"Your account has exceeded allowed number of login attempts. Please try again in 1 hour or reset password. "

For 3 days now I get the same message again and again. I haven't login to Admin panel for 3 days!

Your account has exceeded allowed number of login attempts. Please try again in 1 hour or reset password.

I don't have the latest version of Opencart. I have the pre-latest version. Can the developers define what is the problem here?
- Noone tried to login.
- I didn't change any files.
- I did nothing.

The first time I saw this message I hadn't logged in the admin panel for almost 2 days!

I want to increase the allowed number of login attempts to around 5-6 so that I don't see that message again. How can I login and use my site?

OC version. Posted in Bug Reports.

You may need to increase this value:
System > Settings > Edit store > tab Options > field Max Login Attempts

Hi!

• Don't use "default" accounts like admin, rename them. They are easy to use for brute force passwords.
• Use two-factor authentication for the admin panel using .htaccess (basic http authorization). This will prevent password brute force attempts.

And now, to solve the problem, you just need to change the username admin in the oc_user table.

I can not login to Admin panel! This goes on for 4 days now!

So explain to me step by step how am I going to solve the issue using FTP!

1. Go to phpMyAdmin
2. Delete your entry (ip) from customer_login table

How can I edit a file in FTP and make the "Limit of Admin users logged in" increase to ex. 5?

Because that's the first time I see a functionality like this in any CMS!

In admin/controller/common/login.php try removing or commenting out the the following.
Once you have logged and changed the Max Login Attempts setting. Put the line back.

You may also need to check the modifications in storage if you have an extension that modifies that file.

Hi,
Same thing is happening to me. Sorted the login with everyone's input above. thanks

however, as suggested by another...(one of you above) i went in the customer IP table in my PHP and to my surprise, i have 10,000 logged ips with what seems like an a-z of legit names and ips. But this opencart install of mine is fresh only been up for a few months and I've not even promoted it one bit and i don't want to currently as its still work in progress. Has this been injected into my opencart install somehow along with the admin login issue ? whats going on anybody know ?

saf77776 wrote: ↑

Sun Apr 17, 2022 8:06 pm

Hi,
Same thing is happening to me. Sorted the login with everyone's input above. thanks

however, as suggested by another...(one of you above) i went in the customer IP table in my PHP and to my surprise, i have 10,000 logged ips with what seems like an a-z of legit names and ips. But this opencart install of mine is fresh only been up for a few months and I've not even promoted it one bit and i don't want to currently as its still work in progress. Has this been injected into my opencart install somehow along with the admin login issue ? whats going on anybody know ?

It's probably a bot. There one that register customers and another that tries to brute force the admin.

ditto above

Bots do not care whether you have a working website, probably do not even know your domain.

If you analyse the requests you would find that they probably just reference your ip address and actually do not even know you run Opencart or have an /admin/ directory, they just try.

These bots just post to your admin a username and password from a list and as long as they do not get a negative response (404,410), they will continue.

These usernames are rather arbitrary, silly even, and their request frequency is pretty low so there is no real harm there but if you use one of those usernames as your admin then it will hit the amount of failed login attempts and lock you out for a while.
So never use the obvious username "admin”.

You can empty the customer_login table if it happens as that would reset the failed attemp counts.
There is a post from Neuhoff to just block posts to /admin/ when the get array is empty. Maybe someone can find it and post it

by mona wrote: ↑

Mon Apr 18, 2022 6:56 pm

There is a post from Neuhoff to just block posts to /admin/ when the get array is empty. Maybe someone can find it and post it

viewtopic.php?f=179&t=225771

thank you