FAIL2BAN blocks access to “.ocdata” file! Apache Error Log: ..AH01630: client denied by server configuration: … cloud/data/.ocdata create with a Custom Rule for FAIL2BAN do: $sudo nano /etc/fail2ban/filter.d/apache-auth.local insert: [apache-auth] ignoreregex = nextcloud/data/.ocdata do: $sudo service fail2ban restart Check Log: tail -f n50 /var/log/apache2/error.log Remark: Sometimes the Login take long time after Enter the Password this indicates a filled up “oc_bruteforce_attempts” Table!! login into mysql: $mysql -u user -p select database: USE Nextcloud; show all values from the oc_bruteforce_attempts table, use: SELECT * FROM oc_bruteforce_attempts; remove “ALL” IP’s from the table, do step by step: DELETE FROM oc_bruteforce_attempts WHERE IP="xxx.xxx.xxx.xxx"; […]
Category: Open Source Software Bug Reports
I did a deeper firewall test on my fresh installed OpenWRT Router and activated a “Ads Blacklist” after this my owncloud Share Login loops! Result: Seems that some IP’s of the “Update Check Tool” Servers, which is installed inside the PHP-Kit is blacklisted. So it seems the Code calls home! With this option its possible to count and collect IPs of Setups! Perhaps checkout unpatched Versions! I didn’t check deeper, but the behavior was clear without viewing the codes. After publish this Info via Twitter: REMARKS: No Company / Developer works for “free” After Setup of PHP-Kits do a […]
If you are current using Nextcloud / Owncloud or other PHP-Kits for File Handling you should know these remarks: Based on this Article You must know: Details of Security about your current used PHP Versions (7.X) Details of your used Database Version (MySQL..) Details of hardened OS and Webserver Version (Apache,Firewall,fail2ban,file policys, selinux, apparmor filter) See ALWAYS PHP-Kits of opensource with the trust of NON HARDENED SOFTWARE (prefer NON-PUBLIC ACCESS) You can ACCESS this Software thru SSH TUNNELS with a local running non-caching PROXY (privoxy) Use the SSH Tunnels on unknown Ports and Login via Key Files which must be […]
I have often seen that the Unity Topbar of Ubuntu LTS is hidden or not clean loaded after Login. It’s Caching Problem of Unity (Compiz) and Lightdm, if the PC is not clean rebooted or started. Howto fix: sudo rm -fr ~/.cache/compizconfig-1 \ && sudo rm -fr ~/.compiz && sudo service lightdm restart Now relogin and check.. if ok do a Profile Backup! with: tar -cvzf /usb-backup-stick/compiz.tgz \ /home/username/.cache/compizconfig-1 /home/username/.compiz
If you use a Amazon Kindle Fire 2015 (45$) Generation “Ford” or other Android Tablets,Smartphones you must know some MAJOR Informations about the Firmware Handling. If you were asked by the Fire OS or Android to “Upgrade” the Firmware OS, DON’T PUSH YES it without READING DETAILS! I prefer ALWAYS NO FIRST! Use ALWAYS a SDCARD to hold the MAJOR Data of your Tablet, cause if bricked or damaged you can’t pull off the DATA!!! Android Firmware Images INCLUDE not only the OS, it includes DRIVERS, and the MAJOR BOOTLOADER!! Cause Android Devices use no real BIOS!! If you Upgrade, you […]
After some weeks of cleaning up my blog, i remarked a very bad ranking from under the first 10 on google to nirvana What did i change? saved wp-login with htaccess to non-public set post content with “read more” buttons Background: Search engine like google wasn’t able to pull content of posts which are cut by “more” Search engine wasn’t able to pull relinks over the wp-admin url by the internal wordpress feeds I was forced to turn back my settings and wait for better ranking.. not safe but must be..