latest stable versions: v150827 (changelog)

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Serious S2Member Bug! Fix it plzlol

Home Forums Community Forum Serious S2Member Bug! Fix it plzlol

This topic contains 10 replies, has 5 voices. Last updated by  Eduan 3 years, 9 months ago.

Topic Author Topic
Posted: Monday Feb 13th, 2012 at 12:13 pm #4937
adam chen
Username: adam1987

The lockdown issue for me is no more funny.

Seem the 5 times wrong password input that bring a 30min login lockdown to EVERYONE not only my admin account!
I have 2 test accounts + 1 admin account. but because of the admin account was locked down, when I try to login the test accounts (non admin), they are locked with 30min also! I tried to access from TWO different computers, the same result, whats is going on?
There also seem no minutes deducted since then! How could it be? another 30min as long as I tried once more? lol

I really need a serious explaination on this issue, cause its will very like put great issues on site!

Thank You

List Of Topic Replies

Viewing 10 replies - 1 through 10 (of 10 total)
Author Replies
Author Replies
Posted: Monday Feb 13th, 2012 at 8:19 pm #4965
Eduan
Username: Eduan
Moderator

This might be related to s2Member’s brute force IP/login restrictions.

Please see this KBA (Knowledge Base Article) for more information on this configuration:
s2Member® Brute Force IP/Login Restrictions

Hope this helps. :)

Posted: Monday Feb 13th, 2012 at 8:35 pm #4971
adam chen
Username: adam1987

Hi Eduan:

So, is it a configuration issue? But there is only 1 selection though, how could the lock suddenly apply to all users once my admin account is over tried? Also, what is someone just want to mess with the system, over try intentionally, our site will be compromised just like that isnt it?

Posted: Monday Feb 13th, 2012 at 8:38 pm #4973
Eduan
Username: Eduan
Moderator

The reason all those users were locked is because they all share the same IP address, yours.

So if the your IP address is locked, then all the users that have/use that same IP address will be locked.

Does this answer your question?

Posted: Monday Feb 13th, 2012 at 8:53 pm #4974
adam chen
Username: adam1987

But, I did use two different computer—same network to access two different account, yet one is in ethernet one is using wireless.
So, does that still be the IP address issue? Just wondering.

  • This reply was modified 4 years, 10 months ago by  adam chen.
Posted: Monday Feb 13th, 2012 at 9:08 pm #4976
David Welch
Username: dwbiz05

If you have access to the mysql db, you should be able to run these two queries to remove all IP restrictions:

DELETE FROM wp_options WHERE option_name LIKE '%_transient_s2m_ipr_%';

DELETE FROM wp_options WHERE option_name LIKE '%_transient_timeout_s2m_ipr_%';

This is taken from the following S2Member code:
s2member\includes\classes\ip-restrictions.inc.php
Lines 220 and 221

Hope that helps,
Dave

Posted: Tuesday Feb 14th, 2012 at 10:04 am #5030
adam chen
Username: adam1987

wow, interesting way to explore it, thanks!
I am going to have a try of this hack later :D

Posted: Tuesday Feb 14th, 2012 at 10:08 am #5031
adam chen
Username: adam1987

But still it seem did not fix the issue of the login problem that brutal force restriction lock down only the ip? So does that mean that if two pc using same ISP but one is in ethernet and other is wireless, they all still have the same ip? Does that really true so that why what happened to me?

Anyone has idea about it, thanks.

Posted: Wednesday Aug 29th, 2012 at 2:20 pm #23440

i noticed the same issue and am rather perplexed, that an issue this serious has not been mentioned more. I checked the IP address on one computer, I used to register a user. It is LAN based and started with 192.168. I deliberately logged in incorrectly, 5 times and it not only locked the users account, it locked all accounts. Even accounts that were created on a different network (10.1.1). Not sure if this has been addressed from a functional hotfix or update perspective, but this is definitely a show stopper.

  • This reply was modified 4 years, 4 months ago by  Maurice Isler.
Posted: Friday Mar 15th, 2013 at 4:33 pm #44745

Has this been addressed? I’m seeing the same issue – one person goes over their limit, EVERYONE gets locked out.

Posted: Monday Mar 18th, 2013 at 11:49 am #45048
Eduan
Username: Eduan
Moderator

Hello Andy,

Who is everyone? All your users around the country? Your house? Could you please be more specific so that we are able to provide with help? Thanks!

– Eduan

Viewing 10 replies - 1 through 10 (of 10 total)

This topic is closed to new replies. Topics with no replies for 2 weeks are closed automatically.

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Contacting s2Member: Please use our Support Center for bug reports, pre-sale questions & technical assistance.