vicidial Too many login attempts try again in 15 minutes

Vicidial Admin access locked - Failed logins

Topic: vicidial Too many login attempts try again in 15 minutes

vicidial Too many login attempts, try again in 15 minutes
Too many login attempts, try again in 15 minutes

  Issue Overview:

    while logging into the vicidial admin portal, you may notice below alert

Too many login attempts, try again in 15 minutes: |6666|LOCK|
Too many login attempts, try again in 15 minutes: |admin|LOCK|
Too many login attempts, try again in 15 minutes: |xyzuser|LOCK|

  Root Cause for this issue

1. Vicidial Bruteforce Protection
    By default, Vicidial source code enabled with Brute force protection, which will Lock the User ID if 10 Failed Attempts detected and counter will be reset every 15 minutes.

2. Brute force Attack

    Due to recent Brute force attacks on vicidial servers with user-id 6666 or admin, you may notice the above said alerts.
or other users might entered wrong credentials more than 10 times.

  Workaround - Unlock user-ID

Temporary workaround 
you can Unlock the affected users by  following methods

Option 1:
1. By running the below mysql command ,which unlock the particular user
for user 6666

mysql -e "use asterisk; update vicidial_users set failed_login_count='0' where user='6666';"

for user admin
mysql -e "use asterisk; update vicidial_users set failed_login_count='0' where user='admin';"

note: just replace user= with the user-id which is LOCKED.

if above Command fails run the below mysql cli commands
mysql -p
use asterisk
update vicidial_users set failed_login_count='0' where user='6666';

note: for vicibox mysql no password set , or use default mysql credentials mysql -ucron -p1234

Option 2:
2. If you have another Admin credentials, which is not Locked,  access the vicidial admin portal in another Browser and login with another admin credentials, Followed to that modify the affected user and press just submit, which will un lock that user.

  Permanent Workarounds:

Restrict the Vicidial Portal access by any of the below mentioned methods

  Use Vicibox Firewall, that is Dynamic Portal

 Using dynamic Portal or Vicibox Firewall, you can restrict the vicidial Admin /Agent portal access to the IP's which is white listed via dynamic Portal.
Refer this Link Vicibox Firewall To configure vicibox firewall

  Vicidial Allow IP Lists Feature

    Using the Allow IP lists Feature , you can restrict admin/agent/API access to the White Listed IP by admin for User Group wise.
     Steps to enable Allow IP List and Restrict IP to whitelist per usergroups.
Enabling Allow IP List      

Navigate : ADMIN > SYSTEM SETTINGS > Allow IP List : 1

Adding the IP's to white List.

Navigate : ADMIN > IP Lists 

Select : ViciWhite IP List , Activate it by Setting YES, Followed to that Added the IP which need to access or you can say list of White Listed IP's

Enabling the IP white list in User Groups.
Navigate to Respective Usergroups ,Click Modify
User Groups > ADMIN > Modify   and enable the below options

Admin IP Whitelist : ViciWhite
Agent IP Whitelist  : ViciWhite
API IP Whitelist      : ViciWhite

  Change the Default we directory Path of vicidial Portals

     The default path to access vicidial is https://serverip/vicidial/admin.php and for agent /agc/vicidial.php,
this is well known path.
Change this default path to some other path like https://serverip/xkskiiiww/vicidial/admin.php
so that only users who this path can access.
refer this link to change the path.

  Restrict the web access only to FQDN ,instead of Direct IP access

    As the Hackers try to access your server IP, instead of FQDN ,unless they know the FQDN
you can restrict the Web access only to FQDN Check out the workaround provided in this Vicidial Forum link

  Necessary Security Measures to Protect the Vicidial Servers.

  There are so many Loop holes in Vicidial for getting hacked.
      

  Conclusion:

    The Failed Attempt trigger is mentioned in Functions.php under Vicidail webfolder

(cd /srv/www/htdocs/vicidial or cd /var/www/html/vicidial/)
$LOCK_over = ($STARTtime - 900); # failed login lockout time is 15 minutes(900 seconds)
$LOCK_trigger_attempts = 10;

Restrict the Server access only to known IP's, 
use strong password, not like P@ssw0rd, 1234,pass1234, etc.
dont use the Default Credentials likes, 6666, admin,bob etc
refer this link for Vicidial security options 
For Support Reach on skype: striker24x7

Next Post Previous Post
1 Comments
  • gopi baskar
    gopi baskar April 4, 2022 at 9:23 AM

    vicidial too many login attempts try again in 15 minutes 6666

Add Comment
comment url