Author |
Message |
- Joined: 16 May 2002
- Posts: 1384
- Location: italy
|
The forum keeps logging me out
Posted: Mon Sep 30, 2024 3:39 pm
|
At first it happened occasionally, once every few weeks if not months, so I didn't want to report it, but it got way more frequent these days, up to twice today (so far).
I can already answer most of the common questions: I didn't change my browser, I didn't change my external IP address, I didn't disable the cookies, nothing of the sort. And yes, I always check the "remember me" box.
Except that, every once in a while, I open the forum and I'm just logged out, simple as that, for no apparent reason at all.
I wonder if some bot is trying to bruteforce a login with my credentials since "Tom" is such a short (and common) username?
|
|
|
- Site Admin
- Joined: 19 Oct 1999
- Posts: 14992
- Location: London
|
Posted: Mon Sep 30, 2024 3:43 pm
|
I honestly have no idea what causes it, I get it too sometimes. I don’t think we have people trying to guess passwords, but I haven’t checked the logs recently.
|
|
|
- Joined: 16 May 2002
- Posts: 1384
- Location: italy
|
Posted: Mon Sep 30, 2024 5:21 pm
|
Just for the record, it just happened a third time today. It's only a minor annoyance, but my password is quite long to type all the times...
|
|
|
- Joined: 07 Jun 2010
- Posts: 200
|
Posted: Mon Sep 30, 2024 8:28 pm
|
Tom wrote my password is quite long to type all the times...
I think all browsers can save password and autofill it for you.
|
|
|
- Joined: 16 May 2002
- Posts: 1384
- Location: italy
|
Posted: Mon Sep 30, 2024 8:55 pm
|
Yeah, I don't do that.
Also, I got logged out for the fourth time today, this definitely needs to be addressed.
|
|
|
- Joined: 05 Sep 2013
- Posts: 3965
- Location: Stockholm, Sweden
|
Posted: Tue Oct 01, 2024 7:13 am
|
I always log out so I can't tell if it happens to me too but... maybe the session cookies are too short-lived?
|
|
|
- Joined: 16 May 2002
- Posts: 1384
- Location: italy
|
Posted: Tue Oct 01, 2024 7:50 am
|
I don't think so, because this happens at random, at no fixed intervals. I can stay logged in for weeks without problems sometimes. The fact that it got way worse in the past days, however, makes me inclined to believe that some bot is trying to bruteforce my credentials because of my short, common username. Maxim said that this occasionally happens to him as well, and his username is a quite common one, too. Do we have any "Bob" on this forum who can confirm this theory?
|
|
|
- Joined: 05 Sep 2013
- Posts: 3965
- Location: Stockholm, Sweden
|
Posted: Tue Oct 01, 2024 8:36 am
|
why should a shorter username's password be easier to bruteforce?
I suspect that's the fact that you're an 'old' active member that probably makes your account more 'attractive'... in that sense they might be trying to bruteforce my password too, and Maxim's, and a bunch of others'...
|
|
|
- Joined: 16 May 2002
- Posts: 1384
- Location: italy
|
Posted: Tue Oct 01, 2024 8:57 am
|
In my ignorance, I thought about it in reverse, e.g. someone isn't trying to specifically attack this particular forum, but they might be trying to login with common usernames on a wide range of forums, like, let's throw a bunch of "Tom"s on every wall and see if some of them stick. By sheer probability, there has to be at least a Tom whose password is "1234" on some forum out there.
|
|
|
- Joined: 29 Mar 2012
- Posts: 903
- Location: Spain
|
Posted: Tue Oct 01, 2024 9:32 am
|
I get logged out from time to time, but not too frequently...
|
|
|
- Site Admin
- Joined: 19 Oct 1999
- Posts: 14992
- Location: London
|
Posted: Tue Oct 01, 2024 9:55 am
|
I’ll try to look at the logs to see what’s up. The forum doesn’t log much of anything so I only really have access logs, which sadly are full of dodgy spiders and spam account creation.
|
|
|
- Joined: 19 Aug 2006
- Posts: 124
- Location: Brazil
|
Posted: Tue Oct 01, 2024 11:18 am
|
Just for the record, it has also been happening to my account for some months now. As with Tom's, it happens on uneven intervals.
|
|
|
- Joined: 11 Jul 2022
- Posts: 18
- Location: Sligo Ireland (and Wales)
|
Posted: Wed Oct 02, 2024 7:31 pm
|
To add another person this is happening too.
My login would normally last at least a few days, but now if I close my browser it will forget the login again immediately, several times a day.
I haven't (knowingly) changed any browser settings, though perhaps something has changed on a default browser setting for some of us?
Or perhaps it is something on the site side?
Thankfully not a big issue, but figured it worth noting how widespread it may be by another raised hand.
|
|
|
- Joined: 29 Mar 2012
- Posts: 903
- Location: Spain
|
Posted: Thu Oct 03, 2024 5:51 am
|
Btw, not sure if related, but the status of read/unread posts is also very unstable. Sometimes just going to the "View Post since last visit" is enough to flag all of them as read, other times they stay as unread for several days even if I enter the posts each time
|
|
|
- Joined: 05 Sep 2013
- Posts: 3965
- Location: Stockholm, Sweden
|
Posted: Thu Oct 03, 2024 7:12 am
|
kusfo wrote the status of read/unread posts is also very unstable. [...] other times they stay as unread for several days even if I enter the posts each time
this is a known issue with phpBB2 - when it happens you need to log out and clear the forum cookie(s)
|
|
|
- Site Admin
- Joined: 19 Oct 1999
- Posts: 14992
- Location: London
|
Posted: Thu Oct 03, 2024 7:53 am
|
I guess Tom can try that too?
|
|
|
- Joined: 16 May 2002
- Posts: 1384
- Location: italy
|
Posted: Thu Oct 03, 2024 8:02 am
|
I don't have a problem with read / unread posts, though.
However, I think we can dismiss my earlier theory about a bot trying to guess my credentials, because I tested something: I logged in from an incognito window while logged in in my regular browser, effectively creating two simultaneous sessions, and both of them worked fine, so even if there is a bot out there it shouldn't be messing things up.
|
|
|
- Joined: 05 Sep 2013
- Posts: 3965
- Location: Stockholm, Sweden
|
Posted: Fri Oct 04, 2024 8:51 am
|
I just gave a look at the cookies for this website: the 'stay logged' cookie should last 1 year since you log in, so you really shouldn't get logged out too frequently.
But this is on cloudflare, which sometimes could disrupt things like that with their 'reverse proxies' servers.
Still I think you don't get logged out during a session, right?
|
|
|
- Joined: 20 Dec 2004
- Posts: 749
- Location: Lyon, France
|
Posted: Fri Oct 11, 2024 1:33 pm
|
I've got what seems to be a related problem.
When I log in and click on the "View posts since last visit" tab, I get this error message every single time since last week:
"You cannot make another search so soon after your last; please try again in a short while"
|
|
|
- Joined: 29 Mar 2012
- Posts: 903
- Location: Spain
|
Posted: Mon Oct 14, 2024 10:56 am
|
Kenneth wrote I've got what seems to be a related problem.
When I log in and click on the "View posts since last visit" tab, I get this error message every single time since last week:
"You cannot make another search so soon after your last; please try again in a short while"
Me also, it has stopped working completely
|
|
|
- Joined: 05 Sep 2013
- Posts: 3965
- Location: Stockholm, Sweden
|
Posted: Mon Oct 21, 2024 9:49 am
|
same here for some time, but that was solved hitting F5.
it's cloudflare cache again, I'm pretty sure
|
|
|
- Joined: 16 May 2002
- Posts: 1384
- Location: italy
|
Posted: Sat Nov 16, 2024 12:57 pm
|
I just wanted to go on record and say that this didn't happen anymore, in the past month. I don't know if it's a coincidence, if I should hold my breath, or if you changed some setting elsewhere, but yeah, it seems to be working fine now. Thanks.
|
|
|
- Site Admin
- Joined: 19 Oct 1999
- Posts: 14992
- Location: London
|
Posted: Sat Nov 16, 2024 2:19 pm
|
Honestly no, it comes and goes and I have no idea how to fix it.
|
|
|
- Joined: 05 Sep 2013
- Posts: 3965
- Location: Stockholm, Sweden
|
Posted: Mon Nov 25, 2024 9:54 am
|
There's nothing you can do I suspect. But I didn't see it again recently.
|
|
|
- Joined: 16 May 2002
- Posts: 1384
- Location: italy
|
Posted: Fri Nov 29, 2024 1:45 am
|
I knew I jinxed it, it just happened again after a long while. And I think it might indeed be unrelated to smspower itself, because I was logged out from the Kanzenshuu forum at the same time, something which rarely happened before.
|
|
|