Cannot login into Admin UI, I am presented a page with message “too many bad logins! try again later”. I’ve cpcmd rampart:unban M.Y.I.P, flushed evasive, flushed recidive, to no avail.
Any help appreciated, thanks.
Restarted server, all ok now. Still curious what was happened, any lead is welcomed.
This is covered by Anvil, which is a separate system of ApisCP. Restarting the service (systemctl restart apiscp) or resetting your password through the “Forgot Info?” link will reset the counter for that IP. You may reset the password for any non-admin account.
To reset the admin password, cpcmd auth:change-password 'NEWPASSWORD'.
Thanks Matt! You have a very security-focused system here 
Still reading your very comprehensive docs and like Apis more and more.
How is restarting apiscp affecting the other active services?
This happens to me as well, often just from having ApisCP open in my browser for an extended period of time. I’ve had to restart ApisCP from terminal about 4 times in the last month due to the issue.
I also tend to keep the UI open until I learn more about Apis, but we shouldn’t. Once work done, close the connection. In that case I seldom get a message “Postback failed!!!”, probably Argos. However, on another install with the same tendency to keep UI open, this did not happened, despite ~ same bots activity. So, I suspect that in my case, maybe Anvil hit because after hardening with pubkey I forgot to set PasswordAuthentication to no in sshd_config (in other case I didn’t).
This happens when you have multiple roles open in different tabs. A new session identifier is generated when you login as another account, which overwrites subsequent AJAX requests in other tabs. I’ll add a 401 response and cease further AJAX requests in the next release. 
Each invalid request, AJAX included, increments the Anvil counter. Likewise it’s cleared on successful login.
1 Like