FAIL2BAN blocks access to “.ocdata” file!
Apache Error Log:
..AH01630: client denied by server configuration: ... cloud/data/.ocdata
create with a Custom Rule for FAIL2BAN do:
$sudo nano /etc/fail2ban/filter.d/apache-auth.local
ignoreregex = nextcloud/data/.ocdata
$sudo service fail2ban restart
tail -f n50 /var/log/apache2/error.log
Sometimes the Login take long time after Enter the Password
this indicates a filled up “oc_bruteforce_attempts” Table!!
login into mysql:
$mysql -u user -p
show all values from the oc_bruteforce_attempts table, use:
SELECT * FROM oc_bruteforce_attempts;
remove “ALL” IP’s from the table, do step by step:
DELETE FROM oc_bruteforce_attempts WHERE IP="xxx.xxx.xxx.xxx";
Logout of mysql with exit..
Login into nextcloud as Admin and delete first the App Bruteforce Login cause FAIL2BAN works WITHOUT MYSQL!!
I did a deeper firewall test on my fresh installed OpenWRT Router and activated a “Ads Blacklist” after this my owncloud Share Login loops!
- Seems that some IP’s of the “Update Check Tool” Servers, which is installed inside the PHP-Kit is blacklisted.
- So it seems the Code calls home! With this option its possible to count and collect IPs of Setups! Perhaps checkout unpatched Versions!
- I didn’t check deeper, but the behavior was clear without viewing the codes.
After publish this Info via Twitter:
- No Company / Developer works for “free”
- After Setup of PHP-Kits do a IP Firewall Traffic checkout
- If you don’t need the PHP Kit reachable via Internet block the IP Device at your Router from Internet Access!
- Prefer Standard Tools like SFTP/SCP with Key Auth to transfer Files, less unsecure cause only one application active!!
- PHP Kits Logins can often be scanned by Search Indexes by “Search by Title” of the Login Webinterface!!
For me i decided to purge the package and use System Standard Tool “SFTP with SSH Key Auth” and on my Phone a Totalcommander with SFTP Plugin!