After having 2 customers contact me from AOL that couldn't get logged into the control panels, I asked one of them to do some investigating.

They both reported similar situations, AOL internal browser, v6 and v9.




I was able to login using Mozilla, so assume that means AOL isn't blocking
port 2222 (because I'm still connecting through AOL).

The problem then would have something to do with AOL's IE browser- I've had
problems like this before- either due to AOL's caching or something involving
cookies.

I'll try resetting the defaults on the AOL/IE browser but I'll be surprised
if that's the cause. I'm thinking it's more likely something to do with
session cookies. I'll let you know.

=============
I reset the AOL program to its defaults as described in the previous
transcript I sent you, and that didn't help.

I still can't login using AOL's IE program.

I think that means there's some problem with session cookies because I had a
problem like this before with the phpBB forum (not at hostpc or hiveminds, but
at other places), and Zontar (Jon Stephens) told me that's what the problem
was. I don't know how to fix it, but he said there's some issue with setting
cookies that causes the problem. Maybe the same thing is happening with the DA
panel login.

It would be really good to fix this problem because although I can use
Mozilla to login, there will be clients on AOL who don't know how to use a second
browser.

Has anyone else encountered this? I did a search here, but couldn't find anything. Is it a "bug" that can be addressed?

Are they using 'http://' infront of the address? I know IE doesn't like it if you try www.example.com:2222 . http://www.example.com:2222 works though.

I'm using http://##.###.##.###:2222

Getting to the login page is no problem. But when I enter the username and password and click 'Login', it takes me to the same login page but with the form fields cleared. (clicking 'Login' doesn't take me anywhere. I can't login.)

Thats exactly the problem I was trying to express... glad to see I'm not alone ... hopefully John will have a "solution" to this issue.

Howdy. Fancy meeting you here. ;)

what can I say, they make me look good :)

The problem could be related to the AOL proxy. I posted similar problems I was having, when I used the squid proxy. It is possible that AOL is using a similar one. The symtoms you describe are exactly what I was seeing. You will also see a line similar to :
$datetime: $ipsrc has tried to log in 15 times, unsuccessfully, this time into (null)'s account ***

in your /var/log/directadmin/security.log file. If you are seeing that, then I would suspect you are having the same problem I was. At least I can choose a different proxy (Netscape), and it will work, AOL users do not really have that choise.

Bingo!

2003:10:20-21:54:32: xxx.xxx.xxx.xxx has tried to log in 11 times, unsuccessfully, this time into (null)'s account ***
2003:10:20-21:54:53: xxx.xxx.xxx.xxx has tried to log in 12 times, unsuccessfully, this time into (null)'s account ***
2003:10:20-21:55:04: xxx.xxx.xxx.xxx has tried to log in 13 times, unsuccessfully, this time into (null)'s account ***
2003:10:20-21:55:12: xxx.xxx.xxx.xxx has tried to log in 14 times, unsuccessfully, this time into (null)'s account ***

Now the question is, what's the solution :)

toml wrote:
The problem could be related to the AOL proxy.
That's what I meant when I said:
I've had problems like this before- either due to AOL's caching or something involving cookies.
The solution? One way is to stop using port:2222 and just make the login page a regular .php/.whatever. I'm thinking AOL is treating the :2222 like a .html page (HTML is cached). If it were a .php page it wouldn't be cached. That's assuming when the form is submitted it's submitting to itself.

Another way would be to perform some sort of magic via HTTP headers:
http://hiveminds.w1.factorsofi.com/phpBB/viewtopic.php?p=16907#16907
aka
http://hiveminds.info/phpBB/viewtopic.php?p=16907#16907

There is a little more to it than that. The proxy issue I had would also cause another problem. If it was able to log you in, the next link you clicked on would bounce you back to the login page. So, you might make it to the main page, but after that you would be back at the login page again. I ran into the same problem when dealing with Cox Communicaions webmail, it just doesn't like this proxy.

If AOL allows you to get past the login and it acts fine, then the proxy issue I am describing is not what they are seeing.

Hmm..

Have a look in /home/tmp/da_sess*

to see if it's even getting that far. (have to know the ip of the AOL user)... I'm thinking it's a cookie issue where it's not remembering the session ID being sent to it.

John

That's what Zontar at HiveMinds.info told me when I asked him why I sometimes have problems with the phpBB Forum. (I'm fine at some phpBB Forums but not at others.) He said the cookies have to be set a certain way -- and that there are 2 places where they're set.

I'm having this same problem - when I log in, I just get the login boxes (blank) again instead of an error message. I'm using Earthlink with IE, not AOL. I used to be able to log in without any problem, this just started. I reset my IE security to medium, specifically allowed cookies from my domain, turned off pop-up blockers and ad-watch, etc. No good. Did you ever find a solution for this?

Hello,

Nothing has been changed as of yet, as no cause has been found. It's possible that the cookies are being improperly set. The cookie is sent with each reply header, but I'm curious what he meant by "... there are 2 places where they're set".. that could be it right there, the "unknown 2nd place" :)

John

The answer to this was found already right?

There is a very easy fix to this. While you are logged into AOL all you have to do is minimize the AOL window and open a regular Internet Explorer window. AOL's browser introduces a lot of problems when you try to use non-standard ports.

Originally posted by cwallace
There is a very easy fix to this. While you are logged into AOL all you have to do is minimize the AOL window and open a regular Internet Explorer window. AOL's browser introduces a lot of problems when you try to use non-standard ports.

Are you an AOL "dialup" user, or do you "bring your own" connection?

I haven't used AOL in years but back when I had a dial-up account with them for testing I had similar problems with AOL's built in browser. I always used IE for browsing and had no problems.

Don't forget Mozilla -- http://www.mozilla.org/products/ ;)

I don't know if this will help or not, but my understanding is that AOLs proxy should not be cacheing https connections.

Have those of you who have users experiencing the problem tried with a secure-cert protected access to the DA login and interface?

Jeff

I experience the same problem when I have Earthlink's accelerator on. I think the cause might be due to how DA handles sessions. They appear to be tied to a specific IP. Once you're kicked out though, you have to login again.

AOL and EL proxies constantly change a customer's IP even on the current connection. When I have the accelerator on, I'll either get kicked out right away or can go a few pages then be kicked out. EL changes our IPs that frequently though it's usually kept within a certain IP range per connection. Once I turn it off, I can stay in however long I want.

Originally posted by jlasman


Have those of you who have users experiencing the problem tried with a secure-cert protected access to the DA login and interface?

Jeff

Would that intall modifying the custom apache configuration? I don't see anything in my netstat -anp for direct admin other than my non-secure port of 2222.

It's pretty simple; here's a thread:

http://www.directadmin.com/forum/showthread.php?s=&threadid=63

To find more, simply search the forums for:

secure login

Since your admin password has been severely compromised by logging in insecurely, be sure to change it once you've enabled secure logins.

Jeff