Brute force protection needs Improvements

The brute force protection really needs an improvement in functionality. If you install a new nextcloud instance and/or change passwords the block list is filled up within seconds if you got many aktive clients in the environment. That’s very annoying and it is no fun to always delete the blocked IPs manually.
A positive example is the simple but effective GUI of Fail2ban , which handles all following tasks:

  • Option to disable brute force protection
  • Option to look up blocked clients/IPs
  • Option to whitelist blocked clients/IPs
  • Option to clear the all blocked clients/IPs

There is an option to whitelist IPs. You need to download the Brute-force settings app for that.

1 Like

I know this app, but it’s functionality is not is not sufficient. IMHO the functionality I have mentioned above should be directly implemented in the Nextcloud configuration.

I totally agree. This security app is essential but unfortunately missing basic functions.

I’m in the same situation. The manual solution is a pain in where you don’t want any pain…

  • How to manually do this:
    Connect to your mysql then
    use nextcloud
    DELETE FROM oc_bruteforce_attempts WHERE ip = ‘x.x.x.x’;

There is an open issue on github:

But it seems sadly dead from end 2017.

Even more sadly I’m too incompetent to code or to help…

1 Like

This is a very useful App, thanks.

Would be great if the App would list blocked IPs and offer unblocking.