Community Support Forums

We are new to S2 member and new to having a members only section. Everything has been going well. We even have our first paying members.

The question is in regard to IP Restrictions. We keep having members getting banned for some reason or another. And today we have had our first paying member get banned. The good news is that we can reset their IP's in S2 member. And they have been immediately able to log back in every time so far. But the bad news is that it keeps happening. We are concerned about the obvious frustrations to the members especially those giving us their cash.

We loosened up the Brute Force IP Restrictions from 5 logins per 30 minutes to 10 logins. We are interested to see if this helps. I know from experience that it can be hard remembering passwords to a new site. So we thought giving them a little slack might help in regards to triggering an ip restriction.

Any comments would be welcome. Many times the members don't know they have been banned. They just get a 503 error or a it won't allow them in. So they start trying to reset passwords etc. S2 member should have a popup that tells them that their IP has been restricted and to email the administrator if they are not a bunch of hackers. Also, S2 Member should have "IP has been Restricted" as a Screen Option in the user area. Or even better as a separate category so we can see them quickly. Just like the separate categories in the user area where we can quickly see who is a paying member (s1 or s2 etc).

This seems to be a challenge for more than a few users of S2 Member.....I believe S2 member is a fine plugin with great help. We have to find a balance between keeping out hackers and our paying members. I am sure someone from S2 can come up with a good solution to help with this.

I would reset their IP and tell them not to lose their password and not to share it or, that could happen.

Eduan wrote:I would reset their IP and tell them not to lose their password and not to share it or, that could happen.

Well that is fine and good advice. But I still think it would be helpful if S2member allowed some way to quickly find out what usernames have had their ip's blocked. This would be great way to help out paying members as well as see who may be up to no good.

Thanks for the heads up on this thread.
Yea, I agree with you. We're working to improve this aspect of s2Member to make it easier for site owners to get a broad look at what's happening to all of their Users/Members in this regard. Until then, you might take a look at this thread. It is possible to see these details on a per-User basis: viewtopic.php?f=4&t=666&p=50543#p50543

Jason Caldwell wrote:Thanks for the heads up on this thread.
Yea, I agree with you. We're working to improve this aspect of s2Member to make it easier for site owners to get a broad look at what's happening to all of their Users/Members in this regard. Until then, you might take a look at this thread. It is possible to see these details on a per-User basis: viewtopic.php?f=4&t=666&p=50543#p50543

This is great news. I feel bad when a paying customer gets blocked and has to email us. And yes it has been easy to fix for any of our users. BUT it would be great to see what is going on in regards to who has had their ip blocked asap(and maybe even why that particular ip was blocked). Glad to know you guys have this on the to do list. We already have several hundred members and paying members signing up every day. Difficult to go through them every day to see who has been banned.

thanks for the update

I would like to add a specific request. We would like to know when anyone (and their subscriber status) gets their IP banned. S2member notifies us via email every time anyone joins and changes their password etc. We would like the same option for when anyone trips the security protocols.

thanks

I just had my first user email to let me know she'd been locked out, with only this message as explanation:

503: Service Temporarily Unavailable
Too many IP addresses accessing one secure area!
Please contact Support if you need assistance.

Please add my voice to those who would love to see improvement in this area. I had no idea my member was locked out, and I'm sure she did not violate policy/give out her login. I feel badly when paying members get locked out, and are even obliquely accused of cheating....

Thanks,
Melissa

Just curious as to when this is scheduled to be worked on? It seems there are two flaws in regards to this problem and S2member. The first flaw is not being able find when someone gets banned. You can always go through all your members. But that is a pain. And you can always wait till a paying member tells you about the 503 error. Which is alright IF the member is understanding. They are paying money. So hitting security breaches continuously for a paying member is not going to work long term. And it seems certain IP's trigger the security settings in S2 member regularly (at least among my members).

So having an option to quickly figure out Who got locked out because they breached the security protocols is a must have.

Also, there really needs to be an option of making sure Paying members have a looser set of security settings or something. Maybe two settings for security. One for paying members and one for free loaders. It is not good to have a paying member getting locked out over sensitive settings. This is probably always going to be a trade off. And someone can always be locked out. These things are going to happen. But having the security settings slightly more lenient for paying members seems to make sense to me.

But the MUST HAVE is some setting to find out WHO has breached the security protocols so it can be taken care of immediately.

I currently have over 500 members and just under 100 paying members. This is the only flaw I have seen so far. And this is something we are dealing with every week. There is no way to have everything perfect and keep everyone from being locked out. But I think a couple of improvements in this area should be a priority and this will make the software more user friendly.

Thanks for the great feedback guys.
Please know that we value all of your input.

We're going to address this in a future release of s2Member.