UCM Weblogin loop


#1

Hi all

I have having a odd issue only with UCm weblogin to a remote site

I enter my credentials and uponlogin within a sec I am logged back out again . The weblogin page appears again and this happens over an over.

  1. using chrome I tried IE and firefox same result
  2. cleared browser history
  3. 2 other UCM are also doing he same thing they belong to the same client at different locations.

Any idea whats goin on here…
Thanks


Feature Request : Ban / Block Invalid Extenion Registration Attempts
#2

That happens if another person logs in with the same account after you do.

Check if the “idle timer” (it’s called something similar) is set to 1 and increase it. Or it could be an issue with the firewall, since the same customer might have the same device in all the location.

Quick tip/test: in your case try using “incognito” in the browser to see if that does the trick.


#3

I would agree
You typically get logged out because your login caused them to log out so they log back in and kick you out.


#4

A good suggestion is to only use the “admin” ID for those things that only it, as a Super Administrator can do and create unique regular admin IDs for each each administrator’s regular use.


#5

Hi thanks

  1. I did try incognito mode when first experienced the issue
  2. only one admin account which is myself
  3. no other users are logged in

*** leaning more towards the Sonicwall firewall waiting for administrator to check and confirm but i have a strong feeling his just going to say it the ucm** if the firewall is not happy with a selfsigned cert and can block local clients from connecting to that server ( all on local network) then it can surly block external clients from connecting to a server ( UCM ) which is behind the firewall even if portforwarding is set. Not sure but thus far seems like the only plusable reason

  1. tried to log in today still the same issue

Cyfo what is the idle time where is it located i tried to look for it on another sytem

Change information => login settings ( if set to zero user will not be automaically logged out)
is this the setting you talkig about

Thanks for input much appreciated


#6

Think this is the reason PABX was attacked , the attacker overloaded the syetm with login attempts and its seems like has and attempt was being made so often even when I logged in i was trown out has the ucm returned the attacker back to sign in page.

obviously the fail to ban worked really well here but the ip kept changing
anyway surpirsed the sonciwall firewall could not stop this


#7

That’s what happens when you open your doors to the whole world.
NEVER open the doors to “any” but must be opened in ACL, or you will find the server there like a sieve.


#8

I agree with @damiano70

The more you can lock down the port at the firewall level the less this will be allowed to happen.


Anyone else have this IP trying to hack your system?
#9

Yes agreed unfortunalty we do not manage the firewall I have the admin to allow just one range form our ISP and block all else.