We have a big problem with blocked logins because we are running NextCloud in a Docker environment and whenever a user repeatedly tries to log in with wrong credentials, the internal IP of the service is blacklisted and no-one can login anymore since the IP is the same for each user. Maybe I misinterpret this, but at least this is what we observe.
Here, 10.0.9.107 is the IP of the Docker service running NextCloud and not the IP of the user.
I repeatedly need to truncate oc_bruteforce_attempts; to enable the login again. Is there a way to relax this?
The main cause of this is that we recently switched to a new LDAP service and some people are still running clients on their laptops/phones/tables with the old credentials.
'trusted_domains' =>
array (
0 => 'localhost',
1 => 'the.domain.of.the.server',
2 => '10.0.9.107',
3 => '10.0.9.*', // added a wildcard in case the IP changes, might need class B
),
and I added this to look for the header entry from HAProxy
Iâd still like to be able to disable brute force detection. We are running our nextcloud instance within a private network, and no access from outside is possible. Brute force detection makes little to no sense here and I think there just SHOULD be an option to disable it anyway.
For now, Iâll try to relax it using the directions from this thread.
Hello! I have a question about this, i run a Debian VM(inside Proxmox on a Raspi) with NextCloudPi with an access from the web via dynDNS. When i try to login from the web over my dynDNS-address i get the same error message, but when i try it locally it works fine
I tried the settings in config.php but it doesnt work for me, i installed no reverse proxy, or is there an automatic reverse proxy with the NextCloudPi Project? I think i tipped âNoâ when there was a question for a proxy during installation
i have a dynDNS because i have no static IP for my Router at home
Here my settings:
âtrusted_proxiesâ =>
array (
11 => â127.0.0.1â,
12 => â::1â,
13 => âhttps://mydynDNS.orgâ,
14 => â77.xx.xx.xxâ (this was my IP from today),
0 => ââmydynDNS.orgââ,
1 => â192.168.178.10â,
4 => â192.168.178.0/24â,
5 => â203.0.113.45â,
6 => â198.51.100.128â,
7 => â192.168.178.1â,
),
âtrusted_domainsâ =>
array (
0 => âlocalhostâ,
7 => ânextcloudpiâ,
5 => ânextcloudpi.localâ,
8 => ânextcloudpi.lanâ,
3 => âmydynDNSl.orgâ,
11 => â77.12.xx.xxâ,
1 => â192.168.178.XXâ,
14 => ânextcloudpiâ,
20 => âm,ydynDNS.orgâ,
21 => â127.0.0.1â,
22 => â192.168.178.10â,
),
When i try to login from the web over my dynDNS-address i get the same error message, but when i try it locally it works fine
What error message specifically?
If youâre not using a reverse proxy, then the above values for trusted_proxies are unnecessary. In addition, even if you are using a reverse proxy, the only entry you should need is the IP address of your proxy. Lastly, hostnames and URLs (e.g. https://) are completely bogus values to have so those need to go.
For trusted_domains you really only need 1-3 values in most cases: your permanent hostname (e.g. blah.mydyndns.org) and then maybe localhost and/or 127.0.0.1 and/or your internal IP address). Since youâre using NCP, I supppose itâs a good idea to keep the nextcloudpi* ones too. There is no need to update this constantly when your public IP address changes unless youâre not using your hostname to access Nextcloud for some reason.
I translated it from german: Several invalid login attempts from your IP address have been detected. The next login will therefore be delayed by 30 seconds.
The question is, why does the bruteforce app detect these logins as risk. I can show the oc_bruteforce_attempts in mariadb if this can help too
Okay i probably got the solution, its very simple as always
I have multiple devices which are connected to nextcloud, i had on my old setup a nextcloud installation on ubuntu. But I used the same dynDNS, the same Users and different accounts for devices for the new nextcloud. But i changed the passwords. I forgot about to connect my new devices to the new proxmox nextcloud. And basically my iphone or ipad is always with me and has the same network, so always there are many wrong login attemps where i am using a browser.
I found the solution in the logs and the mariadb bruteforce attemps folder
thanks for your help! i am sorry for wasting your time
next time i should make a clean reset for all my devices