Loading...
 
Features / Usability

Features / Usability


Administrator account requires administrator approval

posts: 125

Hey everyone,

We have one super admin account to reduce our attack surface. We do not log into it very often, again for the same reason.

Today, I attempted to log into the super admin account and was presented with,

Account requires administrator approval


...but it is the administrator.

I have seen it before and was able to go into the database and update the SQL. This is obviously not an ideal solution, so I have two questions.

  1. What is the recommended way to rectify this?
  2. How do we prevent it in the future?


Thanks,

J

posts: 126707 United Kingdom
James Geddes wrote:

Today, I attempted to log into the super admin account and was presented with,

Account requires administrator approval


...but it is the administrator.


Hi James

I saw this the other day after doing a database update on a test site, but i wasn't sure if i'd messed up the data while experimenting. Did you also do an update since that account was last logged in to?

If anyone can work out how to reproduce this i'll try and fix it quicky quick!

posts: 125
Jonny Bradley wrote:
I saw this the other day after doing a database update


I was not doing any updates at the time. I did notice that login attempts was greater than 0 so that could have blocked the account, though the other time I experienced this I believe login attempts was 0. Not much help, I know, so sorry!


posts: 125
Quick update on this - looks like the
unsuccessful_logins
is being maxed out, which is why the account gets disabled. Fair enough!


I guess the best way around this would be to implement recaptcha or similar.