Vicidial Too many login attempts try again in 15 minutes

  Issue Overview:

while logging into the vicidial admin portal, you may notice below alert

Too many login attempts, try again in 15 minutes: |6666|LOCK|Too many login attempts, try again in 15 minutes: |admin|LOCK|Too many login attempts, try again in 15 minutes: |xyzuser|LOCK|

  Root Cause for this issue

1. Vicidial Bruteforce Protection

    By default, Vicidial source code enabled with Brute force protection, which will Lock the User ID if 10 Failed Attempts detected and counter will be reset every 15 minutes.
2. Brute force Attack

    Due to recent Brute force attacks on vicidial servers with user-id 6666 or admin, you may notice the above said alerts.
or other users might entered wrong credentials more than 10 times.

  Workaround - Unlock user-ID

Temporary workaround you can Unlock the affected users by  following methods
Option 1:1. By running the below mysql command ,which unlock the particular userfor user 6666

mysql -e "use asterisk; update vicidial_users set failed_login_count='0' where user='6666';"

for user admin

mysql -e "use asterisk; update vicidial_users set failed_login_count='0' where user='admin';"

note: just replace user= with the user-id which is LOCKED.
if above Command fails run the below mysql cli commands

mysql -p

use asterisk

update vicidial_users set failed_login_count='0' where user='6666';

note: for vicibox mysql no password set , or use default mysql credentials mysql -ucron -p1234

Option 2:

2. If you have another Admin credentials, which is not Locked,  access the vicidial admin portal in another Browser and login with another admin credentials, Followed to that modify the affected user and press just submit, which will un lock that user.

  Permanent Workarounds:

Restrict the Vicidial Portal access by any of the below mentioned methods

  Use Vicibox Firewall, that is Dynamic Portal

 Using dynamic Portal or Vicibox Firewall, you can restrict the vicidial Admin /Agent portal access to the IP's which is white listed via dynamic Portal.

  Vicidial Allow IP Lists Feature

    Using the Allow IP lists Feature , you can restrict admin/agent/API access to the White Listed IP by admin for User Group wise.     Steps to enable Allow IP List and Restrict IP to whitelist per usergroups.Enabling Allow IP List      
Navigate : ADMIN > SYSTEM SETTINGS > Allow IP List : 1
Adding the IP's to white List.
Navigate : ADMIN > IP Lists 
Select : ViciWhite IP List , Activate it by Setting YES, Followed to that Added the IP which need to access or you can say list of White Listed IP's
Enabling the IP white list in User Groups.Navigate to Respective Usergroups ,Click ModifyUser Groups > ADMIN > Modify   and enable the below options
Admin IP Whitelist : ViciWhiteAgent IP Whitelist  : ViciWhiteAPI IP Whitelist      : ViciWhite

  Change the Default we directory Path of vicidial Portals

     The default path to access vicidial is https://serverip/vicidial/admin.php and for agent /agc/vicidial.php,
this is well known path.
Change this default path to some other path like https://serverip/xkskiiiww/vicidial/admin.php
so that only users who this path can access.

  Restrict the web access only to FQDN ,instead of Direct IP access

    As the Hackers try to access your server IP, instead of FQDN ,unless they know the FQDNyou can restrict the Web access only to FQDN.    

  Conclusion:

    The Failed Attempt trigger is mentioned in Functions.php under Vicidail webfolder

(cd /srv/www/htdocs/vicidial or cd /var/www/html/vicidial/)$LOCK_over = ($STARTtime - 900); # failed login lockout time is 15 minutes(900 seconds)

$LOCK_trigger_attempts = 10;