Bruteforce Ip Range for LAN Uploads

ℹ️ Support
1

Hey m8s,

I updated last days to the latest nextcloud stable version. My Problem was, that a friend changed his password for his mobile device and the device was trying to login all the time and flooted the table oc_bruteforce_attempts. It took me over 12 hours to find out that 1st. it is a bruteforce attempts, 2nd. that i need to clear the table.

Well, I give you more information about my cloud:

-using Raspberry Pi 3
-Apache2
-PHP 7.0

  • using the DynDNS No-IP.com
    -upload via WLAN into the LAN
  • 2nd User running another account in LAN/WLAN.

So it does not happen again I want to set up the Bruteforce IP Whitelist. But idk what I have to enter there. Sometimes I´m accessing via WAN and usually I´m uploading the files when I´m home at the Wlan. So what I have to enter there when my Gateway is 192.168.178.1 and Nextcloud is running on 192.168.178.28 and mobil device on 192.168.178.29?
Is the connection still going out to the WAN and comes back to LAN to 192.168.178.28(NC) for uploading files or stays the connection all the time in the LAN?

So thats my support question and i have a improvement for it:
Please let the SU or an Admin notificate if an IP got to the table bruteforce_attempts. So the admin is up to date when a user comes to him and asks him what is going wrong.

Yours Sincerely

STrike

PS: You do greats jobs!

2

Hi,

Usually routers detect if the actual destination is within his own subnets and doesn’t route the requests into the Internet just to answer these requests himself later again. So if you whitelist your local addresses that should be enough.

You can use the following whitelist filter:
192.168.178.0 / 25 (for a range from 192.168.178.1 to 192.168.178.127)
or
192.168.178.0 / 24 (for a range from 192.168.178.1 to 192.168.178.254)

3

Hi.

Oh year, and what range ist with *.0 / 23?
And what happens if i use 192.168.178.1 / 25 instead of
192.168.178.0 /25?

Well, I am Using Pihole as a local DNS-Server. The router is redirecting DNS-Requests to the pi. Also, to the nextcloud. I´ve watched the table of co_bruteforce_attempts and there was the external IP of my Router. So I could connect to the WebUI, but I couldn´t upload any files threw android app.
I entered the internal IP of the Pi and Nextcloud (same device) to /etc/pihole/local.list.
But I think it´s connecting from WAN.

cheers

4

192.168.178.1 / 25 and
192.168.178.0 / 25
are the same ranges.

With 192.168.178.0 / 23 you have
192.168.178.1 - 192.168.179.254

If you’re interested in subnet calculation this is a handy online tool:
http://jodies.de/ipcalc

When it comes to DNS server configuration I have absolutely no clue.
You could run some tests and access your NC web GUI on your PC and smartphone connected to the LAN/ Wifi at home and your smartphone not connected to the Wifi, while you watch the access log of your browser. You should see the connected IP addresses. Expected behavior would be, that only your smartphone (when not connected to Wifi) accesses your server from the Internet with external address. From Wifi and LAN it should be a local address.

I don’t remember how the function is called, that detects when a DNS name has its target in the local network actually which makes the router connect the devices directly instead of routing the traffic through the internet first. But maybe you find something about that and can check your configurations.

5

Well, I tought it was only the bruteforce attempts for blocking the uploads. I´ve checked now the logs and it seems for a few files, that they coulnd´t upload, because the Sambe makes a mistake:

> Sabre\DAV\Exception\NotFound: File with name SofortUpload/2016/12/IMG_20161214_195618.jpg could not be located
/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php - line 81: OCA\DAV\Connector\Sabre\ObjectTree->getNodeForPath('SofortUpload/20...')
[internal function] Sabre\DAV\CorePlugin->httpGet(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
/var/www/nextcloud/3rdparty/sabre/event/lib/EventEmitterTrait.php - line 105: call_user_func_array(Array, Array)
/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 479: Sabre\Event\EventEmitter->emit('method GET', Array)
/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php - line 253: Sabre\DAV\Server->invokeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response), false)
[internal function] Sabre\DAV\CorePlugin->httpHead(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
/var/www/nextcloud/3rdparty/sabre/event/lib/EventEmitterTrait.php - line 105: call_user_func_array(Array, Array)
/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 479: Sabre\Event\EventEmitter->emit('method HEAD', Array)
/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 254: Sabre\DAV\Server->invokeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
/var/www/nextcloud/apps/dav/appinfo/v1/webdav.php - line 71: Sabre\DAV\Server->exec()
/var/www/nextcloud/remote.php - line 162: require_once('/var/www/nextcl...')
{main}

I got errors like this:

Sabre\DAV\Exception\BadRequest: expected filesize 1024000 got 425984
/var/www/nextcloud/apps/dav/lib/Connector/Sabre/File.php - line 105: OCA\DAV\Connector\Sabre\File->createFileChunked(Resource id #21)
/var/www/nextcloud/apps/dav/lib/Connector/Sabre/Directory.php - line 151: OCA\DAV\Connector\Sabre\File->put(Resource id #21)
/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 1096: OCA\DAV\Connector\Sabre\Directory->createFile(‘IMG_20161214_19…’, Resource id #21)
/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php - line 525: Sabre\DAV\Server->createFile(‘SofortUpload/20…’, Resource id #21, NULL)
[internal function] Sabre\DAV\CorePlugin->httpPut(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
/var/www/nextcloud/3rdparty/sabre/event/lib/EventEmitterTrait.php - line 105: call_user_func_array(Array, Array)
/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 479: Sabre\Event\EventEmitter->emit(‘method PUT’, Array)
/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 254: Sabre\DAV\Server->invokeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
/var/www/nextcloud/apps/dav/appinfo/v1/webdav.php - line 71: Sabre\DAV\Server->exec()
/var/www/nextcloud/remote.php - line 162: require_once(‘/var/www/nextcl…’)
{main}

I´m using the android App Version 1.4.3 on the Huawei Y6 2017 (MYA-L41, Android 6.0) and i uploaded last night hundrets of files. But it fails many times, i retried many times but now a few files won´t be uploaded.

Over mobile network it is sometimes faster to upload and the upload ist mostly (not tested at all) without problems. In the wlan it says it has sometimes “Connection Problems”. How i said i just tested the mobile network just with 2-3 files, because I don´t want to waste my mobile traffic :wink:
I hope anybody has an idea whats wrong.

EDIT: My old smartphone (S3 Neo, Modded with TWRP, Android 6.0.1 was faster and better with uploads and it has got less Problems like the Huawei.
EDIT2: I watched now in the Pihole interfaces and I think I can referable the “Connection Problem” to the accumulation of heat(60-70°C, last evening even 80°C). Well, the Pi was claimed all night with uploads over the Webdav. But i think it doesn´t explain the error messages in the logs.

6

Hm, I see.
Maybe you should open another thread, so that things don’t get mixed up. Maybe address this issue also in the Android area so that the appropriate people see it.

I mean it can be two things: webdav issue and maybe mobile device issue, when you say your other smartphone worked better.

7

I reinstalled all and using not the light version of my os. Thats frees a lot of CPU and RAM.
For the Bruteforce Attemptions:
For android it hasn´t yet implemented.
See:

So for Bruteforce Whitelist it´s not possible yet to add DynamicDNS to whitelist.
I finally write to solve this thread as information for other user with the same question.