Author Topic: Banned Members error found - not sure what it means  (Read 3363 times)

Marble

  • Global Moderator
  • Veteran Member
  • *****
  • Posts: 1006
  • Karma: +56/-7
Banned Members error found - not sure what it means
« on: January 22, 2013, 02:39:04 PM »
Here's the code. It certainly looks like the rate limiter is doing well.

But, am I missing a column in my database?



Code: [Select]
Unknown column 'reason' in 'field list'

Array
(
    [0] => Array
        (
            [function] => error_handler
            [args] => Array
                (
                    [0] => 256
                    [1] => Unknown column 'reason' in 'field list'
                    [2] => /home/acct/public_html/mysite.com/includes/logs.inc.php
                    [3] => 55
                    [4] => Array
                        (
                            [log] => Array
                                (
                                    [level] => message_write
                                    [user_id] => 412
                                    [sess] => f3c6899b4b99d8216a92093e45dc63ed
                                    [user] => brave11
                                    [membership] => 2
                                    [ip] => 1096947806
                                )

                            [myreturn] =>
                            [dbtable_prefix] => dsb_
                            [where] =>  AND `fk_user_id`='412'
                            [query] => INSERT IGNORE INTO `dsb_site_bans` SET `ban_type`=2,`what`='brave11',`reason`='2457'
                            [res] =>
                            [punish] => Array
                                (
                                    [2] => 2457
                                )

                            [rsrow] =>
                            [res2] => Resource id #36
                        )

                )

        )

    [1] => Array
        (
            [file] => /home/acct/public_html/mysite.com/includes/logs.inc.php
            [line] => 55
            [function] => trigger_error
            [args] => Array
                (
                    [0] => Unknown column 'reason' in 'field list'
                    [1] => 256
                )

        )

    [2] => Array
        (
            [file] => /home/acct/public_html/mysite.com/includes/user_functions.inc.php
            [line] => 141
            [function] => rate_limiter
            [args] => Array
                (
                    [0] => Array
                        (
                            [level] => message_write
                            [user_id] => 412
                            [sess] => f3c6899b4b99d8216a92093e45dc63ed
                            [user] => brave11
                            [membership] => 2
                            [ip] => 1096947806
                        )

                )

        )

    [3] => Array
        (
            [file] => /home/acct/public_html/mysite.com/message_send.php
            [line] => 34
            [function] => check_login_member
            [args] => Array
                (
                    [0] => message_write
                )

        )

)

If you see that I'm logged in forever... it just means I turned the page on my browser and forgot to logout.

maverick

  • Administrator
  • Veteran Member
  • *****
  • Posts: 3139
  • Karma: +211/-7
    • Maverick Webworks
Re: error found - not sure what it means
« Reply #1 on: January 23, 2013, 09:00:24 AM »
I have only used the rate limiter feature for brute force login attempts, for anything else it always seemed a bit finicky and sometimes wouldn't function properly for certain things.

Anyway, I'm no expert when it comes to database errors, but often an error such as Unknown column 'reason' in 'field list' is related to a syntax error where there's a missing quote mark or marks somewhere.

Looking in the error log at the line below, there seems to be single quote marks missing around the number 2, notice there's quote marks around the brave11 and 2457, but not the number 2.

INSERT IGNORE INTO `dsb_site_bans` SET `ban_type`=2,`what`='brave11',`reason`='2457'

I don't know for sure if this is the problem or not, I'm just kind of making a logical guess here. I don't know if it's supposed to be this way or if this the problem.






Fusion Responsive Template & Free Mods
http://www.maverickwebworks.com
DO NOT PM me asking for personal help. Post your problem or request in the forums so the entire community can contribute and benefit.

Marble

  • Global Moderator
  • Veteran Member
  • *****
  • Posts: 1006
  • Karma: +56/-7
Re: error found - not sure what it means
« Reply #2 on: January 24, 2013, 12:54:57 AM »
Thanks for noticing this Maverick.

I went into includes/logs.inc.php

And located this text. notice the red colored text that I added in the following lines. a single quote mark was missing as compared to the surrounding code items that followed =.

if (isset($punish[_PUNISH_BANIP_])) {
      $query="INSERT IGNORE INTO `{$dbtable_prefix}site_bans` SET `ban_type`='"._PUNISH_BANIP_.",`what`='".$log['ip']."',`reason`='".$punish[_PUNISH_BANIP_]."'";
      if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
      regenerate_ban_array();
   }
   if (isset($punish[_PUNISH_BANUSER_])) {
      $query="INSERT IGNORE INTO `{$dbtable_prefix}site_bans` SET `ban_type`='"._PUNISH_BANUSER_.",`what`='".$log['user']."',`reason`='".$punish[_PUNISH_BANUSER_]."'";
      if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
      regenerate_ban_array();
   }
   if (isset($punish[_PUNISH_BANEMAIL_])) {
      $query="INSERT IGNORE INTO `{$dbtable_prefix}site_bans` SET `ban_type`='"._PUNISH_BANEMAIL_.",`what`='".$log['email']."',`reason`='".$punish[_PUNISH_BANEMAIL_]."'";
      if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
      regenerate_ban_array();
   }

I'll keep a lookout and see if this causes errors or prevents the current one.
If you see that I'm logged in forever... it just means I turned the page on my browser and forgot to logout.

Marble

  • Global Moderator
  • Veteran Member
  • *****
  • Posts: 1006
  • Karma: +56/-7
Re: error found - not sure what it means
« Reply #3 on: June 14, 2013, 07:21:05 PM »
This error returned and I found out what was missing that caused the error. I had to add 1 more single quote on each line. All quotes I've added are in bold red.

if (isset($punish[_PUNISH_BANIP_])) {
      $query="INSERT IGNORE INTO `{$dbtable_prefix}site_bans` SET `ban_type`='"._PUNISH_BANIP_."',`what`='".$log['ip']."',`reason`='".$punish[_PUNISH_BANIP_]."'";
      if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
      regenerate_ban_array();
   }
   if (isset($punish[_PUNISH_BANUSER_])) {
      $query="INSERT IGNORE INTO `{$dbtable_prefix}site_bans` SET `ban_type`='"._PUNISH_BANUSER_."',`what`='".$log['user']."',`reason`='".$punish[_PUNISH_BANUSER_]."'";
      if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
      regenerate_ban_array();
   }
   if (isset($punish[_PUNISH_BANEMAIL_])) {
      $query="INSERT IGNORE INTO `{$dbtable_prefix}site_bans` SET `ban_type`='"._PUNISH_BANEMAIL_."',`what`='".$log['email']."',`reason`='".$punish[_PUNISH_BANEMAIL_]."'";
      if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
      regenerate_ban_array();
   }
If you see that I'm logged in forever... it just means I turned the page on my browser and forgot to logout.

Marble

  • Global Moderator
  • Veteran Member
  • *****
  • Posts: 1006
  • Karma: +56/-7
Re: error found - not sure what it means
« Reply #4 on: June 17, 2013, 05:49:38 AM »
Thanks Maverick for reminding me that the main start of this topic was about an error that stated: Unknown column 'reason' in 'field list'

OK. so, I thought I resolved the problem, until another member challenged the ban user function in the rate limiter.

I looked back at everything that I fixed and one syntax problem was solved in the logs.inc.php file.
Originally, the single quotes were missing around the ban type, which in this case was ban_type='2' (for BANIP, BANUSER, and BANEMAIL) and so far, this is what I fixed recently. But the error is persistent and I'm still looking for the cause.

So, now the error has returned, the single quote marks that I added are still in place within the logs.inc.php file. So, there seems to be another error somewhere that I am looking for help to try to solve in this datemill think tank.

Here is an update on the contents of the file:
Code: [Select]
<?php
/******************************************************************************
Etano
===============================================================================
File:                       includes/logs.inc.php
$Revision: 864 $
Software by:                DateMill (http://www.datemill.com)
Copyright by:               DateMill (http://www.datemill.com)
Support at:                 http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license.                         *
*******************************************************************************/

define('_PUNISH_ERROR_',1);
define('_PUNISH_BANUSER_',2);
define('_PUNISH_BANIP_',3);
define('_PUNISH_UPGRADE_',4);
define('_PUNISH_BANEMAIL_',5);
$accepted_punishments=array(_PUNISH_ERROR_=>'Sorry page',_PUNISH_UPGRADE_=>'Membership Upgrade Options',_PUNISH_BANUSER_=>'Ban user',_PUNISH_BANIP_=>'Ban IP',_PUNISH_BANEMAIL_=>'Ban email');

function 
log_user_action(&$log) {
global $dbtable_prefix;
$query="INSERT INTO `{$dbtable_prefix}site_log` SET `fk_user_id`='".$log['user_id']."',`user`='".$log['user']."',`m_value`='".$log['membership']."',`level_code`='".$log['level']."',`ip`='".$log['ip']."',`time`='".gmdate('YmdHis')."',`sess`='".$log['sess']."'";
@mysql_query($query);
}


function 
rate_limiter(&$log) {
$myreturn=false;
global $dbtable_prefix;
$where='';
if (!empty($log['user_id'])) {
$where=" AND `fk_user_id`='".$log['user_id']."'";
} else {
$where=" AND `ip`='".$log['ip']."' AND `sess`='".$log['sess']."'";
}
$query="SELECT `limit`,`interval`,`punishment`,`fk_lk_id_error_message` FROM `{$dbtable_prefix}rate_limiter` WHERE `level_code`='".$log['level']."' AND `m_value`='".$log['membership']."'";
if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
$punish=array();
while ($rsrow=mysql_fetch_assoc($res)) {
$query="SELECT count(*) FROM `{$dbtable_prefix}site_log` WHERE `level_code`='".$log['level']."' AND `time`>=DATE_SUB('".gmdate('YmdHis')."',INTERVAL ".$rsrow['interval']." MINUTE) $where";
if (!($res2=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
if (mysql_result($res2,0,0)>=$rsrow['limit']) {
$punish[$rsrow['punishment']]=$rsrow['fk_lk_id_error_message'];
}
}

if (isset($punish[_PUNISH_BANIP_])) {
$query="INSERT IGNORE INTO `{$dbtable_prefix}site_bans` SET `ban_type`='"._PUNISH_BANIP_."',`what`='".$log['ip']."',`reason`='".$punish[_PUNISH_BANIP_]."'";
if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
regenerate_ban_array();
}
if (isset($punish[_PUNISH_BANUSER_])) {
$query="INSERT IGNORE INTO `{$dbtable_prefix}site_bans` SET `ban_type`='"._PUNISH_BANUSER_."',`what`='".$log['user']."',`reason`='".$punish[_PUNISH_BANUSER_]."'";
if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
regenerate_ban_array();
}
if (isset($punish[_PUNISH_BANEMAIL_])) {
$query="INSERT IGNORE INTO `{$dbtable_prefix}site_bans` SET `ban_type`='"._PUNISH_BANEMAIL_."',`what`='".$log['email']."',`reason`='".$punish[_PUNISH_BANEMAIL_]."'";
if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
regenerate_ban_array();
}
if (isset($punish[_PUNISH_ERROR_])) {
$topass['message']['type']=MESSAGE_ERROR;
$topass['message']['text']=isset($GLOBALS['_lang'][$punish[_PUNISH_ERROR_]]) ? $GLOBALS['_lang'][$punish[_PUNISH_ERROR_]] : '';
redirect2page('info.php',$topass);
} elseif (isset($punish[_PUNISH_UPGRADE_])) {
$topass['message']['type']=MESSAGE_ERROR;
$topass['message']['text']=isset($GLOBALS['_lang'][$punish[_PUNISH_UPGRADE_]]) ? $GLOBALS['_lang'][$punish[_PUNISH_UPGRADE_]] : '';
redirect2page(_BASEURL_.'/info.php?type=access',$topass,'',true);
}
return $myreturn;
}


function 
regenerate_ban_array() {
require_once _BASEPATH_.'/includes/classes/fileop.class.php';
global $dbtable_prefix;
$query="SELECT `ban_type`,`what` FROM `{$dbtable_prefix}site_bans` GROUP BY `what`";
if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
$_bans=array();
while ($rsrow=mysql_fetch_row($res)) {
$_bans[$rsrow[0]][]=$rsrow[1];
}
$towrite="<?php\n";
if (!empty($_bans[_PUNISH_BANIP_])) {
$towrite.='$_bans[_PUNISH_BANIP_]=array(\''.join("','",$_bans[_PUNISH_BANIP_])."');\n";
}
if (!empty($_bans[_PUNISH_BANUSER_])) {
$towrite.='$_bans[_PUNISH_BANUSER_]=array(\''.join("','",$_bans[_PUNISH_BANUSER_])."');\n";
}
if (!empty($_bans[_PUNISH_BANEMAIL_])) {
$towrite.='$_bans[_PUNISH_BANEMAIL_]=array(\''.join("','",$_bans[_PUNISH_BANEMAIL_])."');\n";
}
$fileop=new fileop();
$fileop->file_put_contents(_BASEPATH_.'/includes/site_bans.inc.php',$towrite);
}

If you see that I'm logged in forever... it just means I turned the page on my browser and forgot to logout.

maverick

  • Administrator
  • Veteran Member
  • *****
  • Posts: 3139
  • Karma: +211/-7
    • Maverick Webworks
Re: error found - not sure what it means
« Reply #5 on: June 17, 2013, 12:39:21 PM »
Quote
Unknown column 'reason'
This is basically saying there is no column in the database 'dsb_site_bans' table named 'reason'.

If you look in your database and go to the 'dsb_site_bans' table and look under the 'columns' section, you have the following:
ban_id
ban_type
what
fk_lk_id_reason
since


There's no column named 'reason', just one named 'fk_lk_id_reason'.


In the 'logs.inc.php' file it queries 'reason' in the 'dsb_site_bans' table, maybe it should instead be 'fk_lk_id_reason'. Maybe try changing the reason below to fk_lk_id_reason and see if that fixes the problem.

   if (isset($punish[_PUNISH_BANIP_])) {
      $query="INSERT IGNORE INTO `{$dbtable_prefix}site_bans` SET `ban_type`="._PUNISH_BANIP_.",`what`='".$log['ip']."',`reason`='".$punish[_PUNISH_BANIP_]."'";
      if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
      regenerate_ban_array();
   }
   if (isset($punish[_PUNISH_BANUSER_])) {
      $query="INSERT IGNORE INTO `{$dbtable_prefix}site_bans` SET `ban_type`="._PUNISH_BANUSER_.",`what`='".$log['user']."',`reason`='".$punish[_PUNISH_BANUSER_]."'";
      if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
      regenerate_ban_array();
   }
   if (isset($punish[_PUNISH_BANEMAIL_])) {
      $query="INSERT IGNORE INTO `{$dbtable_prefix}site_bans` SET `ban_type`="._PUNISH_BANEMAIL_.",`what`='".$log['email']."',`reason`='".$punish[_PUNISH_BANEMAIL_]."'";
      if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
      regenerate_ban_array();
   }


 

Fusion Responsive Template & Free Mods
http://www.maverickwebworks.com
DO NOT PM me asking for personal help. Post your problem or request in the forums so the entire community can contribute and benefit.

Marble

  • Global Moderator
  • Veteran Member
  • *****
  • Posts: 1006
  • Karma: +56/-7
Re: error found - not sure what it means
« Reply #6 on: June 17, 2013, 12:51:16 PM »
hmmm, OK  I'll try this and see what happens. Certainly, I'll post the results in here to help everyone else.
If you see that I'm logged in forever... it just means I turned the page on my browser and forgot to logout.

Marble

  • Global Moderator
  • Veteran Member
  • *****
  • Posts: 1006
  • Karma: +56/-7
Re: error found - not sure what it means
« Reply #7 on: June 17, 2013, 04:40:15 PM »
That was it!! Thanks Maverick for working with me on solving this error.

In order to get the Bans (BANUSER, BANIP, BANEMAIL) to work with the rate limiter, everyone needs to replace the all of the code in their includes/logs.inc.php file with this code:

Code: [Select]
<?php
/******************************************************************************
Etano
===============================================================================
File:                       includes/logs.inc.php
$Revision: 864 $
Software by:                DateMill (http://www.datemill.com)
Copyright by:               DateMill (http://www.datemill.com)
Support at:                 http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license.                         *
*******************************************************************************/

define('_PUNISH_ERROR_',1);
define('_PUNISH_BANUSER_',2);
define('_PUNISH_BANIP_',3);
define('_PUNISH_UPGRADE_',4);
define('_PUNISH_BANEMAIL_',5);
$accepted_punishments=array(_PUNISH_ERROR_=>'Sorry page',_PUNISH_UPGRADE_=>'Membership Upgrade Options',_PUNISH_BANUSER_=>'Ban user',_PUNISH_BANIP_=>'Ban IP',_PUNISH_BANEMAIL_=>'Ban email');

function 
log_user_action(&$log) {
global $dbtable_prefix;
$query="INSERT INTO `{$dbtable_prefix}site_log` SET `fk_user_id`='".$log['user_id']."',`user`='".$log['user']."',`m_value`='".$log['membership']."',`level_code`='".$log['level']."',`ip`='".$log['ip']."',`time`='".gmdate('YmdHis')."',`sess`='".$log['sess']."'";
@mysql_query($query);
}


function 
rate_limiter(&$log) {
$myreturn=false;
global $dbtable_prefix;
$where='';
if (!empty($log['user_id'])) {
$where=" AND `fk_user_id`='".$log['user_id']."'";
} else {
$where=" AND `ip`='".$log['ip']."' AND `sess`='".$log['sess']."'";
}
$query="SELECT `limit`,`interval`,`punishment`,`fk_lk_id_error_message` FROM `{$dbtable_prefix}rate_limiter` WHERE `level_code`='".$log['level']."' AND `m_value`='".$log['membership']."'";
if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
$punish=array();
while ($rsrow=mysql_fetch_assoc($res)) {
$query="SELECT count(*) FROM `{$dbtable_prefix}site_log` WHERE `level_code`='".$log['level']."' AND `time`>=DATE_SUB('".gmdate('YmdHis')."',INTERVAL ".$rsrow['interval']." MINUTE) $where";
if (!($res2=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
if (mysql_result($res2,0,0)>=$rsrow['limit']) {
$punish[$rsrow['punishment']]=$rsrow['fk_lk_id_error_message'];
}
}

if (isset($punish[_PUNISH_BANIP_])) {
$query="INSERT IGNORE INTO `{$dbtable_prefix}site_bans` SET `ban_type`='"._PUNISH_BANIP_."',`what`='".$log['ip']."',`fk_lk_id_reason`='".$punish[_PUNISH_BANIP_]."'";
if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
regenerate_ban_array();
}
if (isset($punish[_PUNISH_BANUSER_])) {
$query="INSERT IGNORE INTO `{$dbtable_prefix}site_bans` SET `ban_type`='"._PUNISH_BANUSER_."',`what`='".$log['user']."',`fk_lk_id_reason`='".$punish[_PUNISH_BANUSER_]."'";
if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
regenerate_ban_array();
}
if (isset($punish[_PUNISH_BANEMAIL_])) {
$query="INSERT IGNORE INTO `{$dbtable_prefix}site_bans` SET `ban_type`='"._PUNISH_BANEMAIL_."',`what`='".$log['email']."',`fk_lk_id_reason`='".$punish[_PUNISH_BANEMAIL_]."'";
if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
regenerate_ban_array();
}
if (isset($punish[_PUNISH_ERROR_])) {
$topass['message']['type']=MESSAGE_ERROR;
$topass['message']['text']=isset($GLOBALS['_lang'][$punish[_PUNISH_ERROR_]]) ? $GLOBALS['_lang'][$punish[_PUNISH_ERROR_]] : '';
redirect2page('info.php',$topass);
} elseif (isset($punish[_PUNISH_UPGRADE_])) {
$topass['message']['type']=MESSAGE_ERROR;
$topass['message']['text']=isset($GLOBALS['_lang'][$punish[_PUNISH_UPGRADE_]]) ? $GLOBALS['_lang'][$punish[_PUNISH_UPGRADE_]] : '';
redirect2page(_BASEURL_.'/info.php?type=access',$topass,'',true);
}
return $myreturn;
}


function 
regenerate_ban_array() {
require_once _BASEPATH_.'/includes/classes/fileop.class.php';
global $dbtable_prefix;
$query="SELECT `ban_type`,`what` FROM `{$dbtable_prefix}site_bans` GROUP BY `what`";
if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
$_bans=array();
while ($rsrow=mysql_fetch_row($res)) {
$_bans[$rsrow[0]][]=$rsrow[1];
}
$towrite="<?php\n";
if (!empty($_bans[_PUNISH_BANIP_])) {
$towrite.='$_bans[_PUNISH_BANIP_]=array(\''.join("','",$_bans[_PUNISH_BANIP_])."');\n";
}
if (!empty($_bans[_PUNISH_BANUSER_])) {
$towrite.='$_bans[_PUNISH_BANUSER_]=array(\''.join("','",$_bans[_PUNISH_BANUSER_])."');\n";
}
if (!empty($_bans[_PUNISH_BANEMAIL_])) {
$towrite.='$_bans[_PUNISH_BANEMAIL_]=array(\''.join("','",$_bans[_PUNISH_BANEMAIL_])."');\n";
}
$fileop=new fileop();
$fileop->file_put_contents(_BASEPATH_.'/includes/site_bans.inc.php',$towrite);
}

A recent spammer tried to send out some message spam and they just showed up in the Banned Members list of the admin control panel. I will probably not use this with the rate limiter for the long term, but I'm glad that the bugs are worked out of it and that its finally functioning correctly.
If you see that I'm logged in forever... it just means I turned the page on my browser and forgot to logout.

Marble

  • Global Moderator
  • Veteran Member
  • *****
  • Posts: 1006
  • Karma: +56/-7
Re: error found - not sure what it means
« Reply #8 on: June 17, 2013, 05:42:43 PM »
I later tried this out for myself to see what a spammer sees when they're banned. The result is a blank white page, until they are removed from the ban. Of course if they want to create a new user account, they have to delete their browser session ID cookie. Also, when the member is banned, you can't impersonate the member through the admin control panel. You'll see a blank white page.

So, with this in mind, I have a few questions.
1. Is this intentional?
(I can sort of see the potential to leave it as a blank page as it may cause the spammer to believe that the site crashed)
I switched on DEBUG just to see if there was an error for that blank page and there was none.

2. Is there supposed to be a message displayed on the screen telling them that they've been Banned?
If so, then would you leave it alone and use the blank page anyway?
It appears to be intentional. The line (line 66) where the message would be processed appears to be this one:
Code: [Select]
redirect2page('info.php',$topass);
If you see that I'm logged in forever... it just means I turned the page on my browser and forgot to logout.

maverick

  • Administrator
  • Veteran Member
  • *****
  • Posts: 3139
  • Karma: +211/-7
    • Maverick Webworks
Re: error found - not sure what it means
« Reply #9 on: June 17, 2013, 07:03:40 PM »
Quote
2. Is there supposed to be a message displayed on the screen telling them that they've been Banned?
I don't know for sure, did you enter a message in the in the "Error Message" field?  Just be careful when banning as you don't want to let the user know that they've been banned and exactly for what reason, such as their Email, User ID, or IP has been banned.  Which would basically provide them with a tip on how to get around it by creating another account using a different Email or IP address.

If you want a message to appear on the page you would typically select the "Sorry Page" option from the "Punishment" drop-down list and then type the message you want them to see in the "Error Message" field. This is a particularly useful option if you're limiting legit members for certain activities. For example I use this option to prevent brute force login attempts from bots by limiting the number of times they can try logging in. This way if a legit member forgets their login details and exceeds the number of attempts that are allowed,  they get a warning message that they have to wait to try again.

For example:
Quote
Sorry, to prevent brute force hacking attempts our security system has detected that you have exceeded the number of login attempts allowed within a 10 minute span. Please try again later. If you have forgotten your login details use the forgot password link and it will be sent to you.

Note - be careful when banning individual IP's .... not everyone has a static IP, some ISP assign a different IP each time a user connects to the Internet and the one you banned might be assigned to other users. Ever notice when viewing accounts in the admin that some members have multiple IP addresses?

Fusion Responsive Template & Free Mods
http://www.maverickwebworks.com
DO NOT PM me asking for personal help. Post your problem or request in the forums so the entire community can contribute and benefit.

Marble

  • Global Moderator
  • Veteran Member
  • *****
  • Posts: 1006
  • Karma: +56/-7
Re: error found - not sure what it means
« Reply #10 on: June 17, 2013, 08:51:36 PM »

Note - be careful when banning individual IP's .... not everyone has a static IP, some ISP assign a different IP each time a user connects to the Internet and the one you banned might be assigned to other users. Ever notice when viewing accounts in the admin that some members have multiple IP addresses?

Thanks for the warning reminder. I recall reading about the IP banning issue a while back and yes, I have seen in the admin control panel that many users have various IP addresses. I didn't realize that it's because of not having static IP addresses. I also didn't realize that the ISP moves the IP addresses to other users on their networks, but it sort of makes sense now. My IP address appears to remain the same, which I think is odd given that I have basic cable internet service.
If you see that I'm logged in forever... it just means I turned the page on my browser and forgot to logout.