"Possible Login Attack Detected"

  • New Wordpress Plug-In Forum
    Guest:

    Just a note that we have a new forum to contain discussions relating to the Wordpress plug-in which Daniel Persson originated and has been making great progress on. You'll find it under "Server-Side Solutions."

    /Steve.

shanedk

Well-known member
May 20, 2018
317
86
I just tried to do an install on one of my smaller sites (it only has me as a user) to see if it works. I was coming at this from the point of a new user operating with no instructions. A search found the SQRL plugin, I installed it, activated it, no problem.

Then when I logged out and went to log in, I got the "Possible Login Attack Detected" with GRC's Windows client. With the Android client scanning the QR code, I got "An error has occurred."

There doesn't seem to be any obvious indication as to what I should do next to get this working. WordPress is fully updated to 5.2.2. It's on a shared server running PHP 7.3.6 with a cert from Let's Encrypt.
 

shanedk

Well-known member
May 20, 2018
317
86
After further experimentation: When I went to my user profile settings and associated the user with my SQRL account, it succeeded, and after that the SQRL login worked fine. So the above error happens when there's not already a user associated with the SQRL ID.

Incidentally, there was no indication that I should or even could do this. There should be some mention of this in the installation instructions, and before I found the association I went to the SQRL Login settings and didn't see anything helpful; just the redirect link. Maybe the association option should be there, too? That'll probably be the first place people look.

And also, how would a new user sign up using SQRL? This isn't obvious, either.
 
  • Like
Reactions: kalaspuffar

kalaspuffar

Well-known member
May 19, 2018
269
91
Sweden
coderinsights.com
After further experimentation: When I went to my user profile settings and associated the user with my SQRL account, it succeeded, and after that the SQRL login worked fine. So the above error happens when there's not already a user associated with the SQRL ID.

Incidentally, there was no indication that I should or even could do this. There should be some mention of this in the installation instructions, and before I found the association I went to the SQRL Login settings and didn't see anything helpful; just the redirect link. Maybe the association option should be there, too? That'll probably be the first place people look.

And also, how would a new user sign up using SQRL? This isn't obvious, either.
Hi @shanedk

The reason the association is on your profile is that every user can associate their identity to their profile.

The SQRL Settings are system wide so association would not be appropriate.

The reason you get an error on login is that you don't allow new sign up to the site.

The buttons say "click to login" or "click to login or register" depending on the system state. Could perhaps add a message on the site on login to indicate that registration failed.

Hope this helps

Best regards
Daniel
 

shanedk

Well-known member
May 20, 2018
317
86
Yes, having a message explaining that registration failed would be good, but why would the SQRL client be complaining about a possible attack? That sounds to me like something that should never happen (well, except in the case of an actual attack).
 

shanedk

Well-known member
May 20, 2018
317
86
I just tried it on another website where I do allow other users, and if I try to log in with SQRL before associating it with my profile I still get "Possible Login Attack Detected."
 
  • Like
Reactions: kalaspuffar

CaitSith2

Member
May 19, 2018
6
3
Okay, I think I located why the "Possible Login Attack Detected" happens. It turns out the client provided session response is NOT returned if you attempt to login with an identity NOT associated with any accounts, and account creation is disabled, resulting in that situation, where the client provided session is left hanging.
 

Gristle

Well-known member
Feb 16, 2019
341
70
Okay, I think I located why the "Possible Login Attack Detected" happens. It turns out the client provided session response is NOT returned if you attempt to login with an identity NOT associated with any accounts, and account creation is disabled, resulting in that situation, where the client provided session is left hanging.
Good catch!
 
  • Like
Reactions: kalaspuffar