Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to effectively obtain the source of a CAPTCHA LOCK in Butbucket Server/DC?

Felix Herzog
Felix Herzog
Contributor
October 15, 2018

Hi,

in our company (about 1000 git users) we have the problem that some users forget where they set up their credentials. Some use Jenkins and configure credentials per job. Some have installed more than 3 GIT clients using different credential-stores... etc. mostly you can't imagine whar crude ideas they have.
The problem is: we have a policy to change the user password in a regularly basis. This leads these users into a problem: always having their account captcha-locked due to password change and not knowing which "client" is causing this.

For me, as admin the Problem is: How can I obtain the IP-address or Repository (for possible job search) a system is trying to access and causes the CAPTCHA lock?

What is the effecitve way to look into the atlassian-bitbucket.log or atlassian-bitbucket-access.log and find an answer to the question:
When and which IP-adress is causing a captcha lock for user <xyz>?

 

looking only for "captcha" in the access-log I only find:

"<IP> | https | o@PE2R7Xx957x831907x1 | - | 2018-10-12 15:57:50,515 | "GET /captcha HTTP/1.1" | "https://gitserveradress/login" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0" | 200 | 0 | 9220 | - | 275 | 120zft0 |"

this sadly does not answer WHOM account. It also seems it does not show up if a GIT-CLIENT is getting/requesting via pull and gets a captchalock response.

We only have https access enabled.

 

Any ideas? thank you so much.

 

Answer
Watch
Like Be the first to like this
747 views

1 answer

0 votes
Stephen Sifers
Stephen Sifers
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 23, 2018

Hello Felix,

First of all, This is a great questions. 

Digging through the logs, Database and audit files I was able to find the following:

As you stated, the access log will show when something is locked out or prompted with a Captcha, but it does not say whom.

Similarly, when you query the database, you can see whom has been locked out and prompted with Captcha, but not from where. Here is the query for that:

SELECT *
FROM cwd_user_attribute as atr
JOIN cwd_user as us ON atr.user_id=us.id
JOIN 
WHERE atr.attribute_name = 'failedAuthenticationAttemptCount' AND atr.attribute_value >= '5' ;

There is nothing available in either of these logs or correlate Who from Where, which is what you are asking.

With that said, I was able to find what you were looking for within the audit logs of BitBucket. The Audit log is located within your log directory here:

BitBucketDir/log/audit/atlassian-bitbucket-audit.log

 Output within the log is as follows:

0:0:0:0:0:0:0:1 | AuthenticationFailureEvent | otheruser | 1111111111111 | otheruser | {"authentication-method":"form","error":"For security reasons you must answer a CAPTCHA question."} | @123456789hgf | bxlqsv

The above output will show IP address, Username, Authentication failure and Captcha question. For more information on the BitBucket Audit log, see here: https://confluence.atlassian.com/bitbucketserver/audit-logging-in-bitbucket-server-776640417.html

-Stephen Sifers

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.