Page 1 of 1

Application error - 27

Posted: 28 Aug 2017, 11:59
by vaishu.igs
Hi ,

I am new to mantis., I am getting an Application Error #27, " You have reached the allowed activity limit of 10 events within the last 3600 seconds; your action has been blocked to avoid spam, please try again later. "

Can you please tell the steps to resolve the above issue.

Re: Application error - 27

Posted: 28 Aug 2017, 18:53
by atrol

Re: Application error - 27

Posted: 26 Jul 2018, 20:19
by Mophilly
I followed the link provided and what struck me was the lack of explanation of the usage and behavior. It is all well and good to provide a technical definition, but the OP clearly stated that he/she was new to Mantis.

Given the lack of experience of the OP, I suggest that a bit of context would have been more helpful.

Re: Application error - 27

Posted: 27 Jul 2018, 06:23
by atrol
@Mophilly not sure what you are asking for. Do you need additional information to understand the anti spam configuration?

Re: Application error - 27

Posted: 27 Jul 2018, 19:23
by Mophilly
Thanks for asking. I appreciate your assistance in the forums and with the project.

These sorts of values need some context to allow a new user, or even an old one, to gauge the impact. Some discussion can be quite helpful.

- What is the behavior of the app is the value of $g_antispam_max_event_count is increased to, say, 20?

- Is $g_antispam_max_event_count sort of binary, effectively off or on?

- Are there any general guidelines for changing the setting for $g_antispam_time_window_in_seconds and $g_antispam_max_event_count?

- How is "event" defined?

Currently I have one user, and only one user, who is suffering from this. However, it is a user in a key account. The browsers involved are Internet Explorer 11 and Chrome. So, will disabling help this user or simple open the app to malicious attacks?

Any advice along these lines would be helpful.

Re: Application error - 27

Posted: 27 Jul 2018, 21:12
by atrol
Maybe this is a better wording to understand antispam functionality:

Antispam measures are not active if signup is disabled, as we assume that we can trust manually created users.
They are also not active if the access level of the user is greater than the default access level, e.g. if your default access
level is REPORTER (default setting out of the box), users with access level DEVELOPER are not affected by the antispam measures.
Mophilly wrote: 27 Jul 2018, 19:23 - How is "event" defined?
Each entry you can see in history is counted as an event.
e.g. if a user creates an issue, adds a note and assigns the issue is counted as three events.
Mophilly wrote: 27 Jul 2018, 19:23 - What is the behavior of the app is the value of $g_antispam_max_event_count is increased to, say, 20?
Users that are affected by antispam measures can create 20 events in one hour (assuming you did not change $g_antispam_time_window_in_seconds)
Mophilly wrote: 27 Jul 2018, 19:23 - Is $g_antispam_max_event_count sort of binary, effectively off or on?
It's the maximum number of events during $g_antispam_time_window_in_seconds to allow for users that are affected by anti spam measures.
Set it to 0 for unlimited events
Mophilly wrote: 27 Jul 2018, 19:23 - Are there any general guidelines for changing the setting for $g_antispam_time_window_in_seconds and $g_antispam_max_event_count?
Hard to say. Default settings allow users to create 10 events in one hour. You have to adjust depending on your complaining users and any spam attack you might encounter.
Mophilly wrote: 27 Jul 2018, 19:23 Currently I have one user, and only one user, who is suffering from this. However, it is a user in a key account. The browsers involved are Internet Explorer 11 and Chrome. So, will disabling help this user or simple open the app to malicious attacks?
It seems this user has just access level of REPORTER.
To deactivate antispam measures for this user, you could
- deactivate antispam measures in general (set $g_antispam_max_event_count = 0), or
- provide a higher access level to this single user, e.g. UPDATER, or
- deactivate antispam measures for this single user (set antispam_max_event_count = 0 in database via page Manage > Configuration)

Re: Application error - 27

Posted: 27 Jul 2018, 21:21
by Mophilly
Excellent! Thank you for the information. It will certainly help us.