My Nextcloud logs tells me that I have multiple login fails for user “Mainuser”.
So much so that when I try to log in, the login is delayed or I am locked out completely for a brief period of time.
But nothing is wrong with my password, and I have only 4 devices connected. All of them works fine.
So is this a unlawful hammering attempt? I so, why only this specific username?
Since Nextcloud is behind a (SWAG) Nginx proxy, I cannot see where the attempts are coming from, since it only shows the docker address.
The log says:
[core] Warning: Login failed: 'Mainuser' (Remote IP: '172.20.0.1')
PROPFIND /remote.php/webdav/
from 172.20.0.1 at 2022-11-01T13:40:32+00:00
What could cause this? Is there a way to show the real ip address of the failed attempts?
Thanks