Problem

Drupal can be configured to block user accounts temporarily after a specified amount of failed logon attempts.

If you receive a message stating “Sorry, there have been more than X failed login attempts for this account. It is temporarily blocked. Try again later or request a new password.“, you can either wait for the temporary block to expire, or you can clear the block in the MYSQL database.

 

 

Considerations

This remediation pertains to the following setup:

1. Ubuntu Server 16.04
2. Drupal 7
3. MYSQL 5.7.19

WARNING: ALWAYS MAKE SURE YOU HAVE A GOOD BACKUP BEFORE YOU BEGIN!

Remediation

This process will allow you to clear the temporary account block.

SSH into your server.

Login to MYSQL using the appropriate username.

mysql -u {username} -p

After successfully logging in you will see a banner and the “MySQL>” prompt.

To view the databases use the “show databases” command.

show databases;

HINT: Don’t forget the semi-colon at the end of the command.

We want to use the drupal7 database. You should use the database that holds your Drupal information. It will very likely have a different name.

To use the drupal7 database we issue the “use ” command.

use drupal7

HINT: This command does not have a trailing semi-colon.

Failed logon attempts are recorded in the “flood” table.

You can view the entries by using a select statement.

select * from flood;

This will show all of the entries in the flood table. Your results will differ but they should look similar to the below output.

We can clear the table with the “truncate” command.

HINT: This will remove all temporary account blocks in your Drupal instance.

truncate flood;

If you run the select statement again you will see that the table now does not contain any records.

select * from flood;

Your account will be unlocked so you have more attempts to log into Drupal.