Announcement

Collapse
No announcement yet.

constant "has been blocked" and "has been re-enabled"

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • constant "has been blocked" and "has been re-enabled"

    My main desktop machine keeps being listed in the log as "has been blocked from further access to the system" and "has been re-enabled for access to the system" - repeated pairs of those entries every 5 minutes. I can't get to my Homeseer server from a browser on this desktop (which used to work perfectly fine until a day ago), but can get to it fine on a laptop. What would cause it to keep being blocked and re-enabled?

  • #2
    Have you run a virus scan on this server causing issues. It appears that your server is sending requests to your HS server and being blocked due to invalid login requests.
    -Rupp
    sigpic

    Comment


    • #3
      Originally posted by Rupp View Post
      Have you run a virus scan on this server causing issues. It appears that your server is sending requests to your HS server and being blocked due to invalid login requests.
      ok so I do have a program on this machine that periodically checks my various servers and emails me if anything goes down. But it only probes once every 10 minutes or so. Where and how is it determined what frequency of access causes a host to be blocked?

      Comment


      • #4
        Originally posted by mlevin77 View Post
        ok so I do have a program on this machine that periodically checks my various servers and emails me if anything goes down. But it only probes once every 10 minutes or so. Where and how is it determined what frequency of access causes a host to be blocked?
        Under Setup - Network - Web Server Settings:

        Click image for larger version

Name:	Untitled.png
Views:	1
Size:	9.1 KB
ID:	1188105

        Cheers
        Al
        HS 3.0.0.548: 1976 Devices 1156 Events
        Z-Wave 3.0.1.262: 123 Nodes on one Z-Net

        Comment


        • #5
          Originally posted by sparkman View Post
          Under Setup - Network - Web Server Settings:
          [ATTACH]58146[/ATTACH] Cheers, Al
          I thought so, but I don't understand those parameters. "Invalid access hits" is wrong password entered? if so, that can't be it, since my server tester is using the right password (I could see it succeeding, when things were working, and I haven't changed anything). "Time between hits" - what exactly is this? If my server tester is probing every 10 minutes say, how do I set these values to make sure that it doesn't get locked out?

          Also weird is that now, my laptop appears to be locked out as well...

          Comment


          • #6
            Time between hits is the time between successive failed attempts. If it's longer than that value, then it won't count towards the lockout. If the logins are successful, then something else may be at play. Disable this setting completely and see if the issue goes away. If it does not, then do you have any other AV or Firewall software running on the HS system?


            Sent from my Phone using Tapatalk
            HS 3.0.0.548: 1976 Devices 1156 Events
            Z-Wave 3.0.1.262: 123 Nodes on one Z-Net

            Comment


            • #7
              Originally posted by sparkman View Post
              If the logins are successful, then something else may be at play. Disable this setting completely and see if the issue goes away.
              ok so disabling "IP Hack Blocking" took care of it. What does this do exactly, that's different than the next 2 settings? And what's "time between hits" - what does that do?

              Comment


              • #8
                All settings work together. With the checkbox unchecked, the other settings are irrelevant. Time to Block is how long you get locked out for once it is triggered. The next entry is how many failed attempts in a row need to occur and then the last one is the max time between failed attempts needed for them to count against the total.


                Sent from my Phone using Tapatalk
                HS 3.0.0.548: 1976 Devices 1156 Events
                Z-Wave 3.0.1.262: 123 Nodes on one Z-Net

                Comment


                • #9
                  Originally posted by sparkman View Post
                  All settings work together. With the checkbox unchecked, the other settings are irrelevant. Time to Block is how long you get locked out for once it is triggered. The next entry is how many failed attempts in a row need to occur and then the last one is the max time between failed attempts needed for them to count against the total. Sent from my Phone using Tapatalk
                  that's just so weird, because I know my tester is not using wrong credentials, so there should be no failed attempts! And access is cut off immediately when I click "enable IP hack blocking" (not after a bunch of access tests run from that machine, which happen every 12 minutes or so).

                  Comment


                  • #10
                    Originally posted by mlevin77 View Post
                    that's just so weird, because I know my tester is not using wrong credentials, so there should be no failed attempts! And access is cut off immediately when I click "enable IP hack blocking" (not after a bunch of access tests run from that machine, which happen every 12 minutes or so).
                    Check the ipblock setting in settings.ini. Anything in there that may be a clue?

                    Also, if you restart HS, does it block it right away too?
                    HS 3.0.0.548: 1976 Devices 1156 Events
                    Z-Wave 3.0.1.262: 123 Nodes on one Z-Net

                    Comment


                    • #11
                      Originally posted by sparkman View Post
                      Check the ipblock setting in settings.ini. Anything in there that may be a clue?
                      [IPBlock]
                      IPBlock_Enabled=False
                      IPBlock_BlockTimeMinutes=30
                      IPBlock_Failures=20

                      not sure what to make of this - how to know if it's actually getting any failures? I don't think it should be - I think the remote logins are using the correct credentials.

                      Comment


                      • #12
                        Have you tried restarting HS? Does it block you right away after a restart?


                        Sent from my Phone using Tapatalk
                        HS 3.0.0.548: 1976 Devices 1156 Events
                        Z-Wave 3.0.1.262: 123 Nodes on one Z-Net

                        Comment


                        • #13
                          Originally posted by mlevin77 View Post
                          ok so I do have a program on this machine that periodically checks my various servers and emails me if anything goes down. But it only probes once every 10 minutes or so. Where and how is it determined what frequency of access causes a host to be blocked?
                          You may want to ensure this is actually only checking once every 10 minutes. If you disable this does HS3 work normally?
                          -Rupp
                          sigpic

                          Comment


                          • #14
                            Originally posted by Rupp View Post
                            You may want to ensure this is actually only checking once every 10 minutes. If you disable this does HS3 work normally?
                            I disabled the automated polling of my HS3 system, checked the hacking prevention back on, and was allowed access from that computer to the HS3. I turned it back on, and still have access. The system is polling HS3 every 12 minutes, I can see in the log that it's not any more frequent than that. I will see if it kicks me off again.

                            Comment

                            Working...
                            X