30 sec. to wait before login since update 10.0

Ecphrasis · August 25, 2016, 4:31pm

Hi all,

I have updated today my nextcloud to 10.0 Stable from 9.53 Stable. Everything got OK but a problem came :

When I log in on Firefox (same thing for Chrome), I have to wait 30 sec before files page appears. I hadn’t this problem before. I think it appeared when I have created some applications passwords I have deleted after.
Now, I have deleted all the password for applications, but the 30 seconds remain…
This is my access.log

[25/Aug/2016:18:19:31 +0200] “POST /index.php/login HTTP/1.1” 303 922 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0”
[25/Aug/2016:18:20:02 +0200] “GET /index.php/apps/files/ HTTP/1.1” 200 6639 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0”

[25/Aug/2016:17:31:26 +0200] “POST /index.php/login HTTP/1.1” 303 922 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0”
[25/Aug/2016:17:31:57 +0200] “GET /index.php/apps/files/ HTTP/1.1” 200 6639 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0”

Ideas to remove this issue ?? Thanks a lot !

EDIT : I have cut down my wifi and my cellphone had quick access to the server. So I think my IP was blocked because server think I try to bruteforce or something else. How can we control the blocked IPS and remove them ?

gouttegd · August 25, 2016, 7:10pm

Hi,

I think I have just run into exactly the same problem. In a few minutes, I changed my main passwords and created several application-specific passwords, but some of my clients attempted to connect to my server before I had the time to update their configuration with the new passwords. It was enough to have my IP flagged as a brute-forcing attacker, resulting in the same delay that you have noticed.

As far as I can tell, there is (for now) no way to modify or even access the list of flagged IPs from the administration interface. So what I did was to delete my IP directly from the SQL database:

DELETE FROM oc_bruteforce_attempts WHERE ip = ‘aaa.bbb.ccc.ddd’;

After that, all my clients could connect without any delay.

Ecphrasis · August 25, 2016, 9:39pm

Thank you very much, it works perfectly ! Glad to see there is a good anti-bruteforcing system, but some extra options would be nice to configure and repair some mistakes
Thanks again anyway, you saved my life

Klixx · August 27, 2016, 1:00pm

I hope, the brute-force protection will get a reset-button for blocked IP-adresses.

FredFS456 · August 30, 2016, 2:45pm

Second the need for a reset-button, I had to go into mysql to delete the ip as above. For posterity’s sake, if anyone encounters ‘Server took too long to respond’ on the Android app, it might be that bruteforce protection is locking you out.

sharad.jash · September 2, 2016, 8:26am

Thanks it worked for me as well.But I have a query that all my users are using via a single NAT IP ,then in that case what anyone user changes his/her password will make rest users unable to log-in.
Is there any process where it automatically detects correct user credentials before log-in instead of marking it as brute-force attacks.

tx7 · September 13, 2016, 3:14pm

This solution working for me; add this line to the config.php, and reboot the system:

'auth.bruteforce.protection.enabled' => false,

muppeth · October 17, 2016, 6:00pm

Specially when running behind proxy. Took me an hour of hair pulling.

The other question is how in that case fight with bruteforce attacks? Since the only ip accessing the server is proxy server.

Maybe it could be blocked per user instead of IP.

hechi · October 26, 2016, 10:56pm

Worked for me as well i am also behind a reverse proxy and the ip was from the proxy

LukasReschke · October 27, 2016, 10:51am

If there only would be a configuration flag for that and Nextcloud would get the proper IP.

github.com

nextcloud/server/blob/ba2b274fccdeb06ea9ddba0590644653e073d934/config/config.sample.php#L1225-L1243


/**
* List of trusted proxy servers
* 
* If you configure these also consider setting `forwarded_for_headers` which
* otherwise defaults to `HTTP_X_FORWARDED_FOR` (the `X-Forwarded-For` header).
*/
'trusted_proxies' => array('203.0.113.45', '198.51.100.128'),


/**
* Headers that should be trusted as client IP address in combination with
* `trusted_proxies`. If the HTTP header looks like 'X-Forwarded-For', then use
* 'HTTP_X_FORWARDED_FOR' here.
*
* If set incorrectly, a client can spoof their IP address as visible to
* Nextcloud, bypassing access controls and making logs useless!
*
* Defaults to 'HTTP_X_FORWARED_FOR' if unset
*/
'forwarded_for_headers' => array('HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR'),

hechi · October 27, 2016, 3:31pm

Hey LukasReschke yup i saw this and configured it after i deleted the bruteforce entries so from now on it should be fine^^

Thx a lot

tudza · November 10, 2016, 11:45am

I’ve got my Android client working with my new Nextcloud Box. It was returning “Server took too long to respond” but it is at least connecting now.

I find that using my cell data connection is faster than the WiFi connection on my LAN. I suspect I’m getting the same sort of problem described here?

If I understand correctly I can put this ‘trusted_proxies’ line in my config.php file and it might fix this. Would I use my local IP address for my phone at the moment or the one assigned by my ISP for the router as seen by the outside?