All devices (desktop and mobile) on my home IP (*, Delft, Zuid-Holland) can access the Postcrossing homepage, but whenever I try to navigate to the Community by clicking “Forum (NEW)”, it reports “Login Error: There is a problem with your account. Please contact the site’s administrator.” during SSO.
The virtual machine located at * (Delft, Zuid-Holland, currently in use) is not affected by the said error and can access both Homepage and Community.
Yes.
Try logging out from your Postcrossing account on the main website and then go come to the forum again following the link the menu. Any difference?
Nothing changed on my home PC, still reported the same Login Error.
My virtual machine session logged off during the process, but was still able to login.
Any difference if you access the forum through it’s front page instead of the custom link of the menu?
Any output on the browser console?
sso_login:1 Failed to load resource: the server responded with a status of 500 ()
c715b2206d6afb0e5a97509fd693bdab3f78393b.js?__ws=community.postcrossing.com:83 Uncaught ReferenceError: jQuery is not defined
at c715b2206d6afb0e5a97509fd693bdab3f78393b.js?__ws=community.postcrossing.com:83
at c715b2206d6afb0e5a97509fd693bdab3f78393b.js?__ws=community.postcrossing.com:83
sso_login:1 Failed to load resource: the server responded with a status of 500 ()Try the safe-mode and disable everything. If that helps, disable only some things until understanding what causes it.
No changes after disabling everything. Still the same login error.
If I recall correctly, the SSO login/logoff issue was discussed in a few earlier posts. Could it be that a fix applied elsewhere is causing the issue?
I think it’s unrelated, since your account works elsewhere otherwise.
You said it also fails to work with other browsers on the same PC? Can you double check?
Do you have anything in your computer that may be blocking access to some URLs like a firewall or some security software?
I attempted to login on Edge and Chrome on my desktop PC, all returns login error. This is the same for my laptop. No additional security software is used other than built-in Windows Security.
My phone was able to access the forum (using previously save credentials) last night using home WiFi when posting the topic initially, but became inaccessible with the same error after the manual “logoff all” from VM.
If you try with that phone where it stopped working on wifi, but try now with mobile data (or some other wifi network), same thing?
I tried using mobile data and I was able to access the community page no problem. I can continue to use the page (without logout) after switching back to home Wi-Fi. It no longer works after sign out.
Probably this issue has something to do with my home IP somehow being blocked by a link in the authentication chain, which caused the login failure specific to this IP.
I have found something — can you give it another go?
Yep. Everything working now.
May I ask, what was problem?
Somehow Discourse had added that IP to its list of “Screened IPs”. It’s not clear to me why and in which cases that happens. Normally it would be to prevent multiple signups but that doesn’t apply with this forum. Please let me know if it happens again and apologies for the trouble.
Also, thank you for all the help (and patience) in tracing this — if it happens to others, then we’ll know where to look first.
I see the problem now.
My ISP is using carrier NAT in this neighbourhood (simply, one public IP corresponds to many private client IP). I overlooked this fact during my troubleshooting as I incorrectly assumed that I was assigned a public IP by my ISP.
So it’s likely that some people in my neighbourhood using the same ISP was potentially spamming (or more likely, tried to legitimately sign up for forum) that cause Discourse to flag this IP.
I would admit, blacklisting IP address is a cruel & effective approach to stop spamming. But in a world where IPv4 addresses has already exhausted, it’s a less-elegant solution.
In the end, to quote Wikipedia:
In cases of banning traffic based on IP addresses, the system might block the traffic of a spamming user by banning the user’s IP address. If that user happens to be behind carrier-grade NAT, other users sharing the same public address with the spammer will be mistakenly blocked. This can create serious problems for forum and wiki administrators attempting to address disruptive actions from a single user sharing an IP address with legitimate users.