Page 1 of 1
Vicidial Logs failed login attempts
Posted:
Fri Oct 01, 2021 12:09 am
by striker
Hi
where can i find the logs of failed attempts for vicidial admin ,agent, api logins...
Re: Vicidial Logs failed login attempts
Posted:
Fri Oct 01, 2021 6:30 am
by mflorell
There is no full log of failed logins by default currently because that is actually a crash risk. We had one client who was receiving 1,000,000+ login attempts per hour and in a couple days the log file containing the failed attempts filled their hard drive and crashed their database.
What we have instead is a count of the most recent failed login attempts and the IP address that the last attempt as made from. This data is in the vicidial_users table, in the following fields:
failed_login_count, last_login_date, last_ip
The "failed_login_count" field is reset to 0 every 15 minutes, but after 10 failed login attempts the account cannot be logged into until the count is reset again.
Re: Vicidial Logs failed login attempts
Posted:
Fri Oct 01, 2021 6:33 am
by carpenox
Is there a ready made report for this?
Re: Vicidial Logs failed login attempts
Posted:
Sat Oct 02, 2021 6:31 am
by mflorell
There is currently no report for this.
Re: Vicidial Logs failed login attempts
Posted:
Sat Oct 02, 2021 12:04 pm
by striker
thanks @mflorell
i found the Admin failed login attempts response with 401 error code and getting logs in ssl_access_log with client ip.
but the api and agents gives 200 ok for failed attempts
and also i noticed the agent api response shows the sql query ,as show below is the normal ?
ERROR: Invalid Username/Password: |6666|1234|0|0|BAD|0|api|SELECT count(*) from vicidial_users where user='6666' and pass='1234' and user_level > 0 and active='Y' and ( (failed_login_count < 10) or (UNIX_TIMESTAMP(last_login_date) < 1633192948) );|
trunk version.
VERSION: 2.14-829a
BUILD: 210911-1958
Re: Vicidial Logs failed login attempts
Posted:
Sat Oct 02, 2021 2:20 pm
by mflorell
Yes, the admin.php script uses HTTP auth, while the APIs uses variables to do auth(and also allow non-auth responses) so this is working as intended.