HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


Flood Control?

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#65894 (In Topic #14098)
Avatar

Well-settled

Everything went to "Forbidden"

Okay, I love OC Portal and have been able to figure out every issue I needed for my college class. So, first day of class, everyone logs on. Except for what is my login name and password issues, no problem. Some, however, got a "flood control" message when they tried to go beyond the front page. Then everyone got "Forbidden" on everything. I logged on as admin and every page was "Forbidden."

Three possibilities:

First, a Hostgator issue - I checked, no sign that it is, I raised the bandwidth capacity to 10 GB, should be no problem.

Second, a College classroom computer issue: Now, I was able to login from the college computers and access every thing before the big class login, but not after. Second, one student had her own laptop accessing the college wi-fi and could access every page, no problem, even while everyone else was hitting only "Forbidden."

Third, an OCPortal setting issue. I hope its this and not a college computer system issue.

Please let me know how to resolve this before next Monday class.

Thanks, Daniel
Back to the top
 
Posted
Rating:
#65895
Avatar

Hi,

This is unfortunate. The description for the flood control usergroup option reads:
The number of seconds that need to pass before members in this usergroup can submit forms (such as search forms, posting forms, or other kinds of submission). It is advised to leave this at 0 for the guest usergroup, as guest flood control is not entirely accurate (control guest access with permissions instead).

Your sudden spike in large numbers of guests (probably from the same IP) triggered the flood control and them repeated flood control messages triggered an automated hack attack as it thought it might be a denial of service attack. You need to disable flood control on your site, and unban the IP(s). If you can't access your site at all to unban then the ocPortal disaster recovery tutorial explains how to do it manually.

I think we'll bury flood control options under an 'Advanced' expander.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#65897
Avatar

Well-settled

Thanks Chris,

Yes, I found where all the students came in on the same ISP address and it was banned. I unbanned it. The student on wifi was on a different ISP.

My flood control in the user group was already set at 0, I found under Config- Features a chat room flood control set at 5, which I placed at 0.

An interesting problem when 24 logins come all at once from the same ISP. Is there anything else I can do to prevent being blocked again on Monday?

Daniel
Back to the top
 
Posted
Rating:
#65899
Avatar

Are you certain the guest usergroup, and any other usergroups they might log in to, have both "Flood control access time" and "Flood control form-submission time" set to 0?

If that's the case I don't see how it could happen.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#65901
Avatar

Well-settled

I did remove a flood control number on the guest user group and maybe one other. We'll see how it goes next time. There will be fewer login failures, plus if it decides to ban the ISP again, I will be able to go in on the one student's laptop and un-ban it.

Listen, Chris, I'm really proud of my website, The Writing Conservatory. I haven't had this much fun doing something in years. Every issue I have been able to resolve, and I've just realized I can resolve more by placing OCPortal on a .net I just purchased and connecting the two. Put the forum and public stuff, guest access, etc., on the .net and keep the private stuff on the .com. That way I can use the point system as you created it and use it as the private grading I have changed it to be - both at the same time.

The only thing unresolved is the easy placement of Google and other ads, but I will pay you to do that for me a little later. It's not big deal right now. What I would like to have is a block that I can insert anywhere and that gives me a place to put the html code for the ad, quickly and simply.

Anyway, I've been trying to make money on the Internet for some time and OCPortal is the first program I've found that allows me to do all that I want so easily. Now that I know it, I think I will set up a number of different community sites.

Thanks, Daniel
Back to the top
 
Posted
Rating:
#65902
Avatar

Could you check the hack-attack log. I think it's on the Usage menu, maybe as 'Security' or 'Error log'.
It might say some other reason why the ban happened. Also you might have received an email about it.

The only thing unresolved is the easy placement of Google and other ads, but I will pay you to do that for me a little later. It's not big deal right now. What I would like to have is a block that I can insert anywhere and that gives me a place to put the html code for the ad, quickly and simply.

If I can explain in 1 min I won't charge ;). Try putting the HTML (nothing else) in sources_custom/miniblocks/ad.php and then using 'ad' as a block.
Or you can add a custom Comcode tag.

Thanks


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#65948
Avatar

Well-settled

Okay, here's how things went. The website was still completely blocked at school yesterday. The front page said "Forbidden." So I went to Hostgator and they found that IP number denied in htaccess. They removed the deny. I found the same place on the control panel. I am wondering if I can insert the school IP number into allow so that it cannot deny that IP?

Here is the wording.

order allow,deny
# IP bans go here (leave this comment here! If this file is writeable, ocPortal will write in IP bans below, in sync with it's own DB-based banning - this makes DOS/hack attack prevention stronger)
# deny from xxx.xx.x.x (leave this comment here!)
allow from all


I wish I had looked at this before the Hostgator guy removed the school IP, I suspect it was there where it says xxx.

If I can write in a fixed "allow" how would it look?
Daniel
Back to the top
 
Posted
Rating:
#65949
Avatar

I'm not sure about .htaccess precedences, but did you get a chance to look at the log I mentioned in my last post?


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
There are too many online users to list.
Control functions:

Quick reply   Contract

Your name:
Your message: