First off good morning everyone
So I’ve been hearing in the news about a large scale brute force attack hitting many platforms and I believe I may have been one of the people attacked.
I noticed a few weeks ago when I was trying to login to my Nextcloud client it had a warning of “Too many attempts made to login, service locked for 15 seconds.” I was unable to login for awhile til I made some network adjustments and cleared the memory
Long story short after reviewing the data it looked like I was getting hit by a brute force attack.
Fortunately I have my Nextcloud pretty secure. I enabled the encryption option and fully encrypted my Nextcloud servers (highly recommended btw but will take a long time especially on larger than 25,000 files with large files like mp4 and other video options) checked all the log data didn’t see any transfers to any outside ip addresses.
Anyway I hope everyone was able to weather the storm. Definitely recommend going over the logs (love how easy they are review) and make sure if you think you may have also been affected, or you noticed a “too many attempt” login warning on your server recently.
Too the more advanced Nextcloud programmers. Any tips on hardening our systems better? What can we do to better prevent these types of things from happening?