 4 years, 10 months ago by  adam chen.

If you have access to the mysql db, you should be able to run these two queries to remove all IP restrictions:

DELETE FROM wp_options WHERE option_name LIKE '%_transient_s2m_ipr_%';

DELETE FROM wp_options WHERE option_name LIKE '%_transient_timeout_s2m_ipr_%';

This is taken from the following S2Member code:
s2member\includes\classes\ip-restrictions.inc.php
Lines 220 and 221

Hope that helps,
Dave

wow, interesting way to explore it, thanks!
I am going to have a try of this hack later :D

But still it seem did not fix the issue of the login problem that brutal force restriction lock down only the ip? So does that mean that if two pc using same ISP but one is in ethernet and other is wireless, they all still have the same ip? Does that really true so that why what happened to me?

Anyone has idea about it, thanks.

i noticed the same issue and am rather perplexed, that an issue this serious has not been mentioned more. I checked the IP address on one computer, I used to register a user. It is LAN based and started with 192.168. I deliberately logged in incorrectly, 5 times and it not only locked the users account, it locked all accounts. Even accounts that were created on a different network (10.1.1). Not sure if this has been addressed from a functional hotfix or update perspective, but this is definitely a show stopper.

• This reply was modified 4 years, 4 months ago by  Maurice Isler.

Has this been addressed? I’m seeing the same issue – one person goes over their limit, EVERYONE gets locked out.

Hello Andy,

Who is everyone? All your users around the country? Your house? Could you please be more specific so that we are able to provide with help? Thanks!

– Eduan