Support intro
Sorry to hear you’re facing problems 
help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.
In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:
example
Or for longer, use three backticks above and below the code snippet:
longer
example
here
Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can 
Nextcloud version: 20.0.11
Operating system and version: Fedora 33 KDE < uname -a
Apache version: Apache/2.4.48 (Fedora)
PHP version: 7.4.20
The issue you are facing:
After password change I don’t know which client process on my computer still tries to connect to the server with my old password.
Or who else does.
As a result, there is roughly one unsuccessful login attempt per minute which fills the oc_bruteforce_attempts list and eventually leads to me not be able to login to NC via Web interface.
I know that the requests are coming from my computer when I am logged in only.
Not when someone else is logged in.
Could you please support me by giving hint on:
How may I find out the program / process that causes the unsuccessful login attempts?
Is this the first time you’ve seen this error?: Y
Steps to replicate it:
- Change password of a user in NC
- Update all clients you know of to the new password
- Be unable to find out which client still tries to connect
The output of your Nextcloud log in Admin > Logging:
Warning core Login failed: 'ubuntiger' (Remote IP: '192.168.77.86') 2021-07-08T21:15:06+0200
Warning core Login failed: 'ubuntiger' (Remote IP: '192.168.77.86') 2021-07-08T21:14:41+0200
Warning core Login failed: 'ubuntiger' (Remote IP: '192.168.77.86') 2021-07-08T21:14:06+0200
Warning core Login failed: 'ubuntiger' (Remote IP: '192.168.77.86') 2021-07-08T21:13:41+0200
MariaDB [nextwinn]> select * from oc_bruteforce_attempts;
+------+--------+------------+---------------+------------------+----------------------+
| id | action | occurred | ip | subnet | metadata |
+------+--------+------------+---------------+------------------+----------------------+
| 5463 | login | 1625770756 | 192.168.77.86 | 192.168.77.86/32 | {"user":"ubuntiger"} |
| 5464 | login | 1625770757 | 192.168.77.86 | 192.168.77.86/32 | {"user":"ubuntiger"} |
| 5465 | login | 1625770816 | 192.168.77.86 | 192.168.77.86/32 | {"user":"ubuntiger"} |
The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):
config.php
<?php
$CONFIG = array (
'passwordsalt' => 'SKHTh[...]',
'secret' => 'NkZ2[...]',
'trusted_domains' =>
array (
0 => 'localhost',
1 => 'winn',
2 => 'winn.fritz.box',
3 => '192.168.77.86',
4 => 'my.domain.tld',
5 => 'www.my.domain.tld',
),
'datadirectory' => '/next',
'overwrite.cli.url' => 'http://localhost',
'dbtype' => 'mysql',
'version' => '20.0.11.1',
'dbname' => 'nextwinn',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'oc_admin',
'dbpassword' => 't/cBDy7E[...]',
'htaccess.RewriteBase' => '/',
'installed' => true,
'instanceid' => 'ocg2jd[...]',
'memcache.local' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => 'localhost',
'port' => 6379,
),
'maintenance' => false,
'share_folder' => '/Nextcloud/Eingang',
'theme' => '',
'loglevel' => 2,
'updater.release.channel' => 'stable',
'mail_domain' => '[...]',
'mail_from_address' => '[...]',
'mail_smtpmode' => 'smtp',
'mail_smtpsecure' => 'ssl',
'mail_smtphost' => '[...]',
'mail_smtpauthtype' => 'LOGIN',
'mail_smtpport' => '465',
'mail_smtpauth' => 1,
'mail_smtpname' => '[...]',
'mail_smtppassword' => '[...]',
'updater.secret' => '$2y$[...]',
'app_install_overwrite' =>
array (
0 => 'ocsms',
1 => 'fullnextsearch_elasticsearch',
2 => 'dicomviewer',
3 => 'social',
4 => 'files_ebookreader',
5 => 'keeporsweep',
6 => 'calendar',
7 => 'emlviewer',
8 => 'gpxedit',
9 => 'folderplayer',
),
'ldapIgnoreNamingRules' => false,
'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
);
The output of your Apache log in /var/log/httpd:
http_error_log
[Thu Jul 08 19:52:27.274164 2021] [authz_core:error] [pid 1542:tid 1750] [client 213.6.137.198:33795] AH01630: client denied by server configuration: /etc/httpd/htdocs
[Thu Jul 08 20:41:07.675498 2021] [authz_core:error] [pid 22397:tid 22445] [client 83.41.123.192:49716] AH01630: client denied by server configuration: /etc/httpd/htdocs
[Thu Jul 08 20:55:11.558490 2021] [authz_core:error] [pid 22397:tid 22450] [client 84.241.15.182:46262] AH01630: client denied by server configuration: /etc/httpd/htdocs
ssl_error_log
[Thu Jul 08 20:54:53.414804 2021] [access_compat:error] [pid 1542:tid 1740] [client 192.168.77.86:55548] AH01797: client denied by server configuration: /var/www/nextcloud/config
[Thu Jul 08 20:54:53.438118 2021] [access_compat:error] [pid 1542:tid 1751] [client 192.168.77.86:55550] AH01797: client denied by server configuration: /var/www/nextcloud/config
[Thu Jul 08 20:54:53.460016 2021] [access_compat:error] [pid 1542:tid 1752] [client 192.168.77.86:55554] AH01797: client denied by server configuration: /var/www/nextcloud/config