Home › Forums › Administration & Support › Website: Bug Reports, Feature Requests, Known Issues, and Changelog › suspicious sign in blockage with request to “click here” to unlock
-
AuthorPosts
-
Jul 28, 2020 at 7:28 pm #3667116
I’m occasionally unable to sign in and instead get a message from a ‘security’ company telling me that sign in is temporarily blocked. then it tells me to “click here” to unblock my sign in (or something…). I do not click. then, after a few attempts i can sign in with no message appearing. Is this legitimate? should I click? or is it some sort of scam?
Here’s Ryan’s reply:
“@jscott can you please move this to the bug report forum with a screenshot of what you are seeing?
Also FYI this is not the result of a “hack” on BPL or its DNS.”
I’m a computer klutz so getting a screen shot is beyond me. this tends to happen when I try to log on in the morning. If it happens again I’ll write down the message and the name of the security co. and post it here. I should have done this already! but I’m still drinking my first cup of coffee and a bit slow.
Jul 28, 2020 at 8:48 pm #3667147It’s a firewall block (as I recall) so it should be whoever BPL uses for its firewall.
Yes, mornings. That seems to be when BPL is screwing with the site so it’s also the time that we generally encounter things that are broken. Perhaps we should just assume that mornings will always be hinky here, at least for the next year.
Jul 28, 2020 at 9:11 pm #3667149Morning for who? It’s always morning for someone on the planet……
Something you learn quickly while operating a service with customers across the globe.
I have no clue what the BPL customer base looks like with respect to geography but speaking more generally of web based services accessed globally.
Jul 29, 2020 at 1:12 am #3667170Lately, I’m having all kinds of bizarre things happen when trying to sign in. The support desk has my emails about that, and has been very helpful.
But tonight, after numerous attempts to log in I had this one titled above. Got to it by going to the gear forum, picking a thread, going to the end of it, and clicking on the message advising to sign in, in order to post. So did click on the unblock message the came up, and clicked on a couple of streetlights to prove I’m human. After that, was able to sign in on the home page.
Sorry you are having so many difficulties. It is a great site, and the only one where I can open a new thread and post a long article with pix about building a new piece of gear. Very intuitive to use as well. Really hope BPL can get these attacks under control. Would definitely miss it, without the threads, but would check occasionally read only info as is done on Roger’s site. But would hate to see it come to that. The forums are the lifeblood of the site.
Jul 29, 2020 at 8:25 am #3667185I had no issue signing in this morning. So I can’t describe the firewall message (or phishing attempt) that I get at other times. I’ll report when and if it happens again. Again, when it did appear I was eventually able to sign in without clicking anything. Took around three tries.
Jul 31, 2020 at 10:18 am #3667724Login Protection
powered by
BlogVault Firewall
Logins to this site are currently blocked.
above is what appeared on my first attempt to log in this morning. It also told me to “click here” to unblock but I didn’t want to copy and paste that.
I then opened a new window and was able to log in with no messages or issues. If the above is legitimate I’ll just click the next time it appears. I just wnat to know that it’s legitiamate–or not!
Aug 1, 2020 at 10:32 am #3667885Aug 1, 2020 at 10:44 am #3667891yes that’s what I see: so is it legitimate? (hard to get an answer here),
Aug 1, 2020 at 10:58 am #3667894If you click the link (I have), it simply takes you to a page where you have to ‘prove you’re human’ with one of those captcha tile things. After doing so, it completes your sign-in. It also isn’t trying to ‘phone home’ anywhere (I have a program that alerts me to and allows me to block outgoing connection requests thru Safari). Since it’s not asking for any login info or any other info, I don’t think it’s nefarious (though, unfortunately, I can’t say for certain. But Ryan did say upthread that it wasn’t because of any hacking and such).
Aug 1, 2020 at 11:52 am #3667900OK, thank you VERY much for posting that.
Now I’m able to provide an explanation.
Yes, that is our page. We use Blogvault as *one* of a couple of different firewalls.
Here’s a description of how it works.
That page is only going to appear for you when “someone” has tried to access your account unsuccessfully three times in a row.
Maybe it’s you.
But maybe it’s not…
If it’s you, that’s fine. You probably forgot your password or whatever.
But if it’s not, here’s one likely, and very common scenario.
One or more email address/username/password combinations at some point in your internet career has been compromised and acquired by bad actors (e.g., hacking networks).
Then, they program bots with these combinations (or iterations) and scour the internet to see what sites they can log in to with your password. Or they “discover” you at a website (like ours) and use a brute-force attack to try to guess your password.
If you see this screen, and you’re not the one racking up the login attempts, that means the hackers are being blocked/delayed, and the firewall is working.
Your BEST defense is a VERY strong password…something that’s impossible to guess (or for you to remember). I use LastPass as a password storage vault and password generator, and highly recommend it.
Aug 1, 2020 at 12:07 pm #3667906I understand the explanation, but I think there’s something else going on. As Jeff said earlier, I can bypass that page and sign in anyway, so if it’s blocking me due to unsuccessful sign-ins, why can I sign in a few seconds later without going through that firewall page?
Some additional info: I’ve only gotten this page in the morning (PNW morning) when you’re mucking about the site. I’ve only gotten this page when the home page sign in doesn’t seem to take (excessive time to load), so I go into a forum, into a thread, and sign in at the bottom of that page. That’s generally the only time I ever hit this firewall page.
I also use a password storage vault/generator, and do not have any duplicate passwords for the sites I visit.
Aug 1, 2020 at 12:17 pm #3667909I can bypass that page and sign in anyway, so if it’s blocking me due to unsuccessful sign-ins, why can I sign in a few seconds later without going through that firewall page?
Because this is a deterrent against automated brute-force logins. This page acts as a barrier to repeated attacks. Sort of like a speed bump, rather than a wall.
Mornings make sense. Much of the bot attack traffic we get occurs during our night.
Yes, aware of the issue that the login form at the bottom of a forum page uniquely triggers it. The way that particular form is implemented is a known target in WordPress, and we’ll be rebuilding that in the new site.
We’ve only been running this firewall for a few weeks, so if it’s a huge inconvenience for folks, I’m open to turning it off, and just hope you all can protect your account by using strong passwords.
Aug 4, 2020 at 9:02 am #3668782Any other feedback for this? If it’s a non-issue for most users, we’ll leave as is and I’ll close the issue.
Aug 4, 2020 at 9:16 am #3668785It’s not an issue with me.
-
AuthorPosts
- The topic ‘suspicious sign in blockage with request to “click here” to unlock’ is closed to new replies.