Hi, 

I've been using Limesurvey web based, so no program actually installed. used it for 1.5 years not, all good always. For something like a month now, my students get a 10 min timeout message when I share some of the survey links with them. I can guarantee that the issue it not for them to insert a wrong code. It happens to almost all of them right at the start. 

Any ideas what might be the cause here and how to fix it? 
Thank you!

What is a "10min timeout message"?

A message from the server/browser that says that the connection timed out?

Or a message that they can't log in for the next 10 min? Which would be weird, because with the survey link they do not have to log in.

So please describe the problem more specific and maybe share screenshots, when possible.

I've been using Limesurvey web based, so no program actually installed.

Well, Limesurvey must be installed somewhere on a webserver to work. If you didn't install it, someone is hosting it for you. Who is that?

used it for 1.5 years not, all good always.

You mean you did not use it for 1,5 years, right? Or you mean that you used it for 1,5 years. I am a little confused by the "not" in the sentence.

For something like a month now, my students get a 10 min timeout message when I share some of the survey links with them. I can guarantee that the issue it not for them to insert a wrong code. It happens to almost all of them right at the start.

If your students share an internet connection (e.g. classroom or dorm access), LimeSurvey might trigger a bruteforce protection. As you have not stated your LimeSurvey version and a screenshot of hte message, it might be something different. I recommend to only send the link to one student and see what happen. Then delay the sending of the links to only a few students.

The protection is part of the LimeSurvey code and cannot be managed via the GUI.
 

Please : report the issue : community.limesurvey.org/bug-tracker/

The original issue : bugs.limesurvey.org/view.php?id=15239

Before this fix : github.com/LimeSurvey/LimeSurvey/commit/...6eb8be7a81da5e614617

Brute force usage only for admin
After this fix : usage for token and admin

before the fix : it work, after the fix it don't work.
It's a bug.

And you have no way to deactivate only for token …or set different value for token and non token or …

Then : it's break for you …

 

Thank you for the prompt reply.
Lime is a tool that our company provides us so I believe that the company itself is hosting it then. 
That "not" was a mistake. I've been using lime website for 1.5 years without any problems, just recently my students started having this issue  We have ranges from 5 to 20 students per class and until this year around february/march, this issue never happened. 
All the students are on the same company internet connection or through a vpn, but again, the way for them to connect has been the same and only now we get the issue. I've attached a screenshot. It looks like the user tried too many wrong tokens but i can assure you that this happens even if it is the first try and with the correct token. 
Would this be something that i need to reach out internally to whomever has the lime installed and change some settings? 
 

they are connected to a vpn like system to the company connection but is has been like this since a year now and only now have we began to get this issue.
Weird thing that has also happened to me as i tried to login to the account. I i had one failed attempt to login because of a typo and on the second attempt it already blocked me out for 10 min

wrote:

they are connected to a vpn like system to the company connection but is has been like this since a year now and only now have we began to get this issue.
Weird thing that has also happened to me as i tried to login to the account. I i had one failed attempt to login because of a typo and on the second attempt it already blocked me out for 10 min
 

Please : report the issue !
I already explain in the original commit why it's a bad idea to use same system than admin login. But i'm alone.
You are an user, a real user.
 

I already explain in the original commit why it's a bad idea to use same system than admin login.

While I understand your post, an average user will not. Not your fault, but the knowledgegap is too high.

@chanxu
Thanks for you answer. We still don't know what exact version of LimeSurvey is installed. The best thing seems to point the administrator of your LimeSurvey installation to this thread here.

The administrator might deactivate the bruteforce protection via code modification while submitting a bugreport to get a fix in the next updates.

 

wrote:

I already explain in the original commit why it's a bad idea to use same system than admin login.

While I understand your post, an average user will not. Not your fault, but the knowledgegap is too high.

 

I just ask to report issue … after i can help …

I just ask to report issue … after i can help …

LimeSurvey GmbH will learn to capture bug outside mantis. At least till they limit the offer to SaaS only. The bruteforce feature is broken by design, cause no control or configuration is available for the admin. That is like  MCP(Tron) or HAL9000(2001)



 

Thank you both and yeah, I'm getting what you are saying but my knowledge is not enough to fully understand the why. 

I will try to contact our internal admin and let try to let them know about this thread and report the bug. 

Thank you all. 

github.com/LimeSurvey/LimeSurvey/pull/17...suecomment-841117417