[SOLVED] Bruteforce detection blocking my ip, but theres no oc_bruteforce_attempts database

My server:
Nextcloud 11.0.1
Ubuntu 16.04.1 LTS
Apache 2.4.18-2ubuntu3.1
PHP 7.0+35ubuntu6
MariaDB-server 10.0.28-0ubuntu0.16.04.1

I changes my passwords without first logging out my desktop and mobile client, which made these clients try to login again with my old password. This triggered the brute force detection according to the logs:
Bruteforce attempt from "my ip here" detected for action "login".
Also I was able to login my mobile client by switching from Wi-Fi to mobile data and so changing my ip. This also indicates brute force detection blocking.

So I read here that other people have got the same thing and tricks to stop this is either remove the ip from database oc_bruteforce_attempts. But I wasn’t able to find the database by show databases;. All databases I have on my server are:
information_schema mysql nextcloud performance_schema
I’m not very experienced with mysql, but I would have been successful removing one entry of the database if I was able to even find it.

I also tried adding 'auth.bruteforce.protection.enabled' => false, to my config.php but it did not seem to help me here.

Am I missing something? Could I just wait the blocking to expire if it does expire?

Did you restart apache after changing the config.php?
sudo service apache2 restart

Easy way to manipulate the databes is phpmyadmin:

https://www.phpmyadmin.net/
in the nextcloud database you have to edit the oc_bruteforce_attempts table.

1 Like

You are confusing “databases” with tables.

A database in MySQL holds tables which store data. Notice that you have a database called “Nextcloud.” This will have your tables that hold all your Nextcloud data, such as users, contacts, and blocked IP’s. Think of MySQL like a folder of Excel spreadsheets if you will. Each “database” is a file in the folder, and each “table” is like a separate workbook/table within that file. You have a file called Nextcloud and inside that file is all the info relate to to Nextcloud.

So, you need to open up the Nextcloud database first, using

USE Nextcloud;

Next, to show all tables, use:

SHOW TABLES;

To show all values from the oc_bruteforce_attempts table, use:

SELECT * FROM oc_bruteforce_attempts;

To remove delete an IP from the table, use:

DELETE FROM oc_bruteforce_attempts WHERE IP="xxx.xxx.xxx.xxx";
7 Likes

Well this just shows how inexperienced I am with MySQL. I somehow thought that databases were like spreadsheets itself and didn’t realise it still goes one step deeper to tables.

Thank you for explaining how it actually works! Now I was able to clear this table to unblock trusted ips.

I did restart apache after changing the config.php, but it was just me not understanding databases (see below). Maybe I should install graphical database manager because of this. Thanks for the tip!

Hi,

ich hatte auch das Problem, dass ich durch viele Clients und einen PW-Wechsel viele Einträge in der oc_bruteforce_attempts hatte. Da ich das Feature sinnvoll finde, habe ich einen maria/mysql event geschrieben, der die Tabelle einmal in der Woche aufräumt:

MariaDB [nextcloud]> CREATE EVENT cleanup_oc_bruteforce_attempts ON SCHEDULE EVERY 7 DAY STARTS '2017-06-24 04:00:00' DO DELETE FROM nextcloud.oc_bruteforce_attempts WHERE action = 'login';

Kontrolle:

MariaDB [nextcloud]> SHOW CREATE EVENT cleanup_oc_bruteforce_attempts\G;

Gruß Con

How can do that, but with postgres?

To do it in postgresql, assuming ubuntu and postgresql trusts peer in pg_hba.conf:

Load postgresql as root:

psql -U postgres # to load postgres as root

List databases:

\d

Connect to the Nextcloud one:

\c nextcloud

Show the brute force table:

select * from oc_bruteforce_attempts;

Delete the ones with a specific IP:

delete from oc_bruteforce_attempts where ip = 'xxx.xxx.xxx.xx';

You can also delete by username if you use a reverse proxy and don’t want to delete the others:

delete from oc_bruteforce_attempts where metadata='{"user":"xxx"}';

On my default installation the name of the database for table " oc_bruteforce_attempts " is different
Not “nextcloud”
But: “IZwdach9”

Otherwise the instructions helped me a lot! Thanks!