• V20: 3CX Re-engineered. Get V20 for increased security, better call management, a new admin console and Windows softphone. Learn More.

Solved Too many incorrect login attempts.

Status
Not open for further replies.

Helmut72

Free User
Joined
Aug 24, 2017
Messages
30
Reaction score
2
Hi,

I read that I should try a different IP and / or wait 30 minutes but whenever and from wherevere I try I cannot log in. Is there a way to edit the database or so? I do not have multiple Admin Accounts.

Thank you!
 
Hi Helmut,

I would suggest an alternative, go to the PBX Status page, click Blacklisted IPs. If there is already a blacklisted entry for your current IP, make sure to delete it first. Now add a new entry to whitelist your own IP address if you are the admin, so you will never be blacklisted.
 
I would suggest an alternative, go to the PBX Status page, click Blacklisted IPs. If there is already a blacklisted entry for your current IP, make sure to delete it first. Now add a new entry to whitelist your own IP address if you are the admin, so you will never be blacklisted.

That's the plan but how if I cannot login.
 
For the moment, you will have to log in from another IP address (ie. from your mobile using LTE)

By the way, were you logging in as a user extension with administrator rights, or were you logging in as the global administrator?
 
For the moment, you will have to log in from another IP address (ie. from your mobile using LTE)

By the way, were you logging in as a user extension with administrator rights, or were you logging in as the global administrator?

I can't. Whatever device I try I immediately get the error. Tried from my iPad using LTE, no way. Tried ~20 different IPs within my network, no way.

I'm logging in as "admin" / global administrator.
 
it would seem that you are using the wrong password if you keep getting blocked. is this possible?
 
it would seem that you are using the wrong password if you keep getting blocked. is this possible?

Following https://signup.it-communicationsltd.co.uk/knowledgebase/2/Recover-3CX-Admin-Password.html I extracted the backup file from this morning and checked the XML file:

helmut@3CX:~$ sudo cat ./838914536Db.xml | grep -i -A5 -B5 webserver
<Type>String</Type>
<Value>/var/lib/3cxpbx/Instance1/Data/Ivr/Prompts/onhold.wav</Value>
</Parameter>
<Parameter>
<Description>The admin pass</Description>
<Name>WEBSERVERPASS</Name>
<Type>String</Type>
<Value>The password I'm using</Value>
</Parameter>
<Parameter>
<Description>The admin ID</Description>
<Name>WEBSERVERUSER</Name>
<Type>String</Type>
<Value>admin</Value>
</Parameter>
<Parameter>
<Name>TNL_CLIENT_PASSWORD</Name>
helmut@3CX:~$

So the password should be correct.
 
maybe try rebooting the server, not sure if that will help but it would seem it won't hurt to try
 
maybe try rebooting the server, not sure if that will help but it would seem it won't hurt to try

Of course I already did so. :)
 
Did you or another admin perhaps enabled Console Restrictions under the PBX Security Settings?
 
Did you or another admin perhaps enabled Console Restrictions under the PBX Security Settings?

Not that I'd know of another admin. I have ssh access, can I check something from there?
 
If console restrictions were indeed enabled, it will not allow you to connect from anywhere other than the allowed range (i.e the machine's local range).

Open your backup, look in the XML file in the root folder of the backup and search for:

XML:
<Parameter>
  <Description>Restrict access to specific IP whitelist</Description>
  <Name>IP_WHITELIST</Name>
  <Type>String</Type>
  <Value>["xxx.xxx.xxx.xxx"]</Value>
</Parameter>
 
If console restrictions were indeed enabled, it will not allow you to connect from anywhere other than the allowed range (i.e the machine's local range).

Open your backup, look in the XML file in the root folder of the backup and search for:

XML:
<Parameter>
  <Description>Restrict access to specific IP whitelist</Description>
  <Name>IP_WHITELIST</Name>
  <Type>String</Type>
  <Value>["xxx.xxx.xxx.xxx"]</Value>
</Parameter>

XML:
<Parameter>
  <Description>Restrict access to specific IP whitelist</Description>
  <Name>IP_WHITELIST_RESTRICTED</Name>
  <Type>String</Type>
  <Value>1</Value>
</Parameter>
<Parameter>
  <Description>Restrict access to specific IP whitelist</Description>
  <Name>IP_WHITELIST</Name>
  <Type>String</Type>
  <Value>[]</Value>
</Parameter>
 
Ok then you have enabled console restrictions, without adding a whitelisted IP.

This means the PBX will only allow connections from its local subnets.

You can either connect via one of those subnets (example)
1591263930639.png


Or restore a backup via commandline with that option disabled.
Example: Left side = Enabled, Right Side = Disabled
1591263836383.png
 
Yes! Thank you very much, worked! BTW, my network is 192.168/16 so I wonder why I still couldn't log in although 192.168/16 is whitelisted. Anyway, thanks.
 
  • Like
Reactions: JohnS_3CX
Perhaps, there is some internal NAT that makes the traffic appear to come from another subnet as far as the PBX can see.

Regardless, I'm glad to hear it is now resolved :)
 
Perhaps, there is some internal NAT that makes the traffic appear to come from another subnet as far as the PBX can see.

Regardless, I'm glad to hear it is now resolved :)

My guess is that it used my IPv6 which was / is not whitelisted as it is dynamic. Can I disable IPv6 in 3CX? I tried to remove IPv6 from the OS (Debian) but then 3CX webconsole service (TCP/5001) wont start. I could remove

Code:
listen [::1]:5001 ssl hhtp2;

from /var/lib/3cxpbx/Bin/nginx/conf/nginx.conf but I'm not sure if that is the preferred way. Unticking " Automatically Bind to IPv6 Adapters if present." didn't help.
 
Last edited:
It's best not to modify nginx at all, leave it as it was. Disable IPv6 from here:
1591269959384.png

Then edit your Debian interface options to disable IPv6 straight from the network interface (google how to do it for Debian 9)

When you are done, reboot the machine so everything starts up and binds to IPv4 only.

As always, keep a backup handy off of the machine just in case anything does not go according to plan
 
Status
Not open for further replies.
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.