Restricting login attempts to a server is a major part of server security process and also helps protect the server from resource abuse by the users.

In our role as Server support specialists for web hosts, we manage web servers with various control panels and billing portals such as WHMCS, Blesta, HostBill, etc.

Blesta is a customer management, billing, and support system for web hosting providers, which is being used by many web hosts nowadays. It has its own security restrictions to protect confidential data.

See how we add value to your business!

Today we’ll discuss the ‘failed login attempts’ setting in Blesta and how to fix the error due to this setting.

What causes ‘Too many failed login attempts’ error in Blesta

Blesta has two sets of interfaces – 1. Admin or super user account to manage all accounts in it and 2. User or end customer interface for users to manage their account.

End customers can access Blesta via their client portal at “http://www.domain.com/blesta/client/login/” using their username and password.

The admin interface would be at the corresponding URL “http://www.domain.com/blesta/admin/login/” where admins can manage the billing and support sections.

When users or admins try to access these portals with wrong login credentials, it can cause the portal to block them access after multiple failure attempts.

The number of failed login attempts allowable in Blesta is set via the config file and it is a factor that helps to protect the portal from attackers or unauthorized access.

Once the limit for allowable attempts exceeds, the users would see the error message ‘Too many failed login attempts’ in their Blesta interface.

[ Focus on your core business without interruptions. Our tech support experts are here to manage your customers 24/7. ]

How to resolve ‘Too many failed login attempts’ error in Blesta

Though Blesta resets the ‘failed login attempt’ limits after a fixed time frame of 10 minutes or so, there is an option to immediately revoke the block and to allow user to login.

The new Blesta versions have the configuration file at ‘config/blesta.php’. The parameter that sets the ‘failed login attempt’ limit is ‘max_failed_login_attempts’.

For a limit of 10, the value we give in the config file would be:

Configure::set("Blesta.max_failed_login_attempts", 10);

While 10 is an ideal value in the normal scenario to protect the portal from unwanted hack attempts, in case of a user getting blocked, this setting would need to be increased to unblock him.

Increase this value to a higher value such as 50 and then try accessing the URLs in Blesta. Now the user would no longer see the error and would be able to login fine with the right credentials.

After the user is able to login fine, we usually revert the value back to the default 10, to ensure that the security settings are strong enough.

[ Take care of your customers, before your competitors do. Get world-class support specialists to delight your customers. ]

At Bobcares, our 24/7 server specialists constantly monitor all the services in the server and proactively audit the server for any errors or corruption in them.

With our systematic debugging approach for service or other software errors, we have been able to provide an exciting support experience to the customers.

If you would like to know how to avoid downtime for your customers due to errors or other service failures, we would be happy to talk to you.