Authentication very slow to pass

nicowizz · March 31, 2017, 11:47am

Hello,

I installed nextcloud for 5 days on a VPS, everything works fine. But today, without having anything touched the authentication is very slow to pass. Once authenticated OK. I’m not in mysql. I rebooted the server it is the same.

Have you ever had this problem?
Thank you

linucksrox · March 31, 2017, 1:56pm

If the server detected bruteforce attacks on your username, this can cause slow authentication. Check to see how many entries are in the oc_bruteforce_attempts table with your username, and optionally clear them out.
I think they will eventually add a way to do this on the Admin page when you log in, but this is the only way I know to do this for now.

nicowizz · March 31, 2017, 9:18pm

Thank you ! and ‘auth.bruteforce.protection.enabled’ => false,

linucksrox · April 3, 2017, 1:05pm

I didn’t mean for you to completely disable bruteforce protection, but I understand that it’s inconvenient to have to clean up the table manually for now.

nicowizz · April 3, 2017, 10:17pm

Thank you, yes I know but it’s only me because this is a test serveur.
May be , it’s webdav, in my log of apache , I have many many connections.

>  78. - delphine [04/Apr/2017:00:11:53 +0200] "PROPFIND /nextcloud/remote.php/webdav/ HTTP/1.1" 207 1037 "-" "Mozilla/5.0 (Windows) mirall/2.2.4 (build 2) (Nextcloud)"
    > 78. - admin [04/Apr/2017:00:12:09 +0200] "PROPFIND /nextcloud/remote.php/webdav/ HTTP/1.1" 207 1038 "-" "Mozilla/5.0 (Windows) mirall/2.2.4 (build 2) (Nextcloud)"
    > 78- delphine [04/Apr/2017:00:12:23 +0200] "PROPFIND /nextcloud/remote.php/webdav/ HTTP/1.1" 207 1037 "-" "Mozilla/5.0 (Windows) mirall/2.2.4 (build 2) (Nextcloud)"
    > 78.3 - admin [04/Apr/2017:00:12:41 +0200] "PROPFIND /nextcloud/remote.php/webdav/ HTTP/1.1" 207 1038 "-" "Mozilla/5.0 (Windows) mirall/2.2.4 (build 2) (Nextcloud)"
    > 78 - delphine [04/Apr/2017:00:12:53 +0200] "PROPFIND /nextcloud/remote.php/webdav/ HTTP/1.1" 207 1037 "-" "Mozilla/5.0 (Windows) mirall/2.2.4 (build 2) (Nextcloud)"

joshp23 · May 28, 2018, 5:31pm

You could take @linucksrox solution from post #2 and put it to a script:

<?php
$sql = new mysqli ("localhost", "USERNAME", "PASSWORD", "DATABASE_NAME");
mysqli_query($sql, "Truncate oc_bruteforce_attempts");
$sql->close();
?>

and add a cron job that looks something like this:

30 2 * * * /path/to/truncate.php

in order to keep from having to manually. The above job will execute every day at 2:30 AM. This keeps you free from having to disable brute force all together.