Ip not actively throttled

Vincent_Stans · July 4, 2024, 7:12pm

I have this message at the security tab. all tho my settings are set in dutch this line appears in english. now obviously I know english as i’m typing but I just don’t understand the meaning of this sentence. ( ip masked with XX )

Your remote address was identified as “XX.XX.XXX.XXX” and is not actively throttled at the moment.

Server configuration detail

Operating system: Linux 5.15.0-107-generic #117-Ubuntu SMP Fri Apr 26 12:26:49 UTC 2024 x86_64

Webserver: Apache/2.4.59 (apache2handler)

Database: mysql 10.6.16

PHP version: 8.2.4

Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, json, random, Reflection, SPL, session, standard, sodium, cgi-fcgi, mysqlnd, PDO, xml, apcu, bcmath, bz2, calendar, ctype, curl, dom, mbstring, FFI, fileinfo, ftp, gd, gettext, gmp, iconv, igbinary, imagick, intl, exif, mcrypt, memcache, msgpack, mysqli, OAuth, odbc, pdo_mysql, PDO_ODBC, pdo_sqlite, Phar, posix, pspell, raphf, readline, redis, shmop, SimpleXML, soap, sockets, sqlite3, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, xmlreader, xmlrpc, xmlwriter, xsl, zip, http, memcached, Zend OPcache

Nextcloud version: 28.0.7 - 28.0.7.4

Updated from an older Nextcloud/ownCloud or fresh install:

Where did you install Nextcloud from: unknown

Signing status

List of activated apps

Enabled:
 - activity: 2.20.0
 - admin_audit: 1.18.0
 - announcementcenter: 6.8.1
 - audioplayer: 3.4.1
 - bruteforcesettings: 2.8.0
 - calendar: 4.7.8
 - cloud_federation_api: 1.11.0
 - contacts: 5.5.3
 - contactsinteraction: 1.9.0
 - cookbook: 0.11.1
 - data_request: 1.15.0
 - dav: 1.29.2
 - end_to_end_encryption: 1.14.5
 - external: 5.3.1
 - federatedfilesharing: 1.18.0
 - files: 2.0.0
 - files_antivirus: 5.5.5
 - files_external: 1.20.0
 - files_pdfviewer: 2.9.0
 - files_reminders: 1.1.0
 - files_sharing: 1.20.0
 - files_trashbin: 1.18.0
 - files_versions: 1.21.0
 - logreader: 2.13.0
 - lookup_server_connector: 1.16.0
 - maps: 1.4.0
 - ncdownloader: 1.0.20
 - notifications: 2.16.0
 - oauth2: 1.16.3
 - password_policy: 1.18.0
 - passwords: 2024.5.20
 - photos: 2.4.0
 - privacy: 1.12.0
 - provisioning_api: 1.18.0
 - recognize: 6.1.1
 - related_resources: 1.3.0
 - richdocuments: 8.3.8
 - richdocumentscode: 24.4.402
 - serverinfo: 1.18.0
 - settings: 1.10.1
 - spreed: 18.0.9
 - support: 1.11.1
 - survey_client: 1.16.0
 - suspicious_login: 6.0.0
 - tasks: 0.16.0
 - text: 3.9.2
 - theming: 2.3.0
 - transfer: 0.6.3
 - tvshownamer: 1.0.3
 - twofactor_backupcodes: 1.17.0
 - twofactor_totp: 10.0.0-beta.2
 - updatenotification: 1.18.0
 - user_status: 1.8.1
 - viewer: 2.2.0
 - weather_status: 1.8.0
 - workflowengine: 2.10.0
Disabled:
 - circles: 24.0.0
 - comments: 1.18.0
 - dashboard: 7.8.0
 - encryption: 2.15.0
 - extract: 1.3.6
 - federation: 1.18.0
 - files_rightclick: 1.6.0
 - files_texteditor: 2.15.1
 - files_zip: 1.5.0
 - firstrunwizard: 2.1
 - mail: 3.7.2
 - nextcloud_announcements: 1.13.0
 - phonetrack: 0.8.1
 - printer: 0.0.5
 - recommendations: 1.3.0
 - sharebymail: 1.14.0
 - systemtags: 1.14.0
 - twofactor_nextcloud_notification: 3.9.0
 - user_ldap

Configuration (config/config.php)

{
    "instanceid": "***REMOVED SENSITIVE VALUE***",
    "passwordsalt": "***REMOVED SENSITIVE VALUE***",
    "secret": "***REMOVED SENSITIVE VALUE***",
    "datadirectory": "***REMOVED SENSITIVE VALUE***",
    "overwrite.cli.url": "https:\/\/cloud.vstans.nl\/",
    "htaccess.RewriteBase": "\/",
    "trusted_domains": [
        "cloud.vstans.nl",
        "office.vstans.nl",
        "127.0.0.1",
        "192.168.145.20"
    ],
    "version": "28.0.7.4",
    "logtimezone": "Europe\/Amsterdam",
    "has_internet_connection": true,
    "check_for_working_webdav": true,
    "check_data_directory_permissions": false,
    "installed": true,
    "loglevel": 0,
    "maintenance": false,
    "log_rotate_size": 8388608,
    "enabledPreviewProviders": [
        "OC\\Preview\\PNG",
        "OC\\Preview\\JPEG",
        "OC\\Preview\\GIF",
        "OC\\Preview\\BMP",
        "OC\\Preview\\XBitmap",
        "OC\\Preview\\TXT",
        "OC\\Preview\\MarkDown",
        "OC\\Preview\\NFO"
    ],
    "updater.release.channel": "stable",
    "trashbin_retention_obligation": "auto, 365",
    "has_rebuilt_cache": true,
    "dbtype": "mysql",
    "dbname": "***REMOVED SENSITIVE VALUE***",
    "dbhost": "***REMOVED SENSITIVE VALUE***",
    "dbport": "",
    "dbtableprefix": "oc_",
    "dbuser": "***REMOVED SENSITIVE VALUE***",
    "dbpassword": "***REMOVED SENSITIVE VALUE***",
    "mysql.utf8mb4": true,
    "mail_smtpmode": "sendmail",
    "mail_from_address": "***REMOVED SENSITIVE VALUE***",
    "mail_domain": "***REMOVED SENSITIVE VALUE***",
    "app.mail.imaplog.enabled": "true",
    "mail_smtpauthtype": "LOGIN",
    "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpport": "587",
    "mail_smtpsecure": "tls",
    "mail_smtpauth": 1,
    "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
    "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
    "filelocking.enabled": true,
    "memcache.locking": "\\OC\\Memcache\\Redis",
    "memcache.local": "\\OC\\Memcache\\Redis",
    "redis": {
        "host": "***REMOVED SENSITIVE VALUE***",
        "port": 6379
    },
    "knowledgebaseenabled": false,
    "simpleSignUpLink.shown": false,
    "default_phone_region": "NL",
    "profile.enabled": true,
    "login_form_autocomplete": false,
    "defaultapp": "files",
    "app_install_overwrite": [
        "admin_notifications",
        "contacts",
        "ncdownloader",
        "files_retention",
        "files_antivirus"
    ],
    "theme": "",
    "allow_local_remote_servers": true,
    "global_aria2_config": [],
    "ncd_admin_settings": {
        "ncd_aria2_rpc_host": "",
        "ncd_aria2_rpc_port": "6800",
        "ncd_aria2_rpc_token": "",
        "ncd_aria2_binary": "\/usr\/bin\/aria2c",
        "disallow_aria2_settings": "1",
        "ncd_disable_bt": "1",
        "focusVisibleAdded": ""
    },
    "twofactor_enforced": "false",
    "twofactor_enforced_groups": [
        "2fa"
    ],
    "twofactor_enforced_excluded_groups": [
        "films"
    ],
    "maintenance_window_start": 1,
    "updater.secret": "***REMOVED SENSITIVE VALUE***"
}

Cron Configuration: Array ( [backgroundjobs_mode] => cron [lastcron] => 1719707402 )

External storages: yes

External storage configuration

+----------+-------------+---------+---------------------+----------------------------+----------------------+------------------+-------------------+-------+
| Mount ID | Mount Point | Storage | Authentication Type | Configuration              | Options              | Applicable Users | Applicable Groups | Type  |
+----------+-------------+---------+---------------------+----------------------------+----------------------+------------------+-------------------+-------+
| 1        | /Muziek     | Lokaal  | Geen                | datadir: "\/cloud\/muziek" | enable_sharing: true |                  | muziek            | Admin |
| 2        | /Share      | Lokaal  | Geen                | datadir: "\/cloud\/Films"  |                      |                  | films             | Admin |
| 6        | /Share      | Lokaal  | Geen                | datadir: "\/cloud\/Films"  |                      |                  | FilmsW            | Admin |
+----------+-------------+---------+---------------------+----------------------------+----------------------+------------------+-------------------+-------+

Encryption: no

User-backends:

OC\User\Database

Talk configuration:

STUN servers

stun.nextcloud.com:443

TURN servers

no custom server configured

Signaling servers (mode: default):

SIP dialin is disabled
SIP dialout is disabled
no custom server configured

Recording servers:

Recording is enabled
Recording consent is set to “default”
no recording server configured

Browser: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0

jtr · July 4, 2024, 7:14pm

It means that the IP address you’re currently connecting from is not currently being throttled by the Brute Force Protection. It changes if you start to be throttled.

Vincent_Stans · July 4, 2024, 7:24pm

I still don’t understand what this throttling means. does it mean you can try unlimited bad password from this ip.

jtr · July 4, 2024, 8:04pm

No.

The message just means that you haven’t yet tried a bunch of bad passwords from your current IP address.

It is displayed all the time unless you are being throttled.

does it mean you can try unlimited bad password from this ip.

Only if you add that same IP address manually to the whitelist below the message.[1][2]

[1] GitHub - nextcloud/bruteforcesettings: 🕵 Allow admins to configure the brute force settings
[2] Brute force protection — Nextcloud latest Administration Manual latest documentation

Vincent_Stans · July 4, 2024, 9:04pm

so when it’s throttling this comes to action

If triggered, brute force protection makes requests - coming from an IP on a brute force protected controller - slower for up to a 24 hour period

Thanks for your fast responds. After reading it’s a bit clearer