Jump to content

Access Blocked - Brute Force Lockout


support
 Share

Recommended Posts

Issue:

One or more users are locked out of the system.  Closing the browser and reopening , and browsing to Passwordstate does not not resolve the issue.  Error message you get is as per screenshot below:

2021-03-17_10-11-31.png

 

Cause:

In Passwordstate 9, and new Brute Force Attack feature was introduced, to mitigate against scripted attacks, especially when exposing Passwordstate on the internet.  Once a computer has tried several unsuccessful attempts to access your site, they will be locked out permanently until a Passwordstate Security Administrator manually removes the blocked IP Address from the system

 

Where to Do This?

Under Administration -> Blocked IP Addresses:

2021-03-17_10-27-34.png

 

If you find you are locked out of the system, you should access Passwordstate via the Emergency Account to unblock the IP Address.  Please see this forum post for more information on this: https://www.clickstudios.com.au/community/index.php?/topic/1887-recover-emergency-access-password/

 

More Information:

If you use a Proxy Server, Load Balancer or Firewall in front of your Passwordstate website, and the IP Address of that device is captured as a Brute Force lockout, logging directly into your Passwordstate web server and deleting the IP Address using the method above will fix this.

 

But for a more permanent solution you should set your Device details under the Administration -> System Settings -> Proxy & Syslog Servers -> X-Forwarded-For Support section.  This way it will lock out the IP Address of the users device, not the Proxy server itself.

 

Note: Any network devices such as a Load Balancer, Proxy or Firewall that are being reported as being locked out may need configuring X-Forwarded-For support.

 

2021-03-17_10-32-35.png

 

 

You can relax the Brute Force attack rules under System Settings, as per below screenshot:

2021-03-30_8-26-21.png

 

 

 

Regards,

Support

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...