Voting starts in March for the Drupal Association Board election.
Drupal 7 prevents brute force attacks on accounts. It blocks login by a user that has more than 5 failed login attempts (within six hours) or an IP address that has more than 50 failed login attempts (within one hour).
The amount of failed logins is recorded in the table 'flood'. You can either wait before trying to login again (6 hours) or clean the flood table with the procedure below.
If you forgot your password, generate a new password and update the database.
Execute the following query on the Drupal database:
DELETE FROM `flood`;
If command above doesn't work try this:
TRUNCATE flood RESTART IDENTITY;
To execute this query it will be necessary to login to the database. This is typically done through the command line or through a GUI interface such as phpMyAdmin. If Drush is installed on your server, the drush sql-cli command provides quick access to an SQL command-line interface.
From the command line, with Drush installed:
drush php-eval 'db_query("DELETE FROM `flood`");'
NOTE: The query above will delete ALL entries in the flood table. If you want to remove only a specific user's entries from the flood table, the following is more specific.
DELETE FROM flood WHERE event = 'failed_login_attempt_user' AND identifier LIKE '1234-%';
(where 1234 is the UID of the blocked user)
This is a workaround to a problem. The problem is detailed here: https://www.drupal.org/node/992540
- How do I remove flood events from particular identifiers?
- How do I configure the new Drupal 7 flood control settings?