How can i block some IP Address that trying to bruteforce system

Thadsanasit_Peangkae · November 20, 2023, 4:23am

How can i block some IP Address that trying to bruteforce system.

devnull · November 20, 2023, 4:40am

Maybe you can look the app Geo Blocker or use failtoban.

Thadsanasit_Peangkae · November 20, 2023, 5:04am

Dear devnull

I’m already try geo blocker but not working for me.
Can you have the way that only block specific ip address.

Thx

chrissi55 · November 20, 2023, 5:23am

If you are using linux (ubuntu e.g.) for your nextcloud server you may think of firewall rules such as ufw

then you may block ip adresses for the whole system by

sudo ufw deny from {ip-address-here} to any

see here for further information:
https://www.cyberciti.biz/faq/how-to-block-an-ip-address-with-ufw-on-ubuntu-linux-server/

or if you “only” want to harden your NC instance then you may prefer to install fail2ban as devnull already mentioned

gist.github.com

https://gist.github.com/GAS85/957e0b1a4f30120225a7be09b173eb24

nextcloud_fail2ban.md

Fail2ban and Nextcloud
=====================================

## Prerequsits

* Ubuntu 20.04
* nextcloud, fail2ban and e.g. iptables are installed

## Note

This file has been truncated. show original

alternative using security by community
by crowdsec instead of fail2ban
→ Wechsel von fail2ban zu crowdsec - Carsten Rieger IT-Services

Thadsanasit_Peangkae · November 20, 2023, 5:31am

Dear chrissi55

also trying to block ip from os but still not working as picture in below.

Thx you

chrissi55 · November 20, 2023, 5:38am

maybe the order of the DENY and ALLOW rules?!

Your “DENY” is not at the top of your rules files, correct?
Is there a file in /etc/ufw/user.rules ?

also see this post having the same problem as yours

I am not using docker but as described here in “docker worlds” some things are different

Thadsanasit_Peangkae · November 20, 2023, 6:31am

Dear chrissi55

Great!!! change order of ufw is working for me.

Thank you bro,