added to ip_blacklist file too many repeated failed login into '' account

D

Driesp

Verified User
Joined
Mar 12, 2007
Messages
168
Location
Belgium
Dear all

I am having trouble with 1 particular case where a legitimate IP gets blocked from time to time. (in this case it is an IPv6 address, I don't know if this is relevant)
I tried adding this IPv6 IP range to the ip_ignore list without success, the ip range seems 'ignored' (wink ;) )

I am getting this error
Code: 
The ip '2a00:XXXX::' has been added to the /usr/local/directadmin/data/admin/ip_blacklist file for having too many repeated failed login attempts into the '' account.

In the directadmin log file I can see this:

Code: 
27/02/2016:17:03:13     2a00:XXXX:: GET / HTTP/1.1   (null)
27/02/2016:17:03:13     2a00:XXXX:: GET /apple-touch-icon-precomposed.png HTTP/1.1   (null)
27/02/2016:17:03:13     2a00:XXXX:: GET /apple-touch-icon.png HTTP/1.1       (null)
27/02/2016:17:03:14     2a00:XXXX:: GET / HTTP/1.1   (null)
27/02/2016:17:03:14     2a00:XXXX:: GET /apple-touch-icon-precomposed.png HTTP/1.1   (null)
27/02/2016:17:03:14     2a00:XXXX:: GET /apple-touch-icon.png HTTP/1.1       (null)
27/02/2016:17:03:14     2a00:XXXX:: GET /CMD_SHOW_DOMAIN HTTP/1.1    (null)
27/02/2016:17:03:14     2a00:XXXX:: GET /apple-touch-icon-precomposed.png HTTP/1.1   (null)
27/02/2016:17:03:14     2a00:XXXX:: GET /apple-touch-icon.png HTTP/1.1       (null)
27/02/2016:17:03:14     2a00:XXXX:: GET /CMD_SHOW_DOMAIN HTTP/1.1    (null)

In this case, it looks like the user had multiple directadmin pages open in tabs, where tabs are saved after closing the browser.
After reopening the browser again (the login sessions are lost after time) the browser tries to reload everything triggering an IP block.

I can also reproduce this by reloading the directadmin page 10 times. (GET / requests)

(Maybe) an IP block should only be made after 10 POST requests.
 
Hope you don't mind me replying to a 2 year old post but I just came across this and I totally agree.
I have multiple DA boxes in my Safari favourites and it's trying to get favicons all the time blocking my IP address. I now manually add these ip addresses to the whitelist but that shouldn't be needed ofc.
Valid GET requests shouldn't get you blacklisted!
 
You must log in or register to reply here.
Back
Top