User keeps getting disabled

Hi All,

I’m encountering some really weird problems since 2-3 days on my Nextcloud install. My admin user gets regularly disabled, every few minutes.

Nextcloud version (eg, 20.0.5): 23 Hub
Operating system and version (eg, Ubuntu 20.04): Linux 3.10.0-1160.42.2.el7.x86_64 x86_64
PHP version (eg, 7.4): 7.4 (was 8.1 and I brought it back down again, just to check, exact same thing

It’s a small setup, only 10 users.

The issue you are facing:

    • I (admin) can not login, with the following messages on my screen:
    • “We have detected multiple invalid login attempts from your IP. Therefore your next login is throttled up to 30 seconds.”
  • and
    • “User disabled”
    • “Suspicious login detected” or similar – I also got something like this a few times

What I’ve tried to deal with it:

  • gone through occ security:bruteforce:reset <myIP>,
    • occ user:enable <myuser>
    • this allows me to login again, but when I come back 30mins later, I have to do it all again
  • disabled the BruteForce Security App
  • downgraded php from 8.1. back to 7.4
  • changed user passwords
  • removed the account from all client apps (nextcloud on phone and tablet)

Steps to replicate it:

  • once I log out, next time I try to login again, I’ll be stuck and have to repeat occ user:enable again, etc

The output of your Nextcloud log in Admin > Logging:

  • lots of Warnings only about Failed Login attempts, even though I’m pretty sure my passwords are always correct.

Does anyone have any recommendations where to look?


I have the same issue since I’ve updated to v23…
On the forum, I’ve found a topic which incriminated the database format but after doing the manipulation : I’ve have a security advertisement about the storage of picture or icon…

I’ve updated to v24 (beta RC1) and have leave the modification to see if it’s correct the bug !