I run from a Truenas and the DELETE command does not work! Any idea for help (as I don’t know such things…)
Need help… going around in circles. Using Truenas, which really wont let me do anything much. How do I find this oc_bruteforce_attempts file?
You’ve to check out what database you’re using. In case you’re using mysql/mariadb you’ll find the solution above. Just delete everything in oc_bruteforce_attempts with
delete FROM oc_bruteforce_attempts;
Please be sure you’re able to do that in a proper way …
It would be very nice to have an occ command to list the offending IPs and to delete all or a selection. The situation at this time is horrible!
4 Likes
Thanks heaps. This should really be easier to discover. What happened my end is I changed my Nextcloud password. Then my clients of course stopped working so I had to reconnect them. I made a few mistakes along the way and looks like I tripped this bruteforce detector. I’d like, as admin to recent emails when bruteforce login efforts are rejected!
Odd, I had this issue, but I didn’t change my password. I did the same fix you did, it works.
Having the same issue with my dockerized NC 22 install now, non of my account’s passwords were changed recently however.
This almost drove me nuts. I set up a new NC installation, with the same old domain, but did not restore the old accounts. So, 3 phones 3 computers with all the DAVx5, NC clients etc. tried to log in with invalid logins, so… I get locked out.
Although the posts above are somewhat helpful, not one presented me with the detailed solution, step-by-step.
Therefore, for those beginners like me,
Below is how I solved the problem on any Debian/Ubuntu based nc installation.
(Should work for NCP, NC-TurnKey LXC on Proxmox, etc.)
-
Logout from all your clients (mobile/desktop/CalDav etc.
-
Go to any “show my IP” homepage to see what IP you currently have (or use the terminal, router, or, and… and and… many ways to find out your IP)
-
then go to the terminal of your Nextcloud instance and use the following command to reset your IP’s login attempts:
sudo -u www-data php /var/www/nextcloud/occ security:bruteforce:reset 0.0.0.0
Note: replace 0.0.0.0 with your IP address.
That should solve it.
if your have NC installed as a snap see this post below
13 Likes
This worked for me also.
I am running NC on a Raspberry Pi in my home LAN (no outside access). I added an SD card for data storage. I messed up the reconfiguration of the data directory to the SD card, so I uninstalled and reinstalled (using snap again). Got the SD card working for the data repository. Then my android wouldn’t log in (too many attempts). I ran this command and it worked!
Thanks.
Thank you! This was driving me nuts as well and your post was the key as I had also forgot about the clients I had running and kept getting the error even after I had performed the reset.
1 Like
Thanks, helped me as well!
For someone may be install NC from 【 snap 】and meet this problem.
follow my steps:
sudo nextcloud.mysql-client
use nextcloud
SHOW TABLES;
select * from oc_bruteforce_attempts; #check whether there is attack to serve
delete FROM oc_bruteforce_attempts;
4 Likes
Hello,
I am using NextCloud Snap with Ubuntu 22 LTS. No extra modifications, just vanilla snap installation.
I have a NginX Reverse Proxy seating between my NextCloud Server and my Public IP (Router)
Off late, I am being plagued by this issue. Specially with NextCloud 24.
I have narrowed it down to following action, which is triggering it for me or my users.
Adding / Signing up a new device or any old / existing user
Even if the new device is accessing this nextcloud from same network location (same public ip) as the existing user already logged into from other devices, still this new device will trigger this warning !!
It’s getting very annoying and troublesome !!
Thanks.
Hello,
Thanks for the post
For a non technical uses like, could you please explain what it actually does to our installation?
Mainly, is it a onetime execution? Meaning, will it completely disable this Brute-Force attack prevention? Or the feature will stay active just the IPs shown in that table get’s white listed? or it will just reset and and continue work like default and block again so I would need to redo this step for unblocking?
Thanks.
So I figured it out for me… I am on the latest version of Ubuntu and I was following a tutorial that had some extra settings at the end, statiing to make the config.php owned by root:www-data and perms set to 660… Well, on a hunch I figured that was it and this is how I fixed mine. Keep in mind these need to be recursive throughout /var/www but I will just cover the config.php.
$ sudo chown www-data:www-data /var/www/nextcloud/config/config.php$ sudo chmod 770 /var/www/nextcloud/config/config.php$ sudo -u www-data php --define apc.enable_cli=1 /var/www/nextcloud/occ \ security:bruteforce:reset 192.168.x.x$ sudo systemctl restart apache2
Also… FYI, I just did a clean install where my nextcloud data directory moved from a spinning 7200 RPM ZFS Pool to a 16TB m.2 ZFS pool and already I can see syncs are blazing fast. I mainly did it for speed whenever I share a link, especially a video link.
Pro tip, the new Ryzen Chips paired with an Asus Hyper Gen 4 card I was able to get a total of eight Crucial P5 Plus 2TB m.2 SSDs (6600Mbps) in a ZFS pool, total of 16TB. It’s pretty cool cause the new Ryzen chips finally come with a small but useful integrated graphics so I didn’t need a GPU, I used the x16 slot for the hyper card. All eight m.2 SSDs are running at full PCIe gen 4 speeds and I didn’t have to pay Threadripper or Epyc prices.
waymo
In case you are running Nextcloud AIO, the command is
sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ security:bruteforce:reset 0.0.0.0
3 Likes
run:
shell the nc instance running on truenas
apt update
apt install sudo
then run:
sudo -u www-data php /var/www/html/occ security:bruteforce:reset 0.0.0.0 (change to ur IP)
Come on… Really? 
Let’s try it…
This is it! Fixed. Thank you.
In my case, it was the reverse proxy configuration causing the problem. I forgot to set it up to forward the request IP to the Nextcloud server.
Brute force protection — Nextcloud latest Administration Manual latest documentation
1 Like