I just read that DirectAdmin also scans pma logs since 1.46. It's something I had not noticed before, but since a week ago I do, because my server has blocked my personal computer twice in that time. I'm not sure where the issue is. It may be a phpMyAdmin bug, but I can't be sure because I don't know who configures the log settings.
I don't type in wrong passwords, so that's not the issue, but what often does happen is that when I 'log out' and then try to login as a different user, it keeps showing me the login dialog, so I have to click 'cancel' and reload the page, only then it will work. Unfortunately all those tries count as a failed login (unsuccessful despite correct credentials; probably because it is still checking against the old user or something), so BFM blocks my computer if it happens a few times. I set the count-limit in BFM quite low because I get attacks every minute.
So I know that pma issue now, and I never try to login more than once immediately after logging out - but it blocked me again just half an hour ago anyway. I noticed that the BFM had noticed 5 failed logins from my IP in one second time. Really now?..
I could just disable BFM's pma feature, but I actually sort of like the idea, so I'd like to get it working correctly instead. It would be especially nice if phpMyAdmin didn't refuse any logins right after a logout; and if that can't be solved, it would be nice if a single login failure didn't count for 5.
I am still using DA 1.46.3, but didn't see anything about pma in the 1.47 changelog. I am using the latest pma, since I updated it right after the first time I got locked out. It's using default settings, which I believe means HTTP authentication (in any case it's a dialog, not a web form).
I don't type in wrong passwords, so that's not the issue, but what often does happen is that when I 'log out' and then try to login as a different user, it keeps showing me the login dialog, so I have to click 'cancel' and reload the page, only then it will work. Unfortunately all those tries count as a failed login (unsuccessful despite correct credentials; probably because it is still checking against the old user or something), so BFM blocks my computer if it happens a few times. I set the count-limit in BFM quite low because I get attacks every minute.
So I know that pma issue now, and I never try to login more than once immediately after logging out - but it blocked me again just half an hour ago anyway. I noticed that the BFM had noticed 5 failed logins from my IP in one second time. Really now?..
I could just disable BFM's pma feature, but I actually sort of like the idea, so I'd like to get it working correctly instead. It would be especially nice if phpMyAdmin didn't refuse any logins right after a logout; and if that can't be solved, it would be nice if a single login failure didn't count for 5.
I am still using DA 1.46.3, but didn't see anything about pma in the 1.47 changelog. I am using the latest pma, since I updated it right after the first time I got locked out. It's using default settings, which I believe means HTTP authentication (in any case it's a dialog, not a web form).
BFM on phpMyAdmin keeps blocking my personal computer
Aucun commentaire:
Enregistrer un commentaire