10 min lock out

More
1 month 2 weeks ago #215901 by chanxu
10 min lock out was created by chanxu
Hi, 

I've been using Limesurvey web based, so no program actually installed. used it for 1.5 years not, all good always. For something like a month now, my students get a 10 min timeout message when I share some of the survey links with them. I can guarantee that the issue it not for them to insert a wrong code. It happens to almost all of them right at the start. 

Any ideas what might be the cause here and how to fix it? 
Thank you!

Please Log in to join the conversation.

More
1 month 2 weeks ago #215907 by holch
Replied by holch on topic 10 min lock out
What is a "10min timeout message"?

A message from the server/browser that says that the connection timed out?

Or a message that they can't log in for the next 10 min? Which would be weird, because with the survey link they do not have to log in.

So please describe the problem more specific and maybe share screenshots, when possible.

I've been using Limesurvey web based, so no program actually installed.

Well, Limesurvey must be installed somewhere on a webserver to work. If you didn't install it, someone is hosting it for you. Who is that?

used it for 1.5 years not, all good always.


You mean you did not use it for 1,5 years, right? Or you mean that you used it for 1,5 years. I am a little confused by the "not" in the sentence.

I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
The following user(s) said Thank You: chanxu

Please Log in to join the conversation.

More
1 month 2 weeks ago #215910 by jelo
Replied by jelo on topic 10 min lock out

For something like a month now, my students get a 10 min timeout message when I share some of the survey links with them. I can guarantee that the issue it not for them to insert a wrong code. It happens to almost all of them right at the start.

If your students share an internet connection (e.g. classroom or dorm access), LimeSurvey might trigger a bruteforce protection. As you have not stated your LimeSurvey version and a screenshot of hte message, it might be something different. I recommend to only send the link to one student and see what happen. Then delay the sending of the links to only a few students.

The protection is part of the LimeSurvey code and cannot be managed via the GUI.
 

The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The following user(s) said Thank You: chanxu

Please Log in to join the conversation.

More
1 month 1 week ago #215916 by DenisChenu
Replied by DenisChenu on topic 10 min lock out
Please : report the issue : community.limesurvey.org/bug-tracker/

The original issue : bugs.limesurvey.org/view.php?id=15239

Before this fix : github.com/LimeSurvey/LimeSurvey/commit/...6eb8be7a81da5e614617

Brute force usage only for admin
After this fix : usage for token and admin

before the fix : it work, after the fix it don't work.
It's a bug.

And you have no way to deactivate only for token …or set different value for token and non token or …

Then : it's break for you …

 

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development . I don't answer to private message.

Please Log in to join the conversation.

More
1 month 1 week ago #215920 by chanxu
Replied by chanxu on topic 10 min lock out
Thank you for the prompt reply.
Lime is a tool that our company provides us so I believe that the company itself is hosting it then. 
That "not" was a mistake. I've been using lime website for 1.5 years without any problems, just recently my students started having this issue  We have ranges from 5 to 20 students per class and until this year around february/march, this issue never happened. 
All the students are on the same company internet connection or through a vpn, but again, the way for them to connect has been the same and only now we get the issue. I've attached a screenshot. It looks like the user tried too many wrong tokens but i can assure you that this happens even if it is the first try and with the correct token. 
Would this be something that i need to reach out internally to whomever has the lime installed and change some settings? 
 
Attachments:

Please Log in to join the conversation.

More
1 month 1 week ago #215921 by chanxu
Replied by chanxu on topic 10 min lock out
they are connected to a vpn like system to the company connection but is has been like this since a year now and only now have we began to get this issue.
Weird thing that has also happened to me as i tried to login to the account. I i had one failed attempt to login because of a typo and on the second attempt it already blocked me out for 10 min

Please Log in to join the conversation.

More
1 month 1 week ago #215926 by DenisChenu
Replied by DenisChenu on topic 10 min lock out

they are connected to a vpn like system to the company connection but is has been like this since a year now and only now have we began to get this issue.
Weird thing that has also happened to me as i tried to login to the account. I i had one failed attempt to login because of a typo and on the second attempt it already blocked me out for 10 min
 

Please : report the issue !
I already explain in the original commit why it's a bad idea to use same system than admin login. But i'm alone.
You are an user, a real user.
 

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development . I don't answer to private message.

Please Log in to join the conversation.

More
1 month 1 week ago #215929 by jelo
Replied by jelo on topic 10 min lock out

I already explain in the original commit why it's a bad idea to use same system than admin login.

While I understand your post, an average user will not. Not your fault, but the knowledgegap is too high.

@chanxu
Thanks for you answer. We still don't know what exact version of LimeSurvey is installed. The best thing seems to point the administrator of your LimeSurvey installation to this thread here.

The administrator might deactivate the bruteforce protection via code modification while submitting a bugreport to get a fix in the next updates.

 

The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users

Please Log in to join the conversation.

More
1 month 1 week ago #215930 by DenisChenu
Replied by DenisChenu on topic 10 min lock out

I already explain in the original commit why it's a bad idea to use same system than admin login.

While I understand your post, an average user will not. Not your fault, but the knowledgegap is too high.

 

I just ask to report issue … after i can help …

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development . I don't answer to private message.

Please Log in to join the conversation.

More
1 month 1 week ago #215934 by jelo
Replied by jelo on topic 10 min lock out

I just ask to report issue … after i can help …

LimeSurvey GmbH will learn to capture bug outside mantis. At least till they limit the offer to SaaS only. The bruteforce feature is broken by design, cause no control or configuration is available for the admin. That is like  MCP(Tron) or HAL9000(2001)



 

The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users

Please Log in to join the conversation.

More
1 month 1 week ago #215941 by chanxu
Replied by chanxu on topic 10 min lock out
Thank you both and yeah, I'm getting what you are saying but my knowledge is not enough to fully understand the why. 

I will try to contact our internal admin and let try to let them know about this thread and report the bug. 

Thank you all. 

Please Log in to join the conversation.

More
1 month 5 days ago #216213 by DenisChenu
Replied by DenisChenu on topic 10 min lock out

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development . I don't answer to private message.

Please Log in to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now