Nextcloud version (13.0.4)
Operating system and version (Ubuntu 16.04)
Apache version (Apache/2.4.18 (Ubuntu))
PHP version (7.0.30-0ubuntu0.16.04.1)
Recently I had a lot of Warnings in my ncdomain/settings/admin/logging
somebody want to brutefore me.
I added line 'auth.bruteforce.protection.enabled' => true,
Looks like it is much less Warnings now.
Should I do something after adding line 'auth.bruteforce.protection.enabled' => true, to config.php ?Is it enough for protection from bruteforce? 2. How to check have I been pwned? 3. What does this Fatals means? How to fix it?
You’ll get trusted domain errors if you or someone else tryes to access to your server using server ip or domain, which is not listed as trusted domain in config.php. Mostly it’s just harmles bot crawling around.
Bruteforce app you’ll need if you see errors about bad password. It will block ip after few wrong password.
Webdav errors in the middle. Insufficien storage. Are you running out of space?
Well, I have 3 months old VPS running Nextcloud. I have untrusted domain errors quite often and mostly the same domain. I bet it’s the old owner’s domain and still configured to IP, which is my server IP now. It can be misconfiguration also. Just wait and the errors will propably stop. If it’s made on purpose, that’s something I don’t know why…
Nextcloud bruteforce protection app is good enough until you regularly face bot actions. Also I think the app does not ban based on untrusted domain issues, just on wrong login authentication? Although it is not risky, the error messages are simply annoying I guess, thus you want to block them in the first place.
Fail2ban indeed is the more powerful compete solution. You can let it watch the nextcloud log and configure your own ban rules based on the error messages you face. When some specific bot/IP/error does not disappear, you can let iptables block it permanently.
I can post some fail2ban nextcloud jail later, that I successfully used some time ago.
Thanks to all.
In Nextcloud I use only external storage, so I thought that I have enough free space in my ubuntu.
But I just find out that I probably run out of free space.
I added some space I’ll monitor logs.
Than I will try to use Redis, as you suggested.
Regarding the trusted domain, it depends what you want to do. If you want to access your cloud via the ip/different hostname as well, add the IP to your trusted hosts. If you don’t want to use the IP directly, you could either set up a virtual host for direct ip access (with an empty page), redirect them (htaccess & rewrite rules) or just keep the trusted domain errors.
apt install fail2ban default install just checks and blocks SSH authentications.
You don’t necessarily need iptables, it can also use the route table to block hosts/IPs. But not sure about the pros/cons in detail, both works reliable on kernel level. netfilter vs route tables basically.
As said to block Nextcloud specific authentication failures, you need to define an own fail2ban filter. I can check out later how to do that, including your trusted authentication error. That cries for a how-to actually .
The link above is a start, but it only covers login failures (that are already handled by Nextcloud internal brute force protection), AFAIK, not the trusted domain errors, as mentioned above.
Would be great if we could provide a more compete filter+jail and add this to how-to + Nextcloud docs/resources.
€: I was digging in my personal docs and found my old Nextcloud login fail2ban config steps. Based on the actual log entries for trusted domain errors, this can be easily modified to block those as well: