Unable to stop DDOSing my nc instance with my phone

Hi, I have a rather unusual problem.

My nc instance was being rather slow, especially when loading the passwords tab and I discovered that in the brute force attempts table for my nextcloud instance, I had over 500 brute force attempts logged from my ip. I deleted all of them, but every couple of days, I would check again and I’d have another like 100 attempts logged. I noticed that every attempt was for a user account that I used to use but deleted.

I checked my pihole logs and filtered the results to the hostname of my nc instance and discovered that requests from my phone to the instance matched the time stamps of the brute force attempts.

As a result I checked all of the nextcloud apps on my phone for this account, but didn’t find it. Because I kept finding these attempts being logged, I reset all the nextcloud apps on my phone and when that didn’t work I also reinstalled them, but it still didn’t change the outcome. I also tried creating that account again with the password I used for it and the user tab showed that account was being logged into, but I was still getting brute force attempts being logged.

I am at my wit’s end as to what to do next.

Any help would be greatly appreciated.

If your phone seems to cause the invalid login attempts, you should check the log file of your web server to identify which of your apps is responsible for it. Usually the connection string contains further information which might allow you to identify the app.


Nextcloud-App: ..."GET /index.php/204 HTTP/2.0" 204 - "-" "Mozilla/5.0 (Android) Nextcloud-android/3.16.0 RC2" 91 894

Nexcloud-Talk: ..."GET /ocs/v2.php/cloud/capabilities HTTP/2.0" 200 1579 "-" "Mozilla/5.0 (Android) Nextcloud-Talk v11.1.0" 40 2052

Nextcloud-News: ..."GET /index.php/apps/news/api/v1-2/feeds HTTP/2.0" 200 1254 "-" "okhttp/3.12.12" 42 2110

DAVx5-App: ..."PROPFIND /remote.php/dav/addressbooks/users/.../ HTTP/2.0" 207 501 "-" "DAVx5/3.3.9-gplay (2021/02/09; dav4jvm; okhttp/4.9.1) Android/11" 550 1413