On Debian Sid i have seen that ufw service is stopped on logrotate!!
Its a bad known bug!
- Set all Services like Dovecot, Postfix to listen on LOCALHOST (127.0.0.1) if not needed over Internet
- Enable ONLY encrypted AUTH (Login) to Postfix! (TLS 1.2)
- Disable unneeded Services ! like Samba, FTP…
- move config from /etc/logrotate.d/ufw to /root/ to disable ufw logrotate !!
- edit /etc/ufw/ufw.conf set LOGLEVEL to „off“
- restart the Server and check open Ports next Days from outside with:
$sudo nmap -PN my.server.com
FAIL2BAN blocks access to „.ocdata“ file!
Apache Error Log:
..AH01630: client denied by server configuration: ... cloud/data/.ocdata
create with a Custom Rule for FAIL2BAN do:
$sudo nano /etc/fail2ban/filter.d/apache-auth.local
ignoreregex = nextcloud/data/.ocdata
$sudo service fail2ban restart
tail -f n50 /var/log/apache2/error.log
Sometimes the Login take long time after Enter the Password
this indicates a filled up „oc_bruteforce_attempts“ Table!!
login into mysql:
$mysql -u user -p
show all values from the oc_bruteforce_attempts table, use:
SELECT * FROM oc_bruteforce_attempts;
remove „ALL“ IP’s from the table, do step by step:
DELETE FROM oc_bruteforce_attempts WHERE IP="xxx.xxx.xxx.xxx";
Logout of mysql with exit..
Login into nextcloud as Admin and delete first the App Bruteforce Login cause FAIL2BAN works WITHOUT MYSQL!!
I did a deeper firewall test on my fresh installed OpenWRT Router and activated a „Ads Blacklist“ after this my owncloud Share Login loops!
- Seems that some IP’s of the „Update Check Tool“ Servers, which is installed inside the PHP-Kit is blacklisted.
- So it seems the Code calls home! With this option its possible to count and collect IPs of Setups! Perhaps checkout unpatched Versions!
- I didn’t check deeper, but the behavior was clear without viewing the codes.
After publish this Info via Twitter:
- No Company / Developer works for „free“
- After Setup of PHP-Kits do a IP Firewall Traffic checkout
- If you don’t need the PHP Kit reachable via Internet block the IP Device at your Router from Internet Access!
- Prefer Standard Tools like SFTP/SCP with Key Auth to transfer Files, less unsecure cause only one application active!!
- PHP Kits Logins can often be scanned by Search Indexes by „Search by Title“ of the Login Webinterface!!
For me i decided to purge the package and use System Standard Tool „SFTP with SSH Key Auth“ and on my Phone a Totalcommander with SFTP Plugin!
If you use the wordpress app to publish posts you must set the User Role from Author to Editor, if not you got errors to upload post updates!
Apparmor has a current bug with the Kernel 4.14 on Debian and seems Ubuntu too, it blocks MySQL and other services from clean run. Bug touches Network Stack of the Kernel
I have often seen that the Unity Topbar of Ubuntu LTS is hidden or not clean loaded after Login.
It’s Caching Problem of Unity (Compiz) and Lightdm, if the PC is not clean rebooted or started.
sudo rm -fr ~/.cache/compizconfig-1 \
&& sudo rm -fr ~/.compiz && sudo service lightdm restart
Now relogin and check.. if ok do a Profile Backup! with:
tar -cvzf /usb-backup-stick/compiz.tgz \
If you work on older Laptops and you use a Console only System Setup like on Debian there is a Bug on systemd and the console-setup package since years. After reboot all Font Settings seems gone. But the Settings are not real gone, cause systemd does not pull the settings on boot!
How to fix?
- edit the crontab of root by
sudo su -
- insert the /bin/setupcon command on „@reboot“ means on every boot!
@reboot /bin/setupcon > /dev/null 2>&1
- save and exit, reboot now
- now the PC should echo big Fonts for old eyes „Terminus 20×12 Frambuffermode“
Current is a UNFIXED Bug on Debian 9.0 Stretch which makes impossible to easy install DKMS Nvidia-Legacy Drivers 304/340 for older Geforce Cards
To run nouveau on upgrade 8.0 to 9.0 go to /etc/modprobe.d and remove MANUAL all blacklist configs (*.conf) of nvidia cause some glued on upgrade and are not purged automatic by the upgrade. Cause they will block nouveau load at boot (xserver-xorg-video-nouveau)
Then run on Terminal:
$sudo update-initramfs -u -k all
- Older Hardware isn’t supported by Legacy Drivers after Nvidia-375!!
- If you not forced to upgrade to 9.0, then WAIT! up to 3 Month! and checkout Bug Lists.
- I tried Nvidia Installer Files too (*.run) they don’t work too, seems a API of the Kernel is changed
- Nouveau Version on Debian Stretch is able to run Kodi (glx)! seen on Geforce 8400GS 256MB
- On Onboard Geforce Chips like older Laptops HOLD Debian 8.0