Unlocking Users Locked by CloudBlue Commerce Brute-Force Attack Protection

In order to protect against brute force attacks, CloudBlue Commerce temporary locks a user account (staff member or service user) after several sequential failed login attempts.

After a user is locked, a corresponding screen is displayed at the next login attempt.

The length of the lock-out period is configured by your provider. If necessary, you can unlock a user before the end of the lock-out period.

You can access a list of locked users (users temporarily restricted from accessing the control panel after several sequential failed login attempts), on the Account Settings > More Tools > Locked Users screen.

The list shows the following information:

  • User Name - email of the locked user.
  • IP address - IP address, from which the login attempts were performed.
  • Locked at - timestamp the user was locked at.
  • Unlock on - timestamp the user will be unlocked on.

Important: If the IP address filed reads "Unknown" and the Unlock on filed reads "According Active Directory Settings", it means that a user was locked during login attempts directly to some online service, for example OWA. In this case, the user will be applied the lockout policies set by your provider.

Generally, a locked user is unlocked automatically after the lock-out period set by the provider is over. Sometimes, it may be necessary to manually unlock a user before the lock-out period ends - for example, upon request from a locked customer.

To manually unlock a user, perform these steps:

  1. On the Account tab, go to Account Settings > More Tools > Locked Users.
  2. Select the name of the user you wish to unlock and click on the Unlock button.

After the user is unlocked, the user's record disappears from the list.