Nextcloud version (eg, 20.0.5): 27.0.2
Operating system and version (eg, Ubuntu 20.04): Centos 7
Apache or nginx version (eg, Apache 2.4.25): nginx 1.20.1
PHP version (eg, 7.4): 8.1.22
When something goes wrong in the setup (in my case usually the session folder being inaccessible) any login attempt is counted as a failed login attempt despite the fact, that the right password was entered. This is massively annoying when trying to debug what’s going on as an admin.
Steps to replicate it:
Change permissions of the session folder so no Session can be created.
Attempt logging in.
Get throttled and then banned.
The output of your Nextcloud log in Admin > Logging:
Information no app in context IP address throttled because it reached the attempts limit in the last 30 minutes [action: login, delay: 25000, ip: IP] 2023-08-13T11:49:27+0200
Information core Bruteforce attempt from "IP" detected for action "login". 2023-08-13T11:49:27+0200
Fehler PHP session_start(): Failed to read session data: files (path: /var/lib/php/session) at /var/www/nextcloud/lib/private/Session/Internal.php#222 2023-08-13T11:49:27+0200
Fehler PHP session_start(): open(/var/lib/php/session/sess_3qhfg3g4d7ivts8fcabvkik4ah, O_RDWR) failed: Permission denied (13) at /var/www/nextcloud/lib/private/Session/Internal.php#222 2023-08-13T11:49:27+0200
I guess I get what you’re saying where it is frustrating to be slowed down and/or banned when some other issue is causing login problems, but these other issues shouldn’t be a regular occurrence. If they are, they should probably be addressed.
I think fail2ban can also be setup to exclude your local IP addresses so that might also help you.
I have a similar issue; it seems some Android client fails to login which then in turn leads to the following error/ throttling:
IP address throttled because it reached the attempts limit in the last 30 minutes [action: login
The troubling point for me is that a) the ip address is the address of the reverse proxy and b) that the error does not explain WHICH account / is actually troubling. Instead, everybody is punished.
→ So, how to know the user name in charge for the login failure?