FTP Security - Repeated Login Attempts

Similar Messages

• FTP login attempt timesout when coming from the www

  hello there, let me describe the problem i am having
  my seperate department under our university has our OSX Server running smoothly. Everyone is able to pull up webpages from withing the university, as well as from the outside, this is GOOD.
  from within the university i can login through an FTP connection to upload things and whatnot..., HOWEVER from outside the university this is not possible, the login attempts always TIMEOUT.
  now the reason why i am quite confused about this is because the webpage displays without a problem from outside the university, the FTP login however does not work.
  what might be the problem here?
  any help is real greatly appriciated.
  Thanks, gregor.

  Hi guys,
  I had the similar problem:
  Login via client tools worked fine
  Manual login via InfoView also no problem
  Kerberos-ticket was created in the background
  But when acitvating vintela SSO for InfoView I could see in stdout.log that no username was passed:
  "[Krb5LoginModule] user entered username: @MY_DOMAIN.COM"
  As there was no real error message it was hard to figure out what the problem was. The solution itself was to simply add the server-URL to the Intranet-pages in IE. This is described in several guides but I think it's good to document what happens if this is not done correctly
  Regards

• Blackberry ID - forgot password, forgot password recovery info, exceeded login attempts, why can't BB send me email to reset password.

  THE ISSUES ARE:
  1. FORGOT PASSWORD
  2. FORGOT PASSWORD RECOVERY INFO
  3. EXCEEDED ATTEMPTS TO LOGIN
  I HAVE READ OTHER PEOPLES FORUM PROBLEMS THAT ARE THE SAME. WHEN I FOLLOWED LINKS THAT SUPPORT GAVE THERE IS NO SOLUTION TO ACTUALLY FIX THE PROBLEM. 
  What I need is simply this: Blackberry to send me a RESET PASSWORD link to the email I have registered with Blackberry WITHOUT HAVING TO PROVIDE PASSWORD RECOVERY INFO. This will enable me to bypass unknown recovery password info and access my Blackberry ID account. 
  Why haven't I been able to find a solution to fix the problem?
  BECAUSE IT DOESN'T APPEAR TO EXIST........ ANYWHERE..... EVEN ON YOUTUBE BLACKBERRY ARE RUNNING AN OUT OF DATE SOLUTION CENTRE.
  When looked online to Blackberry youtube video it shows a solution that doesn't exist! WHY? BECAUSE IT WAS UPLOADED IN 2011. DUH. http://www.youtube.com/watch?v=lvdRb4qNG1M
  If I can't remember my password or recovery password info there is NO other option available that will send me a reset password via email so I can keep my current BB ID. 
  KB34776 - does not apply because you HAVE TO BE ABLE TO REMEMBER YOUR RECOVERY PASSWORD!
  CHECKED THIS OUT... 
  Workaround
  If the BlackBerry ID password has been forgotten but the answer to the password recovery question is known, select Forgot Password on the smartphone and answer the recovery question to generate a password reset email. Follow KB28685 to complete this process.
  If the BlackBerry smartphone user knows the email address used for the BlackBerry ID login but is unable to remember the associated password then it is possible to reset the password using the steps below:
  Note: If the BlackBerry ID account is not confirmed, it is necessary to provide the answer to the password recovery question as part of the web based password reset flow.
  To see if a BlackBerry ID account is confirmed, log in to the BlackBerry ID account, select Account Details and locate the Email Status field.  For instructions on confirming the BlackBerry ID account follow KB34137.
  Browse to the following URL using a desktop browser, the BlackBerry Browser on the BlackBerry smartphone, or the Browser on the BlackBerry PlayBook: http://blackberryid.blackberry.com/bbid/recoverpassword
  Enter the BlackBerry ID Username (email address) and the CAPTCHA characters, then clickSubmit.
  Enter the Answer to the Password Recovery Question, then click OK.
  Note: Answering the recovery question is only required if the BlackBerry ID account is not confirmed.
  A confirmation message will be displayed A password reset email has been sent to [email protected], at which point, a reset email will be delivered to the associated email address inbox.
  Log in to the email account associated to the BlackBerry ID using the desktop browser, BlackBerry Browser on the smartphone, or the Browser on the BlackBerry PlayBook.
  Locate the password reset email and select the Change your BlackBerry ID password link.
  Note: The BlackBerry ID reset email will come from [email protected]. If the email is not found in the inbox, check the mailbox's Spam or Junk folder.
  When the password reset page loads, enter the Answer to the Password Recovery Question, enter the New Password, Confirm Password, then click Submit.
  A confirmation message will display once the changes have been saved successfully.
  Moving forward use the newly created password whenever logging into BlackBerry ID.
   If the BlackBerry smartphone user does not know the email or password that was used for the BlackBerry ID, the BlackBerry ID will be locked out after 10 unsuccessful login attempts. See KB24157 for BlackBerry ID lockout behavior.
  THEN CHECKED KB24157......
  Overview
  BlackBerry ID is the master key to BlackBerry smartphone products, sites, services and applications, including BlackBerry Protect and the BlackBerry App World storefront.
  To prevent unauthorized access to the account, the BlackBerry ID will become locked out after a number of failed attempts. See the information below for an outline on the expected behavior:
  Local Authentication Lockout 
  On BlackBerry PlayBook and BlackBerry smartphones if the user enters their BBID password incorrectly 10 times on the BBID sign in screen, verify password screen, or BBID Edit screens, they are LOCKED OUT of all the following functions on that BlackBerry device for 15 minutes:
  Authenticating with their BlackBerry ID on the sign in screen
  Authenticating with their BlackBerry ID on the verify password screen
  Authenticating with their BlackBerry ID on the BBID edit screens 
  Note: The user can still log in on the web or any other devices associated with their BlackBerry ID. They are only locked out on the device where the 10 incorrect attempts occurred.  On the locked out device, after 15 minutes, they get 1 try to provide the correct password on the sign in and/or verify password screens. If they fail to enter the correct password, they are locked out for an additional 15 minutes on that device.
  Account Server Lockout
  Users have total of 10 attempts to enter their password correctly against the BlackBerry ID Account Server.
  The scenarios that increment the Account Server lockout counter are as follows:
  Providing an incorrect password anywhere on the BlackBerry ID web portal (blackberry.com/blackberryid)
  Providing an incorrect password within the BlackBerry ID Edit feature on any BlackBerry device or BlackBerry PlayBook
  Note: if a user provides an incorrect password 5 times on the BlackBerry ID web portal (blackberry.com/blackberryid), and then 5 more times on the BlackBerry ID Edit feature on their BlackBerry PlayBook, the cumulative number of failed attempts is 10. Once the user has made 10 incorrect attempts to provide their password against the Account Server, they are locked out of the Account Server PERMANENTLY until they reset their password.
  See KB26361 for information to reset a BlackBerry ID password
  Note: The Account Server Lockout does NOT prevent the user from local authenticating on devices  (the user can still authenticate on the sign in and verify password screens on their BlackBerry devices).
  Forgot Password Lockout
  If the user answers their Security Question incorrectly 10 times, they are locked out for 15 minutes of Forgot Password functionality on all interfaces such as:
  BlackBerry website (blackberry.com/blackberryid)
  BlackBerry PlayBook
  BlackBerry smartphone
  Note: After 15 minutes, they get 1 try, and if they fail to answer the question correctly, they are locked out for an additional 15 minutes.
  THAT DIDN'T WORK SO NOW ITS BACK TO..... KB26361
  Overview
  To change the BlackBerry ID password, complete the steps below for the specific device:
  From the BlackBerry 10 smartphone:
  Swipe down from the top bezel on the home screen and select Settings.
  Scroll down and select BlackBerry ID.
  Select Change Password.
  Enter the current password in the Current BlackBerry ID Password field.
  Enter the new password in the New BlackBerry ID Password and Confirm New Passwordfields.
  Select Submit to complete the password change.
  To confirm the change You have changed your password will be displayed.
  Also, if the BlackBerry ID password has been forgotten, select Forgot Password on the smartphone and answer the recovery question to generate a password reset email. Follow KB28685 to complete this process.
  Note: When using the recovery question password reset method, the generated email will be delivered to the BlackBerry 10 smartphone if the BlackBerry ID email address has been setup via Settings >Accounts
  From a computer:
  Visit http://www.bbid.com/ from a PC or BlackBerry smartphone browser.
  Click Log in.
  Enter the BlackBerry ID Username (email address) and password, then click Sign In.
  Click Account Details.
  Next to Password, click Edit.
  Enter in the current password, followed by the new password. Enter the new password again in the confirm password field, then click Save.
  Click Done to exit from the BlackBerry ID account information screens.
  From the BlackBerry smartphone running BlackBerry 6:
  Navigate to Options > Third Party Applications > BlackBerry ID.
  Click on Change next to BlackBerry ID Password.
  Enter in the current password, followed by the new password. Enter the new password again in the confirm password field, then click OK.
  A confirmation message will display Your password has been successfully changed.
  Click OK.
  From the BlackBerry smartphone running BlackBerry 7:
  Navigate to Options > Device > BlackBerry ID.
  Click on Change next to BlackBerry ID Password.
  Enter in the current password, followed by the new password. Enter the new password again in the confirm password field, then click OK .
  A confirmation message will display Your password has been successfully changed.
  Click OK.
  From the BlackBerry Playbook tablet:
  Navigate to the Options icon.
  Select BlackBerry ID.
  Click on the Edit button next to Change Password.
  Enter in the current password, followed by the new password. Enter the new password again in the confirm password field, then click Submit.
  A confirmation message will display You have changed your password.
  Click OK.
  If the password for a BlackBerry ID account has been forgotten and the login is unsuccessful, use the following process to reset the password.
  Note: If the BlackBerry ID account is not confirmed, it is necessary to provide the answer to the password recovery question as part of the web based password reset flow.  To see if a BlackBerry ID account is confirmed, login to the BlackBerry ID account, select Account Details and locate the Email Status field.  For instructions on confirming the BlackBerry ID account follow  KB34137.
  To generate a password reset email, complete the following:
  Browse to the following URL using a desktop browser, the Browser on the BlackBerry smartphone or the Browser on the BlackBerry PlayBook: http://blackberryid.blackberry.com/bbid/recoverpassword
  Enter the BlackBerry ID Username (email address) and the CAPTCHA characters, then clickSubmit.
  Enter the Answer to the Password Recovery Question, then click OK. (Answering the recovery question is only required if the BlackBerry ID account is not confirmed)
  A confirmation message will be displayed A password reset email has been sent to [email protected] , at which point, a reset email will be delivered to the associated email address inbox.
  Login to the email account associated to the BlackBerry ID using the desktop browser, BlackBerry Browser on the BlackBerry smartphone or the browser on the BlackBerry PlayBook.
  Locate the password reset email and select the Change your BlackBerry ID password link.
  Note: The BlackBerry ID reset email will come from [email protected] If the email is not found in the inbox, check the Spam or Junk folder.
  When the password reset page loads, enter the Answer to the Password Recovery Question, enter the New Password, Confirm Password, then click Submit.  
  Note: Answering the recovery question is only required if the BlackBerry ID account is not confirmed. 
  A confirmation message will display once the changes have been saved successfully.
  Moving forward use the newly created password whenever logging into BlackBerry ID.
  Note: If the BlackBerry ID email address is a BlackBerry mail address (e.g. <username>@tmo.blackberry.net), the BlackBerry ID password reset email will not be received on the BlackBerry smartphone. Since the BlackBerry mail address is not accessible from a computer, the steps outlined in KB28111 will need to be performed.
  IT ALL LEADS BACK TO THE SAME UNHELPFUL NON-SOLUTION OF USE THE PASSWORD RECOVERY QUESTION.... 
  Can the tech department of Blackberry please sort out this ridiculous unhelpful system by sending customers a direct email if password is forgotten so they can reset without having to go through the above without finding a solution. 
  THANK YOU.

  Hi and Welcome to the Community!
  Please see this "sticky" post, along with the threads to which it links, for helpful information to guide you as you proceed:
  http://supportforums.blackberry.com/t5/Social-Lounge/How-This-Site-and-Formal-Support-Work/td-p/2540...
  Hopefully, this information will be of use to you.
  That said, it sounds like you have exhausted all of the automatic recovery methods...but just in case, please see this "sticky" post for helpful information concerning your BBID situation:
  http://supportforums.blackberry.com/t5/BlackBerry-World/How-to-regain-access-to-your-BBID/td-p/25467...
  Hopefully, this information will be of use to you.
  But do please keep in mind that security is a 2-way street...the human element play an equal part in that security, and you have failed at that in this situation, yet desire for the automated methods to still recover for you. Such just isn't possible, because your failure has exceeded the capabilities of the automated methods.
  Hence, you likely need human intervention from an actual BB representative, which is not available in this forum (as discussed in the first link I gave you above). But, the methods to attempt to seek human intervention are posted within the 2nd link I gave you.
  Cheers, and Good Luck!
  Occam's Razor nearly always applies when troubleshooting technology issues!
  If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
  Join our BBM Channels
  BSCF General Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• To send a mail for failed login attempts,.

  We have to implement the mailing system in linux.,to send the mail regarding failed login attempts and ip address of user who attempted the failed login.,any one have the idea on this?
  Regards.,
  Vaaru

  Running an old beta version of RHEL is a bad idea. If you are concerned about security and operation of your OS I suggest to use a more recent release version. You can download, install and use Oracle Linux for free.
  Mail processing of failed login attempts is not a good idea and to my knowledge there is no such built-in system setting. I suggest you read the standard documentation or search the Web for information on how to set up a mail system. You will probably need to create a custom script to process failed login attempts.

• Network (IP) address is no longer listed as the source of multiple failed login attempts - Events 4776 in Windows 2008 R2

  Our Windows 2008R2 security log is full of failed login attempt events 4776, but we're unable to block them because no IP address is provided for the network source of these attempts - like it was in Windows 2003 Server.
  Log Name:      Security
  Source:        Microsoft-Windows-Security-Auditing
  Date:          9/26/2012 2:32:27 AM
  Event ID:      4776
  Task Category: Credential Validation
  Level:         Information
  Keywords:      Audit Failure
  User:          N/A
  Computer:      MAIL.XYZ.COM
  Description:
  The computer attempted to validate the credentials for an account.
  Authentication Package:    MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
  Logon Account:    admin
  Source Workstation:    MAIL
  Error Code:    0xc0000064
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
      <EventID>4776</EventID>
      <Version>0</Version>
      <Level>0</Level>
      <Task>14336</Task>
      <Opcode>0</Opcode>
      <Keywords>0x8010000000000000</Keywords>
      <TimeCreated SystemTime="2012-09-26T06:32:27.570062500Z" />
      <EventRecordID>18318</EventRecordID>
      <Correlation />
      <Execution ProcessID="452" ThreadID="540" />
      <Channel>Security</Channel>
      <Computer>MAIL.XYZ.COM</Computer>
      <Security />
    </System>
    <EventData>
      <Data Name="PackageName">MICROSOFT_AUTHENTICATION_PACKAGE_V1_0</Data>
      <Data Name="TargetUserName">admin</Data>
      <Data Name="Workstation">MAIL</Data>
      <Data Name="Status">0xc0000064</Data>
    </EventData>
  </Event>

  The user names are all different in these log events, and they constantly change, which may indicate a hacking attempt.  However, in Windows 2003 these type of events looked like this, showing the IP address the request came from, so we could trace
  and block them -- but not in Windows 2008:
  Logon Failure:
  Reason: Unknown user name or bad password
  User Name: s
  Domain: MAIL
  Logon Type: 10
  Logon Process: User32 
  Authentication Package: Negotiate
  Workstation Name: MAIL
  Caller User Name: MAIL$
  Caller Domain: XXXX
  Caller Logon ID: (0x0,0x3E7)
  Caller Process ID: 3728
  Transited Services: -
  Source Network Address: 202.67.170.186
  Source Port: 57365

• Portal Report for failed login attempts

  Hey Gurus,
  I've some doubts regarind the login mechanism of SAP Portal.
  1) Is it possible to capture the failed login attempts for a portal?
  2) Is there any standard report available where we can have the numbar of failed login attempts to the portal for a specifc user?.
  Say, If a user is trying to access portal. Firts attempt - Failed, Second attempt - Failed Third attempt - Success.
  So is it possible to capture these two failed login attempts by standard way and display it to administrator thru a report?
  Regards
  Abhinav

  SAP Security Audit can be used

• OC4J 10.1.3.1 Need to find oracle.security.jazn.login.module.db.util pckg

  Hi,
  I managed to configure Oracle's DBTableOraDataSourceLoginModule together with JavaSSO to access two tables which reside on a 9i database. One is the user's table and the other a roles table. The only problem is that the user's passwords should be encripted in this table.
  I followed the instructions in the Oracle Containers for J2EE Security Guide page 9-10 - Implementing DBLoginModuleEncodingInterface for Password Encryption, and specified in the pw_encoding_class parameter
  the DBLoginModuleSHA1Encoder class provided in the oracle.security.jazn.login.module.db.util package.
  I also wrote a small program to do the encryption in the table, using a getKeyDigestString method found in DBLoginModuleSHA1Encoder class of a sample dblogin module downloaded from a link in Lucas Jellema's article on how to secure an application developed with JDeveloper and deployed in OC4J. I used this class because I could not find the one mentioned in the Oracle documentation.
  Now the DBTableOraDataSourceLoginModule rejects the login with an invalid password message. It seems the encoding is calculated differently in the two classes. I tried to use the sample dblogin module in the javasso specification, and got a - no class found - message. I tried to locate the oracle.security.jazn.login.module.db.util package to use in the password encoding program, but I couldn't find it anywhere in either OC4J nor JDeveloper directories.
  Can you tell me where to find the oracle.security.jazn.login.module.db.util package ?
  Thanks for help.
  Gustavo

  Hi
  As I am also tried the same and found the encryption module working fine for me.
  This I could do only on JDeveloper 10g whereas while attempted on the same on JDeveloper 11g, I got lots of problems.
  Will you please help out in this regard, if you had already able to acheive the same on JDeveloper 11g TP3, please let me know the steps or any relevant URL which I can refer.
  Thanks in advance
  Kind Rgds
  Krishnamurthy. R

• Excessive AD login attempts

  We have a UCS system configured for LDAP authentication against Active Directory. Everything is working as expected, but on the DCs we are seeing excessive failed login attempts originating from the fabric interconnect IPs against an invalid domain account. We are seeing anywhere from hundreds to thousands of attempts per day, so I don't believe these are due to invalid GUI login attempts or anything user driven. I've dug through the GUI but cannot find anything that would be using that account. The BindDN is set to use a different account created solely for this purpose. An example from the event log is posted below (192.168.32.12 is the primary FI). Any thoughts?
  An account failed to log on.Subject:    Security ID:        SYSTEM    Account Name:        LP-DC02$    Account Domain:        CO    Logon ID:        0x3e7Logon Type:            3Account For Which Logon Failed:    Security ID:        NULL SID    Account Name:        Admin    Account Domain:        COFailure Information:    Failure Reason:        Unknown user name or bad password.    Status:            0xc000006d    Sub Status:        0xc000006aProcess Information:    Caller Process ID:    0x1dc    Caller Process Name:    C:\Windows\System32\lsass.exeNetwork Information:    Workstation Name:    LP-DC02    Source Network Address:    192.168.32.12    Source Port:        43342Detailed Authentication Information:    Logon Process:        Advapi      Authentication Package:    MICROSOFT_AUTHENTICATION_PACKAGE_V1_0    Transited Services:    -    Package Name (NTLM only):    -    Key Length:        0This event is generated when a logon request fails. It is generated on the computer where access was attempted.The  Subject fields indicate the account on the local system which requested  the logon. This is most commonly a service such as the Server service,  or a local process such as Winlogon.exe or Services.exe.The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

  Hi Brad,
  I checked my lab setup and do not see anything similar, can you let me know the UCSM version and i can check for that specific version.
  Is there is any other AD intergation? back-up job? KVM access etc?
  feel free to open a TAC case if you wish to and we should to able to look into the logs and figure out if there is a request going out from UCS for authentication of a specific account.
  Thanks!
  ./Abhinav

• Login has been temporarily disabled due to too many unsuccessful login attempts.

  Hello,
  Does anyone know in how long after recieving the message "Login has been temporarily disabled due to too many unsuccessful login attempts. Please try again later." I will be able to login?
  Regards,
  Alex
  Solved!
  Go to Solution.

  There is no generic password, that would create a HUGE security hole. If you have held the reset pinhole down for 15 seconds or so with the unit powered on, then released it, the password should be set to what is on the router label. admin will be the user and when you type the password  you should see what appears to be other characters when you type..
  One person with this issue had to type the password into notepad and copy paste it to get in.
  You can change the  default setting of 5 bad logins but I DO NOT  recommend this  credit to armond_in_nj
  "You can reset the number of allowed unsuccessful logins. Log on to the device, then click on "Advanced." In the far left column, choose "Users." In "Login Configuration" set the desired number of unsuccessful logins. 
  Also be sure to either activate, accept, or save all desired changes prior to changing screens or logging off."
  Personally I have also added and extra user in case I have an issue with admin
  If a forum member gives an answer you like, please give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem. Thanks !!!
  http://forums.verizon.com/t5/Verizon-net-Email/Fix-for-Missing-Inbox-sent-folders-etc-with-Internet-Explorer-11/m-p/647399

• Alternative to set  "java.security.auth.login.config" ?

  In all examples of using JASS, it uses the following way.
  System.setProperty("java.security.auth.login.config", fileName)
  Is there a way I can specify the policies in code, not in a file? That way I don't have to worry about file permissions.
  p.s. Thanks for Seema-1 who anwsered my last question.
  Message was edited by:
  maqiang9111

  Has anyone done the same thing for the java.security.krb5.conf setting? I tried setting it using the same form of URL that I use for java.security.auth.login.config, and I get this error when the kerberos code attempts to use it:
  Could not load configuration file jar:file:\C:\dev\workspace\myapp\client-data.jar!\krb5.ini (The filename, directory name, or volume label syntax is incorrect)
  The corresponding login context conf file in the same jar loads fine.

• Firefox 5 is apparently incompatible with F-Secure anti-virus; F-Secure repeatedly pops up "Changed Application" messages; How do I restore my previous version of Firefox?

  I just installed Firefox 5. Unfortunately, F-Secure's "Application Control" now repeatedly pops up "Changed Application" messages in an endless string. It will not accept my attempts to "Allow" the new version of Firefox. Since Firefox 5 is not compatible with F-Secure, I must return to my previous version of Firefox. I am very disappointed that you have put me to all this trouble. How do I delete Firefox 5 and return to the previous version of Firefox?

  "F-Secure repeatedly pops up Changed Application"
  So how is this Firefox's fault? Shouldn't you write to F-Secure so they fix that?

• Failed login attempt logging

  Hi,
  In the past, I had prepared a little script going through /var/log/secure.log to log failed login attempts. However, since updating to Snow Leopard, nothing shows up anymore regarding failed login attempts.
  Can I find this information anywhere else? Or re-activate it all along?
  Thanks,
  Lionel

  Bump... Anyone?

• Locking a user after unsuccessful login attempts?!

  Does anybody know how to automatically lock a user after a given number of unsuccessful login attempts?
  I noticed that solaris does not offer any security feature concerning this item, although it is a good opportunity for hackers to scan a solaris machine.
  Please let me know
  Thanx in advance

  Hi,
  The Trusted Solaris version supports this feature. You can find the detail about configuring the same at http://docs.sun.com under Trusted Solaris 8 and Administration Procedures.
  The same can also be achieved by using Pluggable Authentication Modules(PAM) which has been incorporated since Solaris 2.6. For more info on PAM check out www.sun.com/solaris/pam. There some white papers and admin guide .Also refer to man pages on pam.conf ,pam and pam_unix.
  Regards
  Anshul

• User wlisystem in realm CompatibilityRealm has had 6 invalid login attempts

  when a request is sent to wli
  ####<Jul 31, 2007 12:33:19 AM BST> <Notice> <Security> <hwmit08> <managed2_btrsg01> <ExecuteThread: '0' for queue: 'Multicast'> <kernel identity> <> <090078> <User wlisystem in realm CompatibilityRealm has had 6 invalid login attempts, locking account for 30 minutes.>
  ####<Jul 31, 2007 12:43:19 AM BST> <Notice> <Security> <hwmit08> <managed2_btrsg01> <ExecuteThread: '0' for queue: 'Multicast'> <kernel identity> <> <090078> <User wlisystem in realm CompatibilityRealm has had 5 invalid login attempts, locking account for 30 minutes.>
  anyone has a solution for this

  my guess is this user "ovowl" doesn't exist at all.
  I have tried logging into the console for 5 times with a non existing username, and I got the same error:
  <17-May-2011 16:10:32 o'clock CEST> <Notice> <Security> <BEA-090078> <User weblogic1 in security realm myrealm has had 5 invalid login attempts, locking account for 30 minutes.>
  but there is no user "weblogic1"....

• How do I redirect a secure zone login form with javascript?

  I would like to redirect what page a user goes to after filling out the secure log in form. I would change the landing page of the secure zone, but I need a log in form to go to a different page of the site. I would also create a seperate secure zone, but I have almost 3000 subscribers and it would be very time consuming to add all those users to this new zone.
  I would like to redirect the user (using the form from a secure zone) to a different page other than the landing page of the log in form. How do I do this with javascript?
  I saw this page: http://kb.worldsecuresystems.com/598/bc_598.html#main_Logging_into_different_Secure_Zones_ according_to_ID_number but couldn't make sense of it for my current situation. (I don't need multiple zones, just the form to redirect to a different page after submission)
  <form action="https://redlakewalleye.worldsecuresystems.com/ZoneProcess.aspx?ZoneID=12369&Referrer={module_siteUrl,true,true}&amp;OID={module_oid}&amp;OTYPE={module_otype}" method="post" onSubmit="return checkWholeForm52938(this)" name="catseczoneform52938">
              <div class="form">
              <div class="item"><label for="SZUsername">Username</label><br />
              <input type="text" maxlength="255" id="SZUsername" name="Username" class="cat_textbox_small" /></div>
              <div class="item"><label for="SZPassword">Password</label><br />
              <input type="password" autocomplete="off" maxlength="255" id="SZPassword" name="Password" class="cat_textbox_small" /></div>
              <div class="item"><input type="checkbox" id="RememberMe" name="RememberMe" /><label for="RememberMe">Remember Me</label></div>
              <div class="item"><input type="submit" value="Log in" class="cat_button" /> <a href="/_System/SystemPages/PasswordRetrieveRequest">Lost password?</a></div>
              </div>
              <script type="text/javascript" src="/CatalystScripts/ValidationFunctions.js"></script>
              <script type="text/javascript">
                  //<![CDATA[
                  function checkWholeForm52938(theForm){
                      var why = "";
                          if (theForm.Username) why += isEmpty(theForm.Username.value, "Username");
                          if (theForm.Password) why += isEmpty(theForm.Password.value, "Password");
                          if (why != ""){alert(why);
                              return false;
                     // Add the redirect code here?
                      theForm.submit();
                      return false;
                  //]]>
              </script>
          </form>

  I've been working on the same thing and have nearly solved it with these tutorials:
  http://www.bcgurus.com/tutorials/re-directing-users-to-the-correct-secure-zone
  http://www.bcgurus.com/tutorials/building-a-better-secure-zone-login-page
  The first tutorial will let a person continue on to the page he/she was attempting to access. For example, if your site offers learning lessons in a secure zone... A visitor could click on a lesson, get prompted to login and then be redirected to that particular lesson instead of the landing page for the secure zone.  The script in the tutorial also accommodates general logging in: "if the person wasn't going somewhere specific then send him/her here (landing page, user account, whatever).
  Might be worth checking out the free BCGurus trial or joining for a month.
  Brian