Brute force attack on my server

First off good morning everyone

So I’ve been hearing in the news about a large scale brute force attack hitting many platforms and I believe I may have been one of the people attacked.

I noticed a few weeks ago when I was trying to login to my Nextcloud client it had a warning of “Too many attempts made to login, service locked for 15 seconds.” I was unable to login for awhile til I made some network adjustments and cleared the memory

Long story short after reviewing the data it looked like I was getting hit by a brute force attack.

Fortunately I have my Nextcloud pretty secure. I enabled the encryption option and fully encrypted my Nextcloud servers (highly recommended btw but will take a long time especially on larger than 25,000 files with large files like mp4 and other video options) checked all the log data didn’t see any transfers to any outside ip addresses.

Anyway I hope everyone was able to weather the storm. Definitely recommend going over the logs (love how easy they are review) and make sure if you think you may have also been affected, or you noticed a “too many attempt” login warning on your server recently.

Too the more advanced Nextcloud programmers. Any tips on hardening our systems better? What can we do to better prevent these types of things from happening?

Bruteforce you can use the bruteforce plugin to delay the login attemps (what you are apparently already using). Fail2ban and stuff, you can block connections already on the network level, so it does not hit your webserver.

For security, you can use 2 factor authentication.

The server-side encryption was designed for external storage. If the server does encryption and decryption, an attacker with control over the server can do that as well…


full ack what tflidd said. encryption doesn’t add to the application security, it only protects against attack from “malicious admin” - somebody with access to the underlying system.

Improving application security is more about securing user loging (2fa / mfa), monitoring and backups. More details are here: