Reset throttle / bruteforce attempts

dimanne · April 5, 2024, 4:36pm

Nextcloud version (eg, 20.0.5): 28.0.4.1
Operating system and version (eg, Ubuntu 20.04): docker-compose in ubuntu
Apache or nginx version (eg, Apache 2.4.25): -
PHP version (eg, 7.4): -

How can I reset throttling/bruteforcing state in nextcloud?

This is what I have tried so far:

dropping redis: redis-cli -h (docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' compose_nextcloud-aio-redis_1) -p 6379 -a (rg ' *REDIS_PASSWORD=([^ ]+)' -or '$1' ~/nextcloud/compose/.env) FLUSHDB
Checking the table: select * from oc_bruteforce_attempts; — it is empty, 0 rows.

Official documentation says that there is an app, but I cannot login. I only have access to console/occ/DB.

Logs:

{"reqId":"H2qPKDMvJxLiwmGnLlNM","level":1,"time":"2024-04-05T16:27:19+00:00","remoteAddr":"fd12:3456:789a:2::4",
"user":"--","app":"core","method":"POST","url":"/login",
"message":"Bruteforce attempt from \"fd12:3456:789a:2::4\" detected for action \"login\".",
"userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0","version":"28.0.4.1","data":{"app":"core"}}

SysKeeper · April 5, 2024, 4:55pm

Use this occ command: Using the occ command — Nextcloud latest Administration Manual latest documentation

jtr · April 5, 2024, 10:20pm

The following can be used disable protection and reset the attempts history for your IP address (don’t forget to set it back to true when your situation is corrected!):

occ config:system:set auth.bruteforce.protection.enabled --value false --type bool
occ security:bruteforce:reset YOUR_IP_ADDRESS

Do you know why it’s being triggered? Under normal circumstances even a few invalid login attempts shouldn’t do much other than delay authentication briefly.

system · April 13, 2024, 10:21pm

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.