- Posts: 4
- Thank you received: 0
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
10 min lock out
- chanxu
- Topic Author
- Offline
- New Member
Less
More
2 years 11 months ago #215901
by chanxu
10 min lock out was created by chanxu
Hi,
I've been using Limesurvey web based, so no program actually installed. used it for 1.5 years not, all good always. For something like a month now, my students get a 10 min timeout message when I share some of the survey links with them. I can guarantee that the issue it not for them to insert a wrong code. It happens to almost all of them right at the start.
Any ideas what might be the cause here and how to fix it?
Thank you!
I've been using Limesurvey web based, so no program actually installed. used it for 1.5 years not, all good always. For something like a month now, my students get a 10 min timeout message when I share some of the survey links with them. I can guarantee that the issue it not for them to insert a wrong code. It happens to almost all of them right at the start.
Any ideas what might be the cause here and how to fix it?
Thank you!
The topic has been locked.
- holch
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 11639
- Thank you received: 2738
2 years 11 months ago #215907
by holch
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
Replied by holch on topic 10 min lock out
What is a "10min timeout message"?
A message from the server/browser that says that the connection timed out?
Or a message that they can't log in for the next 10 min? Which would be weird, because with the survey link they do not have to log in.
So please describe the problem more specific and maybe share screenshots, when possible.
You mean you did not use it for 1,5 years, right? Or you mean that you used it for 1,5 years. I am a little confused by the "not" in the sentence.
A message from the server/browser that says that the connection timed out?
Or a message that they can't log in for the next 10 min? Which would be weird, because with the survey link they do not have to log in.
So please describe the problem more specific and maybe share screenshots, when possible.
Well, Limesurvey must be installed somewhere on a webserver to work. If you didn't install it, someone is hosting it for you. Who is that?I've been using Limesurvey web based, so no program actually installed.
used it for 1.5 years not, all good always.
You mean you did not use it for 1,5 years, right? Or you mean that you used it for 1,5 years. I am a little confused by the "not" in the sentence.
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
The following user(s) said Thank You: chanxu
The topic has been locked.
- jelo
- Offline
- Platinum Member
Less
More
- Posts: 5033
- Thank you received: 1257
2 years 11 months ago #215910
by jelo
The protection is part of the LimeSurvey code and cannot be managed via the GUI.
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
Replied by jelo on topic 10 min lock out
If your students share an internet connection (e.g. classroom or dorm access), LimeSurvey might trigger a bruteforce protection. As you have not stated your LimeSurvey version and a screenshot of hte message, it might be something different. I recommend to only send the link to one student and see what happen. Then delay the sending of the links to only a few students.For something like a month now, my students get a 10 min timeout message when I share some of the survey links with them. I can guarantee that the issue it not for them to insert a wrong code. It happens to almost all of them right at the start.
The protection is part of the LimeSurvey code and cannot be managed via the GUI.
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The following user(s) said Thank You: chanxu
The topic has been locked.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13624
- Thank you received: 2490
2 years 11 months ago #215916
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic 10 min lock out
Please : report the issue :
community.limesurvey.org/bug-tracker/
The original issue : bugs.limesurvey.org/view.php?id=15239
Before this fix : github.com/LimeSurvey/LimeSurvey/commit/...6eb8be7a81da5e614617
Brute force usage only for admin
After this fix : usage for token and admin
before the fix : it work, after the fix it don't work.
It's a bug.
And you have no way to deactivate only for token …or set different value for token and non token or …
Then : it's break for you …
The original issue : bugs.limesurvey.org/view.php?id=15239
Before this fix : github.com/LimeSurvey/LimeSurvey/commit/...6eb8be7a81da5e614617
Brute force usage only for admin
After this fix : usage for token and admin
before the fix : it work, after the fix it don't work.
It's a bug.
And you have no way to deactivate only for token …or set different value for token and non token or …
Then : it's break for you …
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
- chanxu
- Topic Author
- Offline
- New Member
Less
More
- Posts: 4
- Thank you received: 0
2 years 11 months ago #215920
by chanxu
Replied by chanxu on topic 10 min lock out
Thank you for the prompt reply.
Lime is a tool that our company provides us so I believe that the company itself is hosting it then.
That "not" was a mistake. I've been using lime website for 1.5 years without any problems, just recently my students started having this issue We have ranges from 5 to 20 students per class and until this year around february/march, this issue never happened.
All the students are on the same company internet connection or through a vpn, but again, the way for them to connect has been the same and only now we get the issue. I've attached a screenshot. It looks like the user tried too many wrong tokens but i can assure you that this happens even if it is the first try and with the correct token.
Would this be something that i need to reach out internally to whomever has the lime installed and change some settings?
Lime is a tool that our company provides us so I believe that the company itself is hosting it then.
That "not" was a mistake. I've been using lime website for 1.5 years without any problems, just recently my students started having this issue We have ranges from 5 to 20 students per class and until this year around february/march, this issue never happened.
All the students are on the same company internet connection or through a vpn, but again, the way for them to connect has been the same and only now we get the issue. I've attached a screenshot. It looks like the user tried too many wrong tokens but i can assure you that this happens even if it is the first try and with the correct token.
Would this be something that i need to reach out internally to whomever has the lime installed and change some settings?
The topic has been locked.
- chanxu
- Topic Author
- Offline
- New Member
Less
More
- Posts: 4
- Thank you received: 0
2 years 11 months ago #215921
by chanxu
Replied by chanxu on topic 10 min lock out
they are connected to a vpn like system to the company connection but is has been like this since a year now and only now have we began to get this issue.
Weird thing that has also happened to me as i tried to login to the account. I i had one failed attempt to login because of a typo and on the second attempt it already blocked me out for 10 min
Weird thing that has also happened to me as i tried to login to the account. I i had one failed attempt to login because of a typo and on the second attempt it already blocked me out for 10 min
The topic has been locked.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13624
- Thank you received: 2490
2 years 11 months ago #215926
by DenisChenu
I already explain in the original commit why it's a bad idea to use same system than admin login. But i'm alone.
You are an user, a real user.
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic 10 min lock out
Please : report the issue !they are connected to a vpn like system to the company connection but is has been like this since a year now and only now have we began to get this issue.
Weird thing that has also happened to me as i tried to login to the account. I i had one failed attempt to login because of a typo and on the second attempt it already blocked me out for 10 min
I already explain in the original commit why it's a bad idea to use same system than admin login. But i'm alone.
You are an user, a real user.
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
- jelo
- Offline
- Platinum Member
Less
More
- Posts: 5033
- Thank you received: 1257
2 years 11 months ago #215929
by jelo
@chanxu
Thanks for you answer. We still don't know what exact version of LimeSurvey is installed. The best thing seems to point the administrator of your LimeSurvey installation to this thread here.
The administrator might deactivate the bruteforce protection via code modification while submitting a bugreport to get a fix in the next updates.
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
Replied by jelo on topic 10 min lock out
While I understand your post, an average user will not. Not your fault, but the knowledgegap is too high.I already explain in the original commit why it's a bad idea to use same system than admin login.
@chanxu
Thanks for you answer. We still don't know what exact version of LimeSurvey is installed. The best thing seems to point the administrator of your LimeSurvey installation to this thread here.
The administrator might deactivate the bruteforce protection via code modification while submitting a bugreport to get a fix in the next updates.
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The topic has been locked.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13624
- Thank you received: 2490
2 years 11 months ago #215930
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic 10 min lock out
I just ask to report issue … after i can help …
While I understand your post, an average user will not. Not your fault, but the knowledgegap is too high.I already explain in the original commit why it's a bad idea to use same system than admin login.
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
- jelo
- Offline
- Platinum Member
Less
More
- Posts: 5033
- Thank you received: 1257
2 years 11 months ago #215934
by jelo
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
Replied by jelo on topic 10 min lock out
LimeSurvey GmbH will learn to capture bug outside mantis. At least till they limit the offer to SaaS only. The bruteforce feature is broken by design, cause no control or configuration is available for the admin. That is like MCP(Tron) or HAL9000(2001)I just ask to report issue … after i can help …
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The topic has been locked.
- chanxu
- Topic Author
- Offline
- New Member
Less
More
- Posts: 4
- Thank you received: 0
2 years 11 months ago #215941
by chanxu
Replied by chanxu on topic 10 min lock out
Thank you both and yeah, I'm getting what you are saying but my knowledge is not enough to fully understand the why.
I will try to contact our internal admin and let try to let them know about this thread and report the bug.
Thank you all.
I will try to contact our internal admin and let try to let them know about this thread and report the bug.
Thank you all.
The topic has been locked.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13624
- Thank you received: 2490
2 years 11 months ago #216213
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic 10 min lock out
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.