vicidial.org

[dspaan]

Hey guys

One of our supervisors used the wrong credentials to login and got this screen: Too many login attempts, try again in 15 minutes: |tineke01|LOCK|

Is there any way for me to remove the lock? (as i am another admin)

The supervisor also can't login with another account because the browser session remembers the lockout.

VERSION: 2.8-435a
BUILD: 140423-1636

[mflorell]

To reset a lockout, just go to the User Modify page and submit the form(you don't have to change anything). This will reset the counter and allow another 10 password attempts without having to wait 15 minutes.

[Lokesh.vrj]

Hey guys

used the wrong credentials to login and got this screen: Too many login attempts, try again in 15 minutes: |6666|LOCK|
i have icibox 7 so i faced problem admin login
and i dont have another user admin
so please help me.....

how to unlock

[dspaan]

If you have root access you can go in the database and change the user password from there.

[Lokesh.vrj]

after change password same issue showing

i m not able to log in

[Lokesh.vrj]

any other option so help me

[blackbird2306]

Why don't you wait and try it 15 minutes later? If you don't want to wait this time you can unlock the user (6666) by typing this in linux cli:

Code: Select all

mysql -D asterisk -e 'UPDATE `vicidial_users` SET `failed_login_count` = "0" WHERE `user` = "6666";'


and if you have forgotten the password for a certain user, you can change the password by this line:

Code: Select all

mysql -D asterisk -e 'UPDATE `vicidial_users` SET `pass` = "HERENEWPASSWORD" WHERE `user` = "6666";'


[paolo]

is there a table that logs the attempts and from what IP address? I tried looking into the apache2 error and access log and didn't find any details on who caused the issue.

Thank you in advance for youanswers

[GenXOutsourcing]

Everyone

SOmeone is trying to hack Vicidial systems using the default 6666 admin user.

- [13/Mar/2022:03:24:42 -0400] "GET /vicidial/admin.php?ADD=140000000000 HTTP/1.1" 401 68 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36"

I have about 12 people report to me already.

[GenXOutsourcing]

Here is a way to block people from accessing your server by its IP address,

<VirtualHost *:80>
ServerName 2.1.94.1
Redirect 403 /
ErrorDocument 403 "Sorry, Direct IP access not allowed"
DocumentRoot /var/www/html
UserDir disabled
</VirtualHost>

Change the ServerName to your servers actual IP address and no one can access unless by domain

[martinch]

You have a few options here;

- Wait out the 15 minutes. Yes it is a pain but it locks for a reason (to prevent brute forcing of passwords).
- You can have an administrator / DBA with write access to your database simply 0 the failed_login_count

Code: Select all

UPDATE vicidial_users SET failed_login_count = '0' WHERE user = '{your_user_number_here}';

- If you're a developer, you can increase $LOCK_trigger_attempts (hardcoded to 10) within agc/functions.php to something more generous or set to -1 and flip

Code: Select all

if ($failed_login_count < $LOCK_trigger_attempts)

from less than to greater than to disable completely.

Hope this helps,
Martin.

[williamconley]

And in case anyone hasn't mentioned it yet and you're here:

If someone can "brute force" your 6666 web user login, they can also attempt to register to a SIP account. If they succeed in that, they can dial out through your carrier(s) and spend your money. If you have an "auto-pay" set up with your carrier, that can result in thousands of dollars spent overnight.

This isn't a "never happens" scenario. We used to have clients come to us routinely after blowing $8000 on calls to a country they didn't even know they could dial.

So ... WHITELIST your systems. Vicibox 10 has an improved method of doing this. IPtables is installed in all linux servers and can be modified to whitelist pretty easily. If you have an older system, we published Dynamic Good Guys firewall system (free) over a decade ago to reduce the storm on this front.

It's a slight pain to configure a whitelist system, but much less than the alternative. Brute force attacks on web, FTP, SIP, IAX2, and ssh logins, even if they fail, can still result in DDoS-like downtime. WHITELIST.

[carpenox]

Bill have you updated DGG to work on php7 or it still only works on php5?

[williamconley]

Hasn't been updated in quite a while. Not sure if that last update was 7.0 or 5.7. I will say that it's likely just "<?PHP" vs "<?" in most cases. Now that Vici has its own DynaPortal DGG isn't as "in demand", as it were.

We only use it these days when installing old systems to match old customized servers (those who cannot upgrade because they customized their Agent Interface, for example, are stuck in Old Vicidial which is stuck with Old Asterisk ... and DGG is still necessary).

[carpenox]

ah ok got it