We were banned by the auth_brute_force since every attempt is coming from 127.0.0.1 (NGINX). Even Admin wasn't able to login.
2018-03-28 12:18:29,376 10645 DEBUG ******* openerp.modules.registry: Multiprocess signaling check: [Registry - old# 35 new# 35] [Cache - old# 720 new# 720]
2018-03-28 12:18:29,382 10645 WARNING ******* openerp.addons.auth_brute_force.controllers.controllers: Authentication tried from remote '127.0.0.1'. The request has been ignored because the remote has been banned after 10 attempts without success. Login tried : 'admin'.
2018-03-28 12:18:29,424 10645 INFO ******* werkzeug: 127.0.0.1 - - [28/Mar/2018 12:18:29] "POST /web/login HTTP/1.0" 200 -
How to fix this?
We were able to solve this issue by truncating the res_banned_remote table in the database. Since there is only one remote address (localhost), this will also be the only banned address for now.
# su odoo
# psql <database>
psql (x.x.xx)
Type "help" for help.
<database> => truncate res_banned_remote;
TRUNCATE TABLE
<database>=> \q
#
Related
I set up an FTP service using vsftpd on one of my Ubuntu servers. When the data was transmitted in plaintext, everything worked fine. But I need the data transmission to be encrypted, so I tried to enable TLS in vsftpd.conf. Then it will not work properly.
The version of vsftpd I installed is 3.0.3-12. The SSL certificate is self-signed by me with openssl req -x509 -nodes -keyout /etc/ssl/private/vsftpd.key -out /etc/ssl/private/vsftpd.pem -days 365 -newkey rsa:2048. Here's vsftpd.conf.
listen=YES
listen_ipv6=NO
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=NO
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
ascii_upload_enable=YES
ascii_download_enable=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.key
ssl_enable=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
require_ssl_reuse=NO
ssl_ciphers=HIGH
utf8_filesystem=YES
port_enable=NO
pasv_enable=YES
pasv_address=xxx.xx.xx.xxx(static internet ip of my server)
pasv_addr_resolve=NO
pasv_min_port=30399
pasv_max_port=30621
local_root=/var/ftp
allow_writeable_chroot=YES
The specific error is this:
When I use FileZilla in Windows, I cannot list directories after logging in correctly. It will definitely time out. I manually selected FileZilla to use passive mode.
Status: Connecting to xxx.xx.xx.xxx:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/var/ftp" is the current directory
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Response: 227 Entering Passive Mode (xxx,xx,xx,xxx,119,157).
Command: LIST
Response: 150 Here comes the directory listing.
Error: Connection timed out after 20 seconds of inactivity
Error: Failed to retrieve directory listing
I also tried on another Ubuntu server with ftp-ssl.
Connected to xxx.xx.xx.xxx.
220 (vsFTPd 3.0.3)
Name (xxx.xx.xx.xxx:root): xxx
234 Proceed with negotiation.
[SSL Cipher TLS_AES_256_GCM_SHA384]
200 PBSZ set to 0.
200 PROT now Private.
[Encrypted data transfer.]
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
550 Permission denied.
ftp: bind: Address already in use
After a few tries, I checked these things:
ufw allow 20,21/tcp
ufw allow 30399:30621/tcp
set the permissions of the FTP root directory to 777
disabled the firewall on my Windows client
I cannot find out where the problem is and it still cannot use TLS to transmit data.
So I'm hosting a website on GoDaddy and using cPanel I have to upload only one file at a time. When I try FileZilla it just says could not connect. I'm using port 21.
Heres the log:
Status: Connecting to 166.62.28.144:21...
Status: Connection established, waiting for welcome message...
Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response: 220-You are user number 6 of 500 allowed.
Response: 220-Local time is now 04:59. Server port: 21.
Response: 220-This is a private system - No anonymous login
Response: 220 You will be disconnected after 15 minutes of inactivity.
Command: AUTH TLS
Error: Could not connect to server
Status: Waiting to retry...
Status: Connecting to 166.62.28.144:21...
Status: Connection established, waiting for welcome message...
Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response: 220-You are user number 7 of 500 allowed.
Response: 220-Local time is now 05:00. Server port: 21.
Response: 220-This is a private system - No anonymous login
Response: 220 You will be disconnected after 15 minutes of inactivity.
Command: AUTH TLS
Error: Could not connect to server
I had the same issue. Ther was a problem with my network. Something to do with DNS. I basically connected to another network (phone hotspot)->other IP and it worked fine.
try using the secured FTP port 22 and then check
I faced the same issue, but this will definitely help.
Login to your cpanel.
Select the ftp account Ftp account on cpanel
Then scroll down to the list of your ftp account and click configure ftp (image)configure ftp button
Download the filezilla configuration for your server (image)filezilla configuration for your server
Afterwards go back to your filezilla software and import the downloaded file.
TO IMPORT:
Go to your filezilla software page and click file menu (image)file menu click
From the menu list click import file.
Select the file and import then try connecting.
I've been trying to use Realm Object Server deployed on an Amazon ec2 instance, using the basic Amazon Ubuntu AMI (since the Realm AMI has ROS v.1.8.3).
To use the latest ROS (v2.x) I followed Realm's instructions to use curl -s https://raw.githubusercontent.com/realm/realm-object-server/master/install.sh | bash which appears to execute successfully. I follow that script's instructions to load nvm and use its latest version.
Then I run ros start. Here's what I get:
info: Loaded feature token capabilities=[Sync], expires=Wed Apr 19 2017 14:15:29 GMT+0000 (UTC)
info: Realm Object Server version 2.0.18 is starting
info: [sync] Realm sync server started ([realm-core-4.0.3], [realm-sync-2.1.4])
info: [sync] Directory holding persistent state: /home/ubuntu/data/sync/user_data
info: [sync] Operating mode: master_with_no_slave
info: [sync] Log level: info
info: [sync] Download log compaction is enabled
info: [sync] Max download size: 131072 bytes
info: [sync] Listening on 127.0.0.1:40134 (sync protocol version 22)
info: [http] 127.0.0.1 - GET /realms/files/%2F__wildcardpermissions HTTP/1.1 200 55 - 56.996 ms
info: [http] 127.0.0.1 - GET /realms/files/%2F__password HTTP/1.1 200 44 - 53.009 ms
info: [http] 127.0.0.1 - GET /realms/files/%2F__perm HTTP/1.1 200 40 - 9.402 ms
info: Autocreated admin user: realm-admin
info: Realm Object Server has started and is listening on http://0.0.0.0:9080
info: [http] 127.0.0.1 - GET /realms/files/%2F__admin HTTP/1.1 200 41 - 4.187 ms
info: [http] 127.0.0.1 - GET /realms/files/%2F__admin HTTP/1.1 200 41 - 29.902 ms
And then...nothing. It doesn't even get me back to my ubuntu#ip-XXX-XX-XX-XX: prompt. (It's possible that this is exactly what you'd expect but I'm pretty new to these kind of processes).
When I try to access my server in the browser (my DNS:9080) the browser says Cannot GET / and the CLI says info: [http] 96.2xx.xxx.xxx - GET / HTTP/1.1 404 139 - 0.521 ms
The security groups for my ec2 instance are:
HTTP / TCP / 80 / 0.0.0.0/0
SSH / TCP / 22 / 0.0.0.0/0
Custom UDP Rule / UDP / 9080 / 0.0.0.0/0
Custom TCP Rule / TCP / 9080 / 0.0.0.0/0
I'm stuck. What am I doing wrong? Thanks for your help.
The web based dashboard was part of ROS 1.x, but was replaced by Realm Studio in ROS 2.0.
I have a ubuntu server (on Azure) running proftpd, when I try to connect to that server using FileZilla sometimes it works, sometimes it doesn't (usually it doesn't work at first... and I need to keep trying several random times before it works... and once it does it works for good...), now this is the error I receive it FileZilla logs:
Status: Resolving address of ftp.myserver.com
Status: Connecting to xx.xx.xx.xx:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Command: USER my_user
Response: 331 Password required for my_user
Command: PASS *******
Error: Connection timed out after 20 seconds of inactivity
Error: Could not connect to server
Status: Waiting to retry...
Status: Resolving address of ftp.myserver.com
Status: Connecting to xx.xx.xx.xx:21...
Status: Connection established, waiting for welcome message...
Response: 220 ProFTPD 1.3.5a Server (Debian) [xx.xx.xx.xx]
Command: AUTH TLS
Response: 500 AUTH not understood
Command: AUTH SSL
Response: 500 AUTH not understood
Status: Insecure server, it does not support FTP over TLS.
Command: USER my_user
Response: 331 Password required for my_user
Command: PASS *******
Error: Connection timed out after 20 seconds of inactivity
Error: Could not connect to server
and this is what I see in proftpd logs:
2016-08-09 10:26:37,263 FTP proftpd[33961] 10.0.0.6 (yy.yy.yy.yy[yy.yy.yy.yy]): USER my_user: Login successful.
2016-08-09 10:26:37,264 FTP proftpd[33961] 10.0.0.6 (yy.yy.yy.yy[yy.yy.yy.yy]): FTP session closed.
2016-08-09 10:26:37,468 FTP proftpd[33970] 10.0.0.6 (yy.yy.yy.yy[yy.yy.yy.yy]): FTP session opened.
I don't know why the server closes and reopens the connection after the login but I am no FTP expert...
Any thoughts on how to fix this?
Edit:
This is the content of proftpd.conf file
There are multiple possible causes for a delay at login time with ProFTPD. The most common causes are the mod_delay module (see its FAQ), or IdentLookups or UseReverseDNS.
However, since your delay happens after the PASS command has been sent, that rules out the IdentLookups or UseReverseDNS directives, as those pertain to the initial connection establishment, before any commands are sent.
Per discussion with the reporter, any latency added by mod_delay was ruled out. That leaves PAM, which, depending on the configuration (e.g. in /etc/pam.d/ftp) and the modules used, can add its own latency (over which ProFTPD has little control). To disable ProFTPD's use of PAM, you would use the following in the config:
<IfModule mod_auth_pam.c>
AuthPAM off
</IfModule>
The reporter mentioned that disabling the use of PAM did indeed remove the delay -- thus pointing out that one of the PAM modules was the root cause.
Hope this helps!
I ported vsftpd on my ARM based board running under linux 3.0.8 kernel.
When I try to establish a ftp connection to the board using Filezilla (3.7.3), I get the following error:
Status: Connecting to XXX.XXX.XXX.XXX:21
Status: Connection established, waiting for welcome message...
Response: 220 (vsFTPd 3.0.2)
Command: USER anonymous
Response: 331 Please specify the password.
Command: PASS **************
Response: 230 Login successful.
Command: OPTS UTF8 ON
Response: 200 Always in UTF8 mode.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/"
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Response: 500 OOPS: socket
Error: Failed to retrieve directory listing
Error: Connection closed by server
Command: PASV
Response: 500 OOPS: socket
Error: Failed to retrieve directory listing
Error: Connection closed by server
The configuration used for my server is as follow:
listen=YES
max_clients=2
max_per_ip=4
# Access rights
anonymous_enable=YES
local_enable=NO
write_enable=NO
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
# Security
anon_world_readable_only=YES
connect_from_port_20=YES
hide_ids=YES
pasv_enable=yes
pasv_min_port=0
pasv_max_port=0
# Features
xferlog_enable=YES
ls_recurse_enable=NO
ascii_download_enable=NO
async_abor_enable=YES
# Performance
one_process_model=YES
idle_session_timeout=120
data_connection_timeout=300
accept_timeout=60
connect_timeout=60
anon_max_rate=50000
pam_service_name=vsftpd
port_enable=YES
log_ftp_protocol=YES
There is no firewall installed in my board.
When I force the ftp connection mode to ACTIVE mode, I can connect to the server, retrieve data, upload files ...
I tried with several ftp server, but I always face the same issue.
Any idea what could be the issue?
Could be that there is some kernel module missing?