Cannot Login Because of Blocked IP

cornbase · December 24, 2019, 7:29pm

I set the following configuration in the Brute Force Detection settings (https://matomo.org/faq/troubleshooting/faq_32758/):

Always block these IPs from logging in:
0.0.0.0/0

The CIDR above will block all IP addresses. Then I set my own IP range under the never block section:

// example
173.*.*.*

Well now I can’t login because I’m getting the following error:

You are currently not allowed to log in because you had too many failed logins, try again later.

How can I reset or edit the Brute Force IP blocking? I have SSH access to Matomo installation directory and can update files. I’ve tried adding my IP to the config.ini.php file. I added the following:

login_whitelist_ip[] = 173.*.*.*

However, the login_whitelist_ip setting did not fix the issue.

Thanks!

cornbase · December 24, 2019, 8:08pm

I also tried the following console command:

./console login:unblock-blocked-ips
./console cache:clear

However, that did not fix the issue.

cornbase · January 7, 2020, 12:29am

Any ideas on how to fix this issue?

markoboy · August 25, 2020, 2:30pm

Hello, I know this is an old post but as there is no answer and I had the same issue and spent almost all day to fix this, even though my ip was added in the never block these ips the code itself is checking the blacklist first.

If you open the matomo/plugins/Login/Security/BruteForceDetection.php andsearch for isAllowedToLogin function.

Change the order of the if statements to:

        if ($this->settings->isWhitelistedIp($ipAddress)) {
            return true;
        }

        if ($this->settings->isBlacklistedIp($ipAddress)) {
            return false;
        }

This way the whitelist ip will be verified before the blacklist, I hope this might help someone else

Lukas · August 25, 2020, 2:47pm

Hi @markoboy,

Thanks for the remark. That sounds quite reasonable so would you like to create a pull request to submit this change to Matomo?

github.com

matomo-org/matomo/blob/4.x-dev/plugins/Login/Security/BruteForceDetection.php

<?php
/**
 * Matomo - free/libre analytics platform
 *
 * @link https://matomo.org
 * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
 *
 */
namespace Piwik\Plugins\Login\Security;

use Piwik\Common;
use Piwik\Date;
use Piwik\Db;
use Piwik\Plugins\Login\SystemSettings;
use Piwik\Updater;
use Piwik\Version;

class BruteForceDetection {

    private $minutesTimeRange;

This file has been truncated. show original

markoboy · August 26, 2020, 9:47am

Hello @Lukas, I’ll try and make a pull request today, thank you

markoboy · August 26, 2020, 5:24pm

Hello @Lukas, I’ve made a pull request https://github.com/matomo-org/matomo/pull/16348, the contribution guide states about setting a label, although I dont see how this can be achieved.

Have a nice day!