What's new

Unable to login to the web ui: You have entered an incorrect username or password 5 times.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

neurostimulant

New Around Here
Today I tried to login to my router and greeted with this message. Not sure what caused this, I tried to restart the router but no dice, the countdown won't reset back to zero.

I do have SSH access to the router though. Is it possible to reset the countdown from SSH?

Thanks!

Screenshot from 2023-09-12 16-45-14.png
 
Restarting the httpd service does allow access to the login page, but any login attempt will result in ERR_EMPTY_RESPONSE. At this point, reloading the page will bring back the "You have entered an incorrect username or password 5 times" error message like before.

Screenshot from 2023-09-12 20-52-18.png
 
Is http://192.168.0.1 the IP address of the router or the upstream device (broadband provider's modem, router, etc.) the Asus router is connected to.

If you haven't done so already, perhaps try a pin/button reset. Press in and hold the reset button for 5-10 seconds. One may have to perform some configuration after performing a reset.
[Wireless Router] How to reset the router to factory default setting? (Method 2)
Or one may have to go hard core and do a hard factory reset, procedure for doing so varies by router.
 
Yes, 192.168.0.1 is the router's ip address.

I'm hoping to avoid doing configuration reset because I still have access to router's ssh service.

> Try from a different PC/laptop/phone.

I used different devices and different web browsers and still not working. It immediately shows the "You have entered an incorrect username or password 5 times" even though I haven't attempted any login from that device. Using browser's incognito/private window mode is not working too.

> Try using HTTP instead of HTTPS: http://192.168.0.1

This router is configured to use https for its web ui, so accessing via HTTP will just showing a message to open it via https.
 
Yes, 192.168.0.1 is the router's ip address.

I'm hoping to avoid doing configuration reset because I still have access to router's ssh service.

> Try from a different PC/laptop/phone.

I used different devices and different web browsers and still not working. It immediately shows the "You have entered an incorrect username or password 5 times" even though I haven't attempted any login from that device. Using browser's incognito/private window mode is not working too.

> Try using HTTP instead of HTTPS: http://192.168.0.1

This router is configured to use https for its web ui, so accessing via HTTP will just showing a message to open it via https.

Do you have wan access enabled? Sounds like someone may be trying a brute force. Or maybe something on your LAN.
 
I'm pretty sure I didn't enable wan access, and even if I did, I actually put this router behind another (2) routers (I use the dual wan feature to switch the primary wan when one goes down), so I'm pretty sure this router is not reachable from the internet. I'll try disconnecting from both upstream routers and see if works.
 
I'm seeing the exact same behaviour on a new GT-AXE16000. It was only after I had updated the admin password though. Access via the mobile app appears to work correctly. Will post further if I managed to solve it.
 
Make sure you don`t have anything on your network doing port scanning or such. There's been cases in the past where it was a security software that was scanning for open port 80 on a LAN that triggered the brute force protection on the router.
 
It looks like your router is being flooded with brute force traffic. One way is to change the port. But this only gives you short-term login access, and you have to find the device trying to brute force your router.

Commands to change HTTPS port:
Code:
nvram set https_lanport=8443
nvram commit
This value cannot be 443, otherwise it will conflict with AiCloud.

Commands to change HTTP port:
Code:
nvram set http_lanport=80
nvram commit
This value cannot be 8080, otherwise it will conflict with AiCloud.

Then restart the HTTPD service.
Code:
service restart_httpd

Then open the router admin page on the browser with the new port you modified.
Code:
https://192.168.0.1:newport


----------------------------
Some other useful commands that may help you:

Change the access method of the admin page, http or https
Code:
nvram set http_enable=0
nvram commit
0 is http only
1 is https only
2 is both

And this:
 
Last edited:
Thanks, I'm going to try changing the https port.

> It looks like your router is being flooded with brute force traffic

Is there any log file I can review from ssh to figure out if this is the case and to the possible source of the ddos?
 
Still getting the same error message after changing the https port. I noticed the countdown has been decreased this time. When I first noticed the issue, it was rapidly increasing every time I access the login page. Still, at this rate it'll going to take 20 days until the timer reach zero. I'm not in a hurry though so that might be an option if nothing else works.

Screenshot from 2023-09-14 02-02-20.png
 
Please check if you have WAN access enabled to rule out attacks from outside.
Code:
nvram get misc_http_x
If the command value returns 0 it means you are safe and do not have WAN access enabled.

You can use the following command to view the log:
Code:
cat /tmp/syslog.log

If you confirm that your LAN is the cause of this, try to remove all LAN devices as much as possible, like removing the ethernet connected devices, turning off WiFi using a physical button, and finally wired LAN only connecting your computer, then use SSH to restart HTTPD and see if it still happens.
Code:
service restart_httpd

If your device cannot disconnect from the Internet, another method is to use the router's admin page access restriction function. This method is dangerous and may result in you being locked out of the router.

First you need to know the IP address of the computer you use to log into your router using SSH. Below, I assume your IP address is 192.168.0.2. Then enter the following commands:
Code:
nvram set http_client=1
nvram set http_clientlist="<192.168.0.2"
nvram set enable_acc_restriction=1
nvram set restrict_rulelist="<1>192.168.0.2>3"
nvram commit
service restart_httpd && service restart_firewall
Make sure you enter the correct IP address for your computer, otherwise you will be locked out of the router. In that case resetting the router is the only way.

The commands to undo changes are: (Of course, provided you don’t lock yourself out)
Code:
nvram set http_client=0
nvram set http_clientlist=""
nvram set enable_acc_restriction=0
nvram set restrict_rulelist=""
nvram commit
service restart_httpd && service restart_firewall
 
Last edited:
Still getting the same error message after changing the https port. I noticed the countdown has been decreased this time. When I first noticed the issue, it was rapidly increasing every time I access the login page. Still, at this rate it'll going to take 20 days until the timer reach zero. I'm not in a hurry though so that might be an option if nothing else works.

View attachment 53030

Your timer is no longer increasing rapidly because you changed the port and whatever is brute forcing or scanning it has now been blocked, so now the timer can start to decrease. So if you reboot or possibly reset the router you should be good now. However you need to find what is scanning or attacking it or you'll just have the same problem after resetting it (and you want to figure out what it is anyway). Why do you have 3 routers anyway? Sounds like you've got a mess of a network and possibly security breaches that all that complexity is going to make it very hard to track down.
 
I'll try disconnecting from both upstream routers and see if works.
So, have you tried this? Completely remove/isolate the affected router from the local network (including no WAN connection), and disconnect any Wifi clients connected to the router, then connect only a single computer to it via wired Ethernet, reboot or power cycle the router, then check if the issue persists.

I know you said you didn't want to do a reset because reasons, but sometimes a reset is the easiest way to deal with troubleshooting oddball issues or problems. Even if a reset doesn't work to fix the issue, at least one can tick off that troubleshooting checkbox.
 
if you reboot or possibly reset the router you should be good now.

Restarting the router actually increased the countdown timer:
Screenshot from 2023-09-15 02-59-00.png


Why do you have 3 routers anyway? Sounds like you've got a mess of a network and possibly security breaches that all that complexity is going to make it very hard to track down.
The other 2 routers are fiber optic router combos provided by my ISPs. I have two ISPs and use the asus router's dual wan feature to setup automatic failover to reduce downtime as much as possible so when one goes down, the router would automatically change its primary WAN to the other. Those two ISPs are not reliable and often down at the most inconvenient time, but never at the same time so far, so I always have internet without manually switching ethernet cables or connecting to a different AP. Those two routers can't access devices in the Asus router's network. I don't have admin access to those two routers though so I can't see what's going with their setup or check if they're actually insecure.

I know you said you didn't want to do a reset because reasons, but sometimes a reset is the easiest way to deal with troubleshooting oddball issues or problems. Even if a reset doesn't work to fix the issue, at least one can tick off that troubleshooting checkbox.
Resetting the router would be very disruptive to my work at the moment (I work remotely), so I'll do it later when I have some extended free time.

Edit: forgot to mention disconnecting all WANs and all devices but one actually does nothing. The countdown timer still there when the router restarted, and the countdown reset back up to around 31735 minutes after every restart. I'm actually curious if this problem would resolve itself after the countdown reaches zero in 22 days (or perhaps the router web ui would show another error message).
 
Last edited:
There's something wrong with that countdown timer. It should start at 5 minutes and zero seconds (5:00), not >31,700 minutes (>22 days)!
 
I ended up doing factory reset on the router and configure everything again. This time I made sure to backup the router settings so if the issue happen again, at least I can do the factory reset and restore the settings instead of manually configuring the router again.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top