Tell me, what could be the reasons for blocking user accounts? And is it possible to find out the reasons for blocking a specific user
Could you tell us more about blocking users where and what problem you’re trying to solve? It’s not clear if you’re asking about your blocked user and how it could have happened or how to and why you would want to block a user.
Frequent blocking of users began to occur on my site on Modx Revo, I would like to know the reasons for blocking, can I see the reasons somewhere?
This may be the result of a compromise or attempted compromise. The blocked user mechanism typically will block users after 3 failed login attempts on an existing username. This block defaults to 1 hour in duration. So, it’s possible that someone knows the usernames or you’re using usernames like
admin and it’s getting blocked by a script attempting to either gain access or use the login form for a SQLi. It’s also possible that the site is already comromised and is being manipulated via remote code execution or access directly in the Manager.
Thanks, There can be no other reasons?
There could be other reasons, for sure but these are the common reasons. Questions to consider:
- Is the site running the latest MODX and Extras
- Is there any evidence of compromise? If you’re unsure, read this article series I wrote to find out: Recovering from a Hacked Site: Part 1
That automatic block after three bad login attempts is the only way MODX itself would have blocked anyone.
MODX extras like Articles might have blocking options as well, or someone who worked on the site may have created a custom blocking system.