Access Blocked - Brute Force Lockout

[support]

Issue:

One or more users are locked out of the system.  Closing the browser and reopening , and browsing to Passwordstate does not not resolve the issue.  Error message you get is as per screenshot below:

 

Cause:

In Passwordstate 9, and new Brute Force Attack feature was introduced, to mitigate against scripted attacks, especially when exposing Passwordstate on the internet.  Once a computer has tried several unsuccessful attempts to access your site, they will be locked out permanently until a Passwordstate Security Administrator manually removes the blocked IP Address from the system

 

Where to Do This?

Under Administration -> Blocked IP Addresses:

 

If you find you are locked out of the system, you should access Passwordstate via the Emergency Account to unblock the IP Address.  Please see this forum post for more information on this: https://www.clickstudios.com.au/community/index.php?/topic/1887-recover-emergency-access-password/

 

More Information:

If you use a Proxy Server, Load Balancer or Firewall in front of your Passwordstate website, and the IP Address of that device is captured as a Brute Force lockout, logging directly into your Passwordstate web server and deleting the IP Address using the method above will fix this.

 

But for a more permanent solution you should set your Device details under the Administration -> System Settings -> Proxy & Syslog Servers -> X-Forwarded-For Support section.  This way it will lock out the IP Address of the users device, not the Proxy server itself.

 

Note: Any network devices such as a Load Balancer, Proxy or Firewall that are being reported as being locked out may need configuring X-Forwarded-For support.

 

 

 

You can relax the Brute Force attack rules under System Settings, as per below screenshot:

 

 

 

Regards,

Support

[Maurice]

Hi Support, I found this topic googling for answers...

I got locked out (blocked ip) from password state. I login with RDP to the server, go to settings, remove the blocked IP. Refresh the page, all looking good.

From my own PC I open the login page again, I get the 'blocked ip message' again, and im my RDP session the IP address reappears. I cant seem to get rid of this block? 

 

I tried refreshing pages in between, close and reopen browsers, even restarted my laptop after removing the ip from the list. But when I open the webinterface from my laptop I instantly get blocked again. Any suggestions?

It seems to be client>browser side issue. When I remove the blocked IP and open the webpage in edge, im allowed to login again. But when I open in Brave again, im blocked...

 

Edit: It gets weirder. When I get myself blocked again with Brave browser, and I leave the ip BAN up in the server, im still allowed to login with Edge, from the same laptop. 

It's time for weekend...

[support]

Hello Maurice,

 

Can you please try upgrading to build 9627, to see if this helps at all - we've changed how we track Brute Force logins in this build.

Regards

Click Studios