The bruteforce protection enables safeguarding LILT app from unidentified logins. Here are the default values:
  • Default no. of failed consecutive attempts: 5 (user will get blocked in the 5th attempt, this is configurable)
  • Default block duration: 2 mins
  • Total failed attempts per day / IP: 30 (Configurable)

Unblock users

Using admin-cli / npm run dist-admin-cli commands

**NOTE: For LILT November 2023 release onwards, please use npm run dist-admin-cli instead of admin-cli. Administrators of self-managed instance can now use two new admin-cli / npm run dist-admin-cli commands:

Connect to front pod

kubectl exec -it -n lilt <front pod> -- /bin/bash

Updating the max consecutive failed attempts and block duration

yarn admin-cli update-max-failed-login-attempts -m <updatedMaxConsecutiveLogins> [-b <blockDuration>]

npm run dist-admin-cli -- update-max-failed-login-attempts -m <updatedMaxConsecutiveLogins> [-b <blockDuration>]
  • With updatedMaxConsecutiveLogins being a number that updates the default max consecutive failed login attempts before a user is temporarily blocked. Flag: -m .
  • With the optional argument blockDuration being a number that represents the minutes a user is blocked from attempting to login after reaching the max consecutive failed login attempts. Flag: -b .
    • If blockDuration is set to -1, users will be blocked indefinitely, and should be manually unblocked by admins in order to resume use of their accounts.
    • If blockDuration is set to 0 , the block duration defaults back to the platform’s default value of 2 minutes (default value subject to change in the future).

Unblocking a user

**NOTE: ****For LILT November 2023 release onwards, please use npm run dist-admin-cli instead of **admin-cli 
yarn admin-cli unblock-user -e <email>

npm run dist-admin-cli -- unblock-user -e <email>
  • With email being a string for the blocked user’s LILT email.
  • The command will unblock user who has been blocked due to multiple consecutive failed login attempts.

Unblock IP restrictions

To check and unlock IP restrictions, follow below method:
  • Connect to redis pod: 
    I have no name!@cache-redis-6bd6c7f95c-cs9zf:/$ redis-cli --tls \
    --cert /opt/bitnami/redis/certs/tls.crt \
    --key /opt/bitnami/redis/certs/tls.key \
    --cacert /opt/bitnami/redis/certs/ca.crt
127.0.0.1:6379> auth dummypass
OK
127.0.0.1:6379> KEYS *fail_ip_per_day*
1) "fail_ip_per_day:12.0.170.98"
127.0.0.1:6379> GET fail_ip_per_day:12.0.170.98
"97"
  • To reset it, delete the key-value pair, which in this case would probably go something like this: 
    DEL fail_ip_per_day:12.0.170.9
  • To unblock consecutive user lockouts, connect to redis and remove* the keys with *fail_consecutive_ip* prefix.