I changes my passwords without first logging out my desktop and mobile client, which made these clients try to login again with my old password. This triggered the brute force detection according to the logs: Bruteforce attempt from "my ip here" detected for action "login".
Also I was able to login my mobile client by switching from Wi-Fi to mobile data and so changing my ip. This also indicates brute force detection blocking.
So I read here that other people have got the same thing and tricks to stop this is either remove the ip from database oc_bruteforce_attempts. But I wasn’t able to find the database by show databases;. All databases I have on my server are: information_schema mysql nextcloud performance_schema
I’m not very experienced with mysql, but I would have been successful removing one entry of the database if I was able to even find it.
I also tried adding 'auth.bruteforce.protection.enabled' => false, to my config.php but it did not seem to help me here.
Am I missing something? Could I just wait the blocking to expire if it does expire?
A database in MySQL holds tables which store data. Notice that you have a database called “Nextcloud.” This will have your tables that hold all your Nextcloud data, such as users, contacts, and blocked IP’s. Think of MySQL like a folder of Excel spreadsheets if you will. Each “database” is a file in the folder, and each “table” is like a separate workbook/table within that file. You have a file called Nextcloud and inside that file is all the info relate to to Nextcloud.
So, you need to open up the Nextcloud database first, using
USE Nextcloud;
Next, to show all tables, use:
SHOW TABLES;
To show all values from the oc_bruteforce_attempts table, use:
SELECT * FROM oc_bruteforce_attempts;
To remove delete an IP from the table, use:
DELETE FROM oc_bruteforce_attempts WHERE IP="xxx.xxx.xxx.xxx";
Well this just shows how inexperienced I am with MySQL. I somehow thought that databases were like spreadsheets itself and didn’t realise it still goes one step deeper to tables.
Thank you for explaining how it actually works! Now I was able to clear this table to unblock trusted ips.
I did restart apache after changing the config.php, but it was just me not understanding databases (see below). Maybe I should install graphical database manager because of this. Thanks for the tip!
ich hatte auch das Problem, dass ich durch viele Clients und einen PW-Wechsel viele Einträge in der oc_bruteforce_attempts hatte. Da ich das Feature sinnvoll finde, habe ich einen maria/mysql event geschrieben, der die Tabelle einmal in der Woche aufräumt:
MariaDB [nextcloud]> CREATE EVENT cleanup_oc_bruteforce_attempts ON SCHEDULE EVERY 7 DAY STARTS '2017-06-24 04:00:00' DO DELETE FROM nextcloud.oc_bruteforce_attempts WHERE action = 'login';
Kontrolle:
MariaDB [nextcloud]> SHOW CREATE EVENT cleanup_oc_bruteforce_attempts\G;