Is there some kind of time frame they have to wait, if they try to login to many times with a failed login?

(it seems clearing their cache works, but there should be an admin thing maybe, that they can clear or unblocked those)

Or a time frame that it states to them..

"to many failed login attempts, please wait ## minutes"  or something like that

I have the same problem as administrator... :/

Is there any way to reset admin password from console and reset login attempts

Still looking for some info about this...

When the DJ tried to log in today, using the correct login info, It gave them the same error again.
When they tried clearing the cache, it didnt work like the last time.

Is there some way that the message can be cleared through the database or some other way that an admin can clear it?  Rather than just deleting and recreating, but does it read the users IP and puts a block on the IP or something?

Sorry for the late reply; forums have been taking a back seat to our huge helpdesk ticket volume, unfortunately.

The message is intentionally vague to avoid giving an attacker information about exactly when he can resume a bruteforce attack.  You can configure this feature in detail in the admin settings, including the number of login failures that trigger the lockout as well as the duration of the lockout in minutes.

There is no UI for removing bans because, unless you configure it otherwise, the bans are only 10 minutes in length.  By the time a user could complain about being banned, he would already be un-banned.

Clearing the browser cache won't do a thing, unless the browser has (incorrectly) cached the page that displays the login failure message.

As for how it's tracked, yes, it's in the database and it's pretty straightforward.  Check the login_bans table and just remove the row with the "ipaddress" column you want to un-ban.

Ah great, okay, thank you very much!