Hard Light Productions Forums
Site Management => Site Support / Feedback => Topic started by: FUBAR-BDHR on January 05, 2011, 02:16:28 pm
-
I have my login set to forever but have had to re-login 3 times in the last day. When I look at the forum it will show I'm logged. Go to a forum and the login box replaces my name and I don't get the new post indicators. Now here is the kicker. I can still see the private areas I have access too but when I click on them I get a login page.
-
Same thing happened to me, but it seems to be OK now.
-
I had that also a few times. 2 Times when accessing the overall forum, and one time an additional login when I was accessing this subforum :)
-
Happened to me a coupla times today too
-
Gooberism. I'm sure of it.
-
Gooberism.
:lol:
-
ditto
-
I've encountered the same issue.
-
derp.
-
Just for information, it seems to be still there ....
Today I was already logged in, but when I wanted to access the PM, I got the login screen. Luckily, my browser saved password and username, so I just had to click once, but I wanted to inform you :)
-
still borked on my end. Had to relogin this morning (after being logged in for a while), seems to have worked since then.
-
Same thing with the PM's today. Got the popup notice that I had one (how did it know if I wasn't logged in) but had to login to read it.
-
I changed something in the PHP that may or may not have fixed the problem. Let me know if it recurs.
-
That change was something that hadn't been used in ages even in SMF 1.1, but it was still included in our to-do-after-forum-upgrade documentation since it was for SMF 1.1 where it wouldn't cause any issues either way. But it wouldn't surprise me the least if it is incompatible with 2.0.
Hence
Gooberism. I'm sure of it.
:p
-
Hey, that's not quite fair. You were the one who posted that modification in the first place, and until the other day (and not until after I had re-added all the mods) did you mark it as obsolete.
I call Furyism. :p
-
I changed something in the PHP that may or may not have fixed the problem. Let me know if it recurs.
Still happening periodically for me.
-
Hmm, it's possible it may need to be reset. Try logging out explicitly, then restarting your browser, then let me know if it recurs.
-
Hasn't happened again so far.
-
Same for me ! Had it once this afternoon (maybe 8 Hours back), but maybe because of some theme changes. Since then, it didn't happened again. I will report if it comes up again.
-
Just got it again when going to Diaspora internal.
-
I got it just under two hours ago whilst trying to reply to a thread. :P
-
I'm getting this to a ridiculous extent today. I've had to relog in at least 10 times in the last 4 hours.
-
I haven't had any issues since last week. Perhaps you need to clear browser cache.
Edit: Forgot mah culurz!
-
Good idea, I'll give that a go. :)
-
SOB, still happening, even after a cleared cache. :(
-
Are you telling it to save your login? It defaulted to 60 minutes every time I got it but I haven't had it happen in 2 days.
-
I'm quite sure I am, it's set to 'forever' whenever I log in. And the intervals are waaaay less than 60 minutes.
-
If it happens in less than 60 minutes, perhaps you could try another browser and see how long it takes for the problem to occur if it does at all within reasonable time, like a day or two.
-
I'm quite sure I am, it's set to 'forever' whenever I log in. And the intervals are waaaay less than 60 minutes.
Me too. Has been happening since yesterday. I'm yet to clear my cache though.
Using Opera.
-
I got it often then I followed the earlier advice. I logged out, closed the browser, restarted, logged in again telling it to stay logged in forever.
End of problem.
-
I haven't seen it for several days even without clearing my cache, knock on wood.
-
I haven't seen it for several days even without clearing my cache, knock on wood
Same for me, problem seems to be gone on my side. And I often switch for and back, or even leave the forum entirly. :)
-
Err, it started occuring today for me.
-
Nope, no problems whatsoever.
-
I did what kara said when it happened to me, it didn't work, but then I went ahead and logged out, closed browser, did a full reboot, and then logged back in, problem solved. For me at least.
-
:bump:
Been getting this an insane amount today. Got logged out 4 times in the past hour. All when trying to post or edit a post.
-
I got this same glitch when I was viewing page 8 of the INFSCP Screenshot thread (New Eyecandy Thread) and then tried to jump to the last page.
-
I've changed the cookie name that the forums use. I doubt that does anything but that'll be why you need to login back again soon. I wonder if this is just one of the bugs left in RC4, but I haven't seen anyone else mention it in the official SMF forums and there isn't a bug like this described in the SMF bug tracker either.
Well, whatever the case I don't care enough to dig deeper since I don't have any problems.
-
All of a sudden I'm being required to relogin every page view and post.
-
Does it happen if you swap back to SMF default theme in your user profile settings?
-
Actually it quit about an hour after I posted. After getting done doing the breakfast reading I went back and it was working.
Now for some of the weird stuff. After I logged back in once it told me I could not post my reply because it was a duplicate of what I already replied and I must have double posted (not the exact words). Tried to view the topic to see and wasn't allowed. Logged back in and well the post wasn't there. It was like the forum had a max of 1 minute login instead of forever. If I went fast I could get a post in. By the time it took to hit quote and type one sentence it was too late and I was logged back out.
Now I did my usual read order. Started by going down past TBP which had nothing new so read Diaspora then went back up to modding then FRED the tech support. No issues. Went to SCP and when I got there all the icons were blank (note not new as usually happens if you aren't logged it). So I was logged in for a good 10 minutes before this started. Tried clearing cache, nothing. Checked other forums, they worked fine.
-
:wtf:
Either way, if any one of you gets the chance to, please try the default SMF theme if it has similar login issues.
Because I'm fairly certain Goober removed the session modifications associated to the old mainpage we haven't used for ages and double checked it himself. Then there are no such bugs reported anywhere on the official SMF forums or bug tracker. So that leaves the Sandwich-cooked HLP theme, which I really don't think should cause such issues, but you never know.
But most of all, it's really weird that these issues seems to be limited to a minority. I had them when the session modifications were still in place, but since then no issues. It's beyond me why some people still continue having the very same problem despite the session modifications have been long removed.
At this rate I don't see any other choice put to remove all modifications, including HLP theme and see if problems still persist.
-
Two or three days ago I also had some problems with not staying logged in. But I noticed that you guys have made some forum changes (i.e. the move of the HW forum), and so I didn't thought about it. Since then, it works fine again. I have no more problems with that for weeks, and i haven't changed anything on my PC, still using firefox.
-
Two or three days ago I also had some problems with not staying logged in.
I've changed the cookie name that the forums use. I doubt that does anything but that'll be why you need to login back again soon.
-
Out of bloody nowhere. I was hit by this logout issue about 10 times in 30 minutes. What the ****? Also checked that changing theme back to SMF default did nothing.
-
Well, whatever the case I don't care enough to dig deeper since I don't have any problems.
:P
-
You'd think there is such a thing as divine retribution, don't you?
-
:lol:
-
What's weird is that this issue lasted less than two hours, after which it seemed to stop as suddenly as it started. So far. But during the two hours I had to relog like after every third page load. :mad:
-
I just had it happen to me earlier tonight, and I haven't seen it happen for a few weeks now. Weird.
-
seconding mong
-
How come I'm seemingly invulnerable to this logout glitch?
More importantly, has anyone had it happen if they try to stay logged in forever?
-
yeeep
-
Yep. Had to log in to post this, in fact. First time it has happened to me.
-
It happened to me yesterday when logging from my laptop (which I haven't been using for a while) and today when I tried to enter from work, could it be related to being logged on multiple pc's?
-
Nope, or it wouldn't have happened to me.
-
Forum sources and theme files were reinstalled with bare minimum of modifications. I can't but hope the problem is not in those "bare minimums".
If you encounter a logout issue once, ignore it. Should it happen again and especially if it happens repeatedly, post here. I would advise logging out manually and then back in actually.
-
Just happened to me again. I got logged out a few hours ago when the forum came back up, and as instructed ignored it, and logged in. Then I manually logged out, cleared cache, restarted firefox and logged back in (forever). Went afk for like an hour or so, when I came back, found myself logged out.
-
just got one myself. Looked at the Volition would kill to make FS3 thread, pushed Home and found myself logged out...
-
Ditto for me. Viewed this thread five minutes ago, grabbed a cup of tea, and found myself logged out. That was the 2nd time after the maintenance, and I had followed the instructions and manually logged out and back in.
[Edit] And twice more now. Doesn't seem to matter what I do or don't do, whether I've been afk and read no other sites in the meantime, or been browsing the internet left and right.
-
Just got dumped out a sec ago when going from the home page to GD.
-
I'm getting dumped all day, when i restart the browser, which could be cookie-related. Didn't somebody set the session/cookie time to 0 by any chance? :D
-
Yep, happened again several times. But you get the picture by now :)
-
I think I know why this is happening. There is already almost 400 counts of incorrect login passwords in the forum error log in the last six hours. SMF logs out the user if someone enters wrong password three times. Looks like someone has launched different kind of spam attack upon HLP, trying to log in as already registered users to post spam.
This certainly would explain why this is do bloody random. Not sure what can be done about it though.
-
That actually makes sense. If whatever bots are trying it manage to find even one weak password and successfully log in, the spam would be a much greater chore to get rid of as simply deleting the user wouldn't be an option. Too bad there's not much to be done about them trying.
Guess it's time to stop using '12345' as my password.
PS. Had to log in again to post this. Figures :p
-
I have no idea why, but that just gave me goosebumps. Seriously, I'm freaked out man. How can we know who is and who isn't one of them? :shaking:
-
Yes, there could be hordes of bots hiding among us, making perfectly rational posts and releasing new models and campaigns to hide their identity!
-
SMF logs out the user if someone enters wrong password three times.
That seems exactly backwards.
-
Dear Friend,
Compliments of the day to you. By way of introduction,I am Saskia Opel,
a staff of Private Banking Services at the CIMB Bank (Malaysia).
I would respectfully request that you keep the contents of this mail
confidential and respect the integrity of the information you come by as a
result of this mail.
I have a business proposal which I believe would be of interest to you. It
concerns a deceased client who deposited The sum of US$ 8,370,000.00,
without naming a beneficiary to The funds, I alone have the
deposit details and they will release the deposit to no one unless I
instruct them to do so. I alone know of the existence of this deposit for
as far as CIMB is concerned, the transaction with our deceased customer
concluded when I sent the funds to the firm, all outstanding interactions
in relation to the file are just customer services and due process. They
are simply awaiting instructions to release the deposit to any party
that comes forward. This is the situation. This bank has spent great
amounts of money trying to track this man's family; they have
investigated for months and have found no family. The investigation has
come to an end.
My proposal; I am prepared to place you in a position to
give instruction for the release of the deposit to you as the closest
Surviving relation. Upon receipt of the deposit, I am prepared to share
the money with you in half. That is: I will simply nominate you as the
next of kin and have them release the deposit to you. We share the proceeds
50/50..
I have all document and existence of funds.
If its in your interest to proceed with the transaction,
please respond to this email account "( [email protected] ) I will
give you a detailed account of the source and origin of the estate as well
as the transaction proper.I anticipate your cooperation.
Regards,
Saskia Opel.
-
Dear Friend,
*sip*
what he it said x2.
-
It happens to me now again quite often (today and yesterday). But regarding the wrong passwords, couldn't it just be, that this logging out is happening to much more people than the few posting here. Everyone is used to stay login "forever" (like me), and now they suddenly have to reenter password again, that they haven't used in months and maybe have forgotten them :)
-
I suppose the bots trying to log in as some of us makes some sense as an explanation, but why is it happening now after the upgrade? It literally never happened to me before and now it happens quite frequently on a daily basis.
Also, if it is the bots, there has to be some way to defend against this?
-
Well, they could register a new user before, maybe our accounts are getting attacked because the can't breach the new anti spambot registration quizzzzz.
-
If that's the case.. it was infinitely better just permabanning a spambot when it posted it's rubbish than have bots constantly attack user's accounts. Just sayin'...
Also, murdering people who do this sort of thing should be legal and encouraged with all sorts of incentives.
-
Also, murdering people who do this sort of thing should be legal and encouraged with all sorts of incentives.
I definitly support this !!!! :drevil:
-
So that is why I've been kicked out so many times. :/
-
I will be installing a modification later today that changes login procedure to use email address instead of username. Since email addresses are not viewable to anyone except admins, bots can't guess it and cause valid session to be terminated with its failed login attempts.
-
Unless they are getting usernames and other info from another site.
Oh and email addresses are visible just by clicking on send email from the member list.
-
Oh and email addresses are visible just by clicking on send email from the member list.
Huh? Profile information is not shown to guests, at all. And you should not be seeing email addresses of other users regardless of whether they've enabled the option to allow emails to be sent. You should be only seeing recipient's name, but not his email address.
-
I'm not a fan of disabling username login altogether. It would be worth thinking about this a bit more.
-
Disable it? Whaddya mean? You use email address INSTEAD of user name.
The alternatives?
- Make registration captcha weaker to allow them to create new users we can then ban and delete.
- IP-ban every random IP-address that is logged in the error log and doesn't belong to the registered user.
I don't see much choice in the matter.
-
Disable it? Whaddya mean? You use email address INSTEAD of user name.
Yes, I understood what you meant. But I don't particularly like it.
The alternatives?
- Make registration captcha weaker to allow them to create new users we can then ban and delete.
- IP-ban every random IP-address that is logged in the error log and doesn't belong to the registered user.
I don't see much choice in the matter.
Yeah, I don't either.
EDIT: I'm slightly confused though. Why would the user be logged out if someone else tried to access his account? Presumably, the bot would not be able to successfully log in in the first place.
-
EDIT: I'm slightly confused though. Why would the user be logged out if someone else tried to access his account? Presumably, the bot would not be able to successfully log in in the first place.
No idea, but that's apparently how SMF works based on replies in some similar issues in the official SMF forums. They didn't offer changing this behavior as solution either, but instead directed at other ways to counter such bruteforce bots.
-
I presume this is the thread you saw?
http://www.simplemachines.org/community/index.php?topic=416928.0
-
It was late yesterday so it could be, though I saw several. In any case, either one of these should be installed, or both.
http://custom.simplemachines.org/mods/index.php?mod=1665
http://custom.simplemachines.org/mods/index.php?mod=2155
Though I dislike such heavy modifications as they always make it a pain to upgrade forums later when compatibility updates to mods come later. I should probably investigate how to set up the latter server-side, rather than as SMF modification.
Edit: Looks like the Project Honeypot, or http:BL whatever the name is, also has apache module. Interesting, I should look at that.
-
I've actually now trying out something else, a DNS based solution. This however means that the change will propagate to people within 24-48 hours. I hope it works, otherwise HLP might be down for another 24-48 hours while DNS is reverted back and propagated worldwide. :nervous:
-
What's a DNS-based solution?
-
I'll tell when and if I've confirmed it actually works.
-
Alright, so far the DNS change has not broken anything. I'll be able to get some statistics of how it has performed tomorrow. If it performs up to expectations, it should have been able to filter out most of spambots and other **** before they even reach the server. This is not in place for game-warden.com domain however, only hard-light.net.
Coincidentally SMF 2.0 RC5 was also released today which I've already upgraded the forums to. Full changelog included following two entries:
! Users were logged out when other failed attempts to login were made (Load.php)
! Unoptimized query for topic participation query in unread topics. (Recent.php) [Bug 4457]
Which are two bugs I believe we have met.
Should stop the immediate grief we've had.
-
Just as a matter of feedback, I haven't had a single logout today. Unless I was lucky and it starts again tomorrow, whatever you did seems to have worked. Thanks in any event.
-
Yeah, I was getting them every visit over the past few days but haven't had it happen today. Fingers crossed. :yes:
-
I haven't had a single logout today.
Same here. Lets hope this is a permanent fix.
-
Well i got booted three times :wtf: Which wouldn't bug me if it didn't clean the "unread posts since last visit"... I'm waiting to see if the new version fixes that though before digging any further.
-
I'm still being logged out intermittently.
-
What's a DNS-based solution?
Some of the more clever types have probably already figured it out. And it seems to be working as advertised. The DNS based solutions is a DNS proxy in the form of CloudFlare. http://www.cloudflare.com
Feel free to read details on the site, should answer all questions if you have them. It is not used on game-warden.com. I intend to give CF a week long trial, if it passes the trial, I'll set up different account for GW. I cannot change DNS servers that GW uses, so that is left to MatthewPapa to do, if he ever will.