I am sometime getting long delays to browse through files/folders etc. I have another user(myself) as normal user. Sometime it take a minute to respond. I checked the logs and its very weird to see these which means NC is trying to re login from cookie(maybe) and then it decide, its brute force even though i am still logged in and things go normal after that delay(no log outs).
It happens from time to time.
Logs:
Info core Bruteforce attempt from “xxx.xxx.xx.xxx” detected for action “login”.
Warning core Login failed: ‘demo_user’ (Remote IP: ‘xxx.xxx.xx.xxx’)
@guddl:
You can delete your IP with a DB query: DELETE FROM oc_bruteforce_attempts WHERE ip = 'XXX.XXX.XXX.XXX';
@mmarif, are there any other logs you could provide? Now that we see the symptom, we need to find out the reason, that leads to this symptom.
You can also set the logging level to “debug” to receive more log entries.
Could there be another client (Smartphone or App), that has a lot of login attempts?
I am not sure deleting IP will work in this case, as it will be added again on next login if i am not mistaking.
@Schmu
These are the debug logs i get at the same time this happened with warning logs posted in the 1st post.
Sabre\DAV\Exception\NotAuthenticated: HTTP/1.1 401 Username or password was incorrect, No public access to this resource., Username or password was incorrect, Username or password was incorrect
[internal function] Sabre\DAV\Auth\Plugin->beforeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
/var/www/3rdparty/sabre/event/lib/EventEmitterTrait.php - line 105: call_user_func_array(Array, Array)
/var/www/3rdparty/sabre/dav/lib/DAV/Server.php - line 466: Sabre\Event\EventEmitter->emit('beforeMethod', Array)
/var/www/3rdparty/sabre/dav/lib/DAV/Server.php - line 254: Sabre\DAV\Server->invokeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
/var/www/apps/dav/lib/Server.php - line 227: Sabre\DAV\Server->exec()
/var/www/apps/dav/appinfo/v2/remote.php - line 30: OCA\DAV\Server->exec()
/var/www/remote.php - line 165: require_once('/var/www/a...')
{main}
Sabre\DAV\Exception\NotAuthenticated: HTTP/1.1 401 No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured
[internal function] Sabre\DAV\Auth\Plugin->beforeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
/var/www/3rdparty/sabre/event/lib/EventEmitterTrait.php - line 105: call_user_func_array(Array, Array)
/var/www/3rdparty/sabre/dav/lib/DAV/Server.php - line 466: Sabre\Event\EventEmitter->emit('beforeMethod', Array)
/var/www/3rdparty/sabre/dav/lib/DAV/Server.php - line 254: Sabre\DAV\Server->invokeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
/var/www/apps/dav/lib/Server.php - line 227: Sabre\DAV\Server->exec()
/var/www/apps/dav/appinfo/v2/remote.php - line 30: OCA\DAV\Server->exec()
/var/www/remote.php - line 165: require_once('/var/www/a...')
{main}
I am the only user at this moment on this server. So i assume these are from the web client.
The time it happened before that i cleared the logs(did this because its happening now and then). I clicked on the folder in files and the loader start spinning for around a minute. So these logs are from the same time it happened. Was accessing it on desktop.
Anything else which i can provide to help debug this further i would be glad to dig into and provide.
I hate these error messages, they hardly help to understand the problem. Always feels like only the developers can understand them.
However, the only thing that really caught my attention is:
So you say there is no other application (Thunderbird, Outlook- NC- sync, Smartphone sync, NC- app sync) accessing the server in a specific interval, right? Username and password are set correctly everywhere, right? Could it be you’re using a wrong URL to access anything (calender/ contacts)?
Do you have a Nextcloud app, that forbids access to specific files, that you try to access via web? The app “File access control” can forbid access to certain files if they don’t have the necessary tags.
If you experimented with anything like this, please let us know.
You can also try to set your log level to debug and see what resources are tried to access - which then fail.
At this point there is one device, one pc connected, not sure which may cause this. The strange part is that IP is server IP.
I will investigate more on this, and try to find out what is causing this login error. This happens every 20 mins(the logs shows). I will try to lock the syncs and apps, devices etc and see where it goes from there.
I had the same “Bruteforce attempt” error. I am using google chrome and there is an automatic login feature. I had 2 different saved passwords for my user (1 time the username all lowercase, 1 time the username with the first Letter uppercase (sascha / Sascha). I deleted all saved passwords and the error is gone.
I had spent some time on this, it turns out it was my mistake can say the least as i updated my password for the user and forgot to change it on rainloop contacts sync. I have completely moved my webmail from NextCloud. Things are fine so far.