My guess the problem is, that after a password change, some app (in my case - android client) bursts attempts to login with the old password, which looks like a brute-force attack for the server, which locks out the IP.
It was no -docker situation. If it is like I think, a bug should be registered.
Deleting records in oc_bruteforce_attempts from database fixes it (untill next password change?). Thanks @jotatr.
I havenât been able to confirm if this fixed it yet as the person who was affected by this uninstalled the app and hasnât yet reinstalled, but I thought I would follow up with this method in case anyone else might find it simpler.
Same issue here. I think caused by the latest Android app update. It kept trying to tell me to âGrant Accessâ even though Iâve used the app on that device for months now. But, even trying web access from my laptop gave the same error so I had initially ruled that out.
The clues and solution found by @Da01W6hwz proved helpful to me with one nuance I think worth mentioning. In my case, the IP address was 127.0.01 which at first didnât make sense to me. Then I remembered that my nextcloud is running on apache behind an nginx reverse proxy on the same host. So, all requests appear to come from the localhost regardless of where or what device they actually originated. Hope this helps someone.
On a snap install,
sudo /snap/bin/nextcloud.occ security:bruteforce:reset 127.0.0.1
solved the issue (culprit was also the nextcloud smartphone app, after a password change).
Youâve to check out what database youâre using. In case youâre using mysql/mariadb youâll find the solution above. Just delete everything in oc_bruteforce_attempts with delete FROM oc_bruteforce_attempts;
Please be sure youâre able to do that in a proper way âŚ
It would be very nice to have an occ command to list the offending IPs and to delete all or a selection. The situation at this time is horrible!
Thanks heaps. This should really be easier to discover. What happened my end is I changed my Nextcloud password. Then my clients of course stopped working so I had to reconnect them. I made a few mistakes along the way and looks like I tripped this bruteforce detector. Iâd like, as admin to recent emails when bruteforce login efforts are rejected!
This almost drove me nuts. I set up a new NC installation, with the same old domain, but did not restore the old accounts. So, 3 phones 3 computers with all the DAVx5, NC clients etc. tried to log in with invalid logins, so⌠I get locked out.
Although the posts above are somewhat helpful, not one presented me with the detailed solution, step-by-step.
Therefore, for those beginners like me,
Below is how I solved the problem on any Debian/Ubuntu based nc installation.
(Should work for NCP, NC-TurnKey LXC on Proxmox, etc.)
Logout from all your clients (mobile/desktop/CalDav etc.
Go to any âshow my IPâ homepage to see what IP you currently have (or use the terminal, router, or, and⌠and and⌠many ways to find out your IP)
then go to the terminal of your Nextcloud instance and use the following command to reset your IPâs login attempts:
This worked for me also.
I am running NC on a Raspberry Pi in my home LAN (no outside access). I added an SD card for data storage. I messed up the reconfiguration of the data directory to the SD card, so I uninstalled and reinstalled (using snap again). Got the SD card working for the data repository. Then my android wouldnât log in (too many attempts). I ran this command and it worked!
Thanks.
Thank you! This was driving me nuts as well and your post was the key as I had also forgot about the clients I had running and kept getting the error even after I had performed the reset.
For someone may be install NC from ă snap ăand meet this problem.
follow my steps:
sudo nextcloud.mysql-client
use nextcloud
SHOW TABLES;
select * from oc_bruteforce_attempts; #check whether there is attack to serve
delete FROM oc_bruteforce_attempts;
I am using NextCloud Snap with Ubuntu 22 LTS. No extra modifications, just vanilla snap installation.
I have a NginX Reverse Proxy seating between my NextCloud Server and my Public IP (Router)
Off late, I am being plagued by this issue. Specially with NextCloud 24.
I have narrowed it down to following action, which is triggering it for me or my users.
Adding / Signing up a new device or any old / existing user
Even if the new device is accessing this nextcloud from same network location (same public ip) as the existing user already logged into from other devices, still this new device will trigger this warning !!
For a non technical uses like, could you please explain what it actually does to our installation?
Mainly, is it a onetime execution? Meaning, will it completely disable this Brute-Force attack prevention? Or the feature will stay active just the IPs shown in that table getâs white listed? or it will just reset and and continue work like default and block again so I would need to redo this step for unblocking?