FAIL2BAN blocks access to „.ocdata“ file!
Apache Error Log:
..AH01630: client denied by server configuration: ... cloud/data/.ocdata
create with a Custom Rule for FAIL2BAN do:
$sudo nano /etc/fail2ban/filter.d/apache-auth.local
ignoreregex = nextcloud/data/.ocdata
$sudo service fail2ban restart
tail -f n50 /var/log/apache2/error.log
Sometimes the Login take long time after Enter the Password
this indicates a filled up „oc_bruteforce_attempts“ Table!!
login into mysql:
$mysql -u user -p
show all values from the oc_bruteforce_attempts table, use:
SELECT * FROM oc_bruteforce_attempts;
remove „ALL“ IP’s from the table, do step by step:
DELETE FROM oc_bruteforce_attempts WHERE IP="xxx.xxx.xxx.xxx";
Logout of mysql with exit..
Login into nextcloud as Admin and delete first the App Bruteforce Login cause FAIL2BAN works WITHOUT MYSQL!!
I did a deeper firewall test on my fresh installed OpenWRT Router and activated a „Ads Blacklist“ after this my owncloud Share Login loops!
- Seems that some IP’s of the „Update Check Tool“ Servers, which is installed inside the PHP-Kit is blacklisted.
- So it seems the Code calls home! With this option its possible to count and collect IPs of Setups! Perhaps checkout unpatched Versions!
- I didn’t check deeper, but the behavior was clear without viewing the codes.
After publish this Info via Twitter:
- No Company / Developer works for „free“
- After Setup of PHP-Kits do a IP Firewall Traffic checkout
- If you don’t need the PHP Kit reachable via Internet block the IP Device at your Router from Internet Access!
- Prefer Standard Tools like SFTP/SCP with Key Auth to transfer Files, less unsecure cause only one application active!!
- PHP Kits Logins can often be scanned by Search Indexes by „Search by Title“ of the Login Webinterface!!
For me i decided to purge the package and use System Standard Tool „SFTP with SSH Key Auth“ and on my Phone a Totalcommander with SFTP Plugin!
If you are current using Nextcloud / Owncloud or other PHP-Kits for File Handling you should know these remarks:
Based on this Article
You must know:
- Details of Security about your current used PHP Versions (7.X)
- Details of your used Database Version (MySQL..)
- Details of hardened OS and Webserver Version (Apache,Firewall,fail2ban,file policys, selinux, apparmor filter)
- See ALWAYS PHP-Kits of opensource with the trust of NON HARDENED SOFTWARE (prefer NON-PUBLIC ACCESS)
- You can ACCESS this Software thru SSH TUNNELS with a local running non-caching PROXY (privoxy)
- Use the SSH Tunnels on unknown Ports and Login via Key Files which must be unlocked by LONG PASSWORDS
- Public ACCESS is ALWAYS a RISK if YOU didn’t have the KNOWLEDGE of the SOURCE CODE!
Howto read here
I have often seen that the Unity Topbar of Ubuntu LTS is hidden or not clean loaded after Login.
It’s Caching Problem of Unity (Compiz) and Lightdm, if the PC is not clean rebooted or started.
sudo rm -fr ~/.cache/compizconfig-1 \
&& sudo rm -fr ~/.compiz && sudo service lightdm restart
Now relogin and check.. if ok do a Profile Backup! with:
tar -cvzf /usb-backup-stick/compiz.tgz \
If you use a Amazon Kindle Fire 2015 (45$) Generation „Ford“ or other Android Tablets,Smartphones you must know some MAJOR Informations about the Firmware Handling.
- If you were asked by the Fire OS or Android to „Upgrade“ the Firmware OS, DON’T PUSH YES it without READING DETAILS! I prefer ALWAYS NO FIRST!
- Use ALWAYS a SDCARD to hold the MAJOR Data of your Tablet, cause if bricked or damaged you can’t pull off the DATA!!!
- Android Firmware Images INCLUDE not only the OS, it includes DRIVERS, and the MAJOR BOOTLOADER!! Cause Android Devices use no real BIOS!!
- If you Upgrade, you can RUN into BIG TROUBLE! Broken Drivers like no WIFI connect, freezing Screens on Boot, or BRICKS like the „BLACK SCREEN of DEATH“ which destory the Tablets cause you can’t reach the BOOTLOADER for RECOVERY MODE and SITELOAD the FIRMWARE again!
- UPGRADES to bigger Version Releases like 5.1 to 5.3.X CAN’T be DOWNGRADED! Cause the DOWNGRADE don’t force overwrite correctly the BOOTLOADER, or leave the NEW BOOTLOADER untouched which can’t find the old KERNELS Names!
- As MAJOR INFO you should know that the „adb shell tool“ is a DEVELOPER TOOL which doesn’t ASK anything to confirm, if the Firmware File is wrong or damaged! It flashes without any testing and any protection check! YOU have to KNOW what you ENTER!
- You can’t reach anything, if the Tablet is BRICKED and you can’t reach the RESCUE MENU MODE! Cause NAND Chips need a connect from adb shell tool to USB then to EEPROM Chip!
- To be sure prevent the Tablet from reaching the Amazon Update Servers by blocking the Domains on a Blacklist at the Home Router
- A pulling out the Battery, does often NOT HELP on Tablet! You often don’t need to open the Case for this try!
- If you can, buy Tablets, without Bloatware, but with SDCARD Connector, with a more basic Android called „Stock“ OS (have seen this on cheap No Name China Tablets)
- Check the Internet Media for Hardware Infos which Hardware allow easy root access, some Manufacter allow this like Fairphones with special opened OS.
- For Kids usage purge the Amazon Account on the Tablet, this prevent unallowed Setups
- Android Firmware EEPROM Chips mostly glued onto the Mainboard, if the Firmware writing fails the device is a toaster.. no normal User can plug out the EEPROM Chips to flash them outside!
- Opened Tablets can be seen here
.. never change a running System.. if you MUST not..
- If someone find a Solution to flash the NAND chips without the Recovery Mode then mail me please!
- This Firmware Handling is the SAME on all Android or Embedded Devices like Openmips, Openwrt Routers ..
After some weeks of cleaning up my blog, i remarked a very bad ranking from under the first 10 on google to nirvana
What did i change?
- saved wp-login with htaccess to non-public
- set post content with „read more“ buttons
- Search engine like google wasn’t able to pull content of posts which are cut by „more“
- Search engine wasn’t able to pull relinks over the wp-admin url by the internal wordpress feeds
I was forced to turn back my settings and wait for better ranking.. not safe but must be..
Last days there was a high count of news about the Bot Attacks against T-Com Telekom Router devices. To understand the behavior about this up comming security problems you should know following points :
- Every network supported device can be a goal for a attack ( Routers, Modems, PC, Fridges,IP-TV, IP Switches, IP-Cams…)
- You have to update the OS for each device monthly, if not supported by the manufacter, then dont buy!
- Try to get Opensource Hardware with Opensource Software for full access (ssh / console) to have full control
- Reduce the count of devices who are connected direct to the web!
- If you must use a ISP Modem / DSL Router of your ISP Provider, then install a second Opensource Router with Firewall behind for more security
- Use small Firewalls to seperate WIFI and LAN Networks!
- DISABLE if possible „auto update“ and „ISP Remote Control“ at the DSL Router / Modem cause more and more comfort functions are hacked to break the systems.
- Updates must be tested on non productive Routers!
- Keep clean backups of fresh installed Routers / Modems and restore the backup every 3 month to overwrite bad possible changes!!
- Connect the Routers to a clocktimer to unplug and hard reboot the Router every night! (againts RAM Hacks)
- Control every month the Router logs and ISP-Settings ( IP-Phones) cause hackers want to route calls to asia!
- Dont trust blind every commercial hardware! much bugs like open doors, default passwords are set!
- Test your System with free tools like „nmap“ Portscan and „iftop“
- Change Passwords, WIFI Passwords, Wifi-IDs! min. 12 signs
Today i was touched by a Bug of my fritzbox 7490, after installing a USB 3.0 Stick as NAS the Wifi connect was broken to all devices!
After some search on net i found this post:
The high magnetic frequency’s of USB 3.0 data transfer inside the cable or stick hangup the WIFI chips! It works like a WIFI JAMMER!!
DONT USE A ROUTER AS NAS! If it fails or overheat all devices are offline!! It’s a really big joke that most Manufacter sell devices without TESTING!! I call it Banana Hardware..