How to trace failed login attempts and Captcha login challenges in Bamboo
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
This article demonstrates how to monitor specific users and trace their login attempts sources looking to find and reduce Bamboo Captcha challenge occurrences.
Diagnosis
Bamboo accounts are constantly prompted with Captcha challenges.
Cause
Multiple failed login attempts for a user account cause captcha challenges. As a security mechanism, Bamboo enforces a Captcha challenge that must be passed before the legitimate user is granted access to the system. When used appropriately, this is a suitable abuse prevention mechanism, but responding to captchas on every login prompt becomes a burden when other actors abuse the user from unknown sources.
Solution
Bamboo will not log Captcha challenges by default. To capture the source IP address of all login attempts and also find when a specific user was locked out because of many failed login attempts, increase the debug logging of the following package:
com.atlassian.bamboo.user
After the user is confirmed as being locked out with a captcha prompt, scan the logs for the failed tentatives:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
$ grep bamboo_user atlassian-bamboo.log
2023-12-15 08:16:31,968 DEBUG [https-jsse-nio-45927-exec-10 url: /userlogin.action] [BambooAuthenticator] User 'bamboo_user' with IP address: 192.168.56.1, 10.0.9.6 failed to log in.
2023-12-15 08:16:31,973 DEBUG [https-jsse-nio-45927-exec-10 url: /userlogin.action] [BambooLogUtils] Bamboo operation time: Authentication checks for bamboo_user took 376 ms
2023-12-15 08:16:31,975 DEBUG [https-jsse-nio-45927-exec-10 url: /userlogin.action] [LoginInformationManagerImpl] Authentication attempts for bamboo_user: 1
2023-12-15 08:16:45,287 INFO [https-jsse-nio-45927-exec-10 url: /userlogin.action] [DefaultAuthenticator] login : 'bamboo_user' could not be authenticated with the given password
2023-12-15 08:16:45,287 WARN [https-jsse-nio-45927-exec-10 url: /userlogin.action] [DefaultAuthenticator] login : 'bamboo_user' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
2023-12-15 08:16:45,288 DEBUG [https-jsse-nio-45927-exec-10 url: /userlogin.action] [BambooAuthenticator] User 'bamboo_user' with IP address: 192.168.56.1, 10.0.9.6 failed to log in.
2023-12-15 08:16:45,288 DEBUG [https-jsse-nio-45927-exec-10 url: /userlogin.action] [BambooLogUtils] Bamboo operation time: Authentication checks for bamboo_user took 239 ms
2023-12-15 08:16:45,290 DEBUG [https-jsse-nio-45927-exec-10 url: /userlogin.action] [LoginInformationManagerImpl] Authentication attempts for bamboo_user: 2
2023-12-15 08:16:51,247 INFO [https-jsse-nio-45927-exec-10 url: /userlogin.action] [DefaultAuthenticator] login : 'bamboo_user' could not be authenticated with the given password
2023-12-15 08:16:51,248 WARN [https-jsse-nio-45927-exec-10 url: /userlogin.action] [DefaultAuthenticator] login : 'bamboo_user' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
2023-12-15 08:16:51,248 DEBUG [https-jsse-nio-45927-exec-10 url: /userlogin.action] [BambooAuthenticator] User 'bamboo_user' with IP address: 192.168.56.1, 10.0.9.6 failed to log in.
2023-12-15 08:16:51,249 DEBUG [https-jsse-nio-45927-exec-10 url: /userlogin.action] [BambooLogUtils] Bamboo operation time: Authentication checks for bamboo_user took 352 ms
2023-12-15 08:16:51,250 DEBUG [https-jsse-nio-45927-exec-10 url: /userlogin.action] [LoginInformationManagerImpl] Authentication attempts for bamboo_user: 3
2023-12-15 08:16:51,251 DEBUG [https-jsse-nio-45927-exec-10 url: /userlogin.action] [LoginInformationManagerImpl] Login failure threshold exceeded for bamboo_user, a CAPTCHA challenge will be issued.
In the logs above, we can see the following:
Three failed login attempts as the user
bamboo_userThe connections are coming from the IP addresses:
192.168.56.1, 10.0.9.6A captcha challenge was enforced after the third login
Once the troubleshooting is complete, remember to restore the debug level of com.atlassian.bamboo.user package back to WARN as that class logging may become quite noisy during regular operations
Additional information
Check the following KB article to know how to clean up the Captcha from the Bamboo database without forcing a successful login:
Was this helpful?