V1.7.1 Freeze Account and Fail2ban

Hi,

I am wondering if anyone has tested the setting “FREEZE_USER_ON_LOGIN_FAILED” successfull.
On my self hosted installation it only shows a message on the loginscreen that the account is due to too many invalid logins frozen but the login page and the user account are still accessible and enabled, the userlogin is also after more then 5 invalid logins using the right password possible.

Is the freeze option working?
Has anyone successfully configured fail2ban to protect the login?

Any help would be much appriciated.

I didn’t know that v1.7.1 docker image was released. Where did you get that ?

I guess mtmail is using SeaTable EE.

SeaTable DE 1.7 will be release on Docker Hub shortly.

Sorry, yes I was writing about EE

We will check the option.

did you have a chance to test the protection function in the meantime?
Thank You

Not yet. It is not an urgent task for us. We will give it a check in version 1.8.

This was indeed a bug. But: It was fixed in SeaTable 1.8!

Can I ask you to verify? Please mark as solved if the bug is no more.

Account freezing after multiple failed logins is working well in V1.8
After I think 5 failed logins the account is set to inactive
Thank you for fixing that

If there is only 1 admin account for an on premise server installation available and the admin account gets inactive because of e.g. brute force?
How can seatable be accessed with admin rights?
Is there another possibility to reset the admin account status?

I see two ways right away:
1.) You unfreeze a frozen account via the database.
2.) You create a new admin account with seatable.sh superuser executed in the docker container “seatable”

Thank You very much.

Please open a separate thread. This question has nothing to do with this thread’s subject