kkw
April 14, 2024, 11:02pm
1
Hi,
Debian 12, OC: 10.14.0.3, only https connections.
My desktop app: ownCloud 4.2.0.11670, Libraries Qt 5.15.8, OpenSSL 1.1.1t 7 Feb 2023
It’s old thing. I’m trying to use fail2ban to secure OwnCloud instance.
Even though logins work correctly, the following errors appear in the log (owncloud.log) and cause fail2ban to work incorrectly. These errors occur at specific intervals, e.g. every two hours. From the ID provided, I concluded that they are generated by the desktop application. My desktop application, which also causes errors in the log, works normally. What can I do?
{“reqId”:“161e9bf7-7dfa-4bf6-b0c8-bf8afaa442ca”,“level”:2,“time”:“April 14, 2024 22:22:13”,“remoteAddr”:“(his ip)”,“user”:“(another user)”,“app”:“core”,“method”:“POST”,“url”:“/index.php/apps/oauth2/api/v1/token”,“message”:“Login failed: ‘xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69’ (Remote IP: ‘(his ip)’)”}
{“reqId”:“4daa153a-c782-43ba-b6cf-025be1fc038b”,“level”:2,“time”:“April 14, 2024 23:31:32”,“remoteAddr”:“(my ip)”,“user”:“(me)”,“app”:“core”,“method”:“POST”,“url”:“/index.php/apps/oauth2/api/v1/token”,“message”:“Login failed: ‘xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69’ (Remote IP: ‘(my ip)’)”}
1 Like
Interesting issue, unfortunately I cannot help. I’m using the Brute-Force Protection app.
tom42
April 20, 2024, 9:21am
3
Hey,
i think there is an open issue reported to the ownCloud people about this here:
opened 05:08PM - 02 May 23 UTC
### Steps to reproduce
1. Unclear
### Expected behaviour
No failed logins
…
### Actual behaviour
Login failed messages in Log. Mostly hourly. Often at other times. From all users.
### Server configuration
**Operating system**:
Ubuntu 22.04.2 LTS
**Web server:**
Apache
**Database:**
MariaDB 10.6.12
**PHP version:**
7.4.33
**ownCloud version:** (see ownCloud admin page)
10.11.0.6
**Updated from an older ownCloud or fresh install:**
Always updated as soon as new Version was available. Since years.
**Where did you install ownCloud from:**
Sources from Website
**Signing status (ownCloud 9.0 and above):**
No errors have been found.
**The content of config/config.php:**
https://gist.github.com/wassereimer86/b88e074850e24daa6d7f1dab5e7306f7
**List of activated apps:**
https://gist.github.com/wassereimer86/9f6ebb8b32ec8df457f4434d675c13fb
**Are you using external storage, if yes which one:** local/smb/sftp/...
no
**Are you using encryption:** yes/no
no
**Are you using an external user-backend, if yes which one:** LDAP/ActiveDirectory/Webdav/...
no
### Client configuration
Not relevant because this happens to all users on different systems
### Logs
#### Web server error log
Except for many "404 GET [/remote.php/dav/avatars/usernames/128.png] HTTP/1.0"" nothing interesting in there.
#### ownCloud log (data/owncloud.log)
Exemple:
```
{"reqId":"c680d52e-c283-4039-98e2-981a090b98c5","level":2,"time":"2023-04-28T10:28:57+02:00","remoteAddr":"***REMOVED SENSITIVE VALUE***","user":"***REMOVED SENSITIVE VALUE***","app":"core","method":"POST","url":"\/index.php\/apps\/oauth2\/api\/v1\/token","message":"Login failed: '***REMOVED SENSITIVE VALUE***' (Remote IP: '***REMOVED SENSITIVE VALUE***')"}
{"reqId":"7073cc71-224a-49e2-be05-47b26fa79a80","level":2,"time":"2023-04-28T11:28:58+02:00","remoteAddr":"***REMOVED SENSITIVE VALUE***","user":"***REMOVED SENSITIVE VALUE***","app":"core","method":"POST","url":"\/index.php\/apps\/oauth2\/api\/v1\/token","message":"Login failed: '***REMOVED SENSITIVE VALUE***' (Remote IP: '***REMOVED SENSITIVE VALUE***')"}
{"reqId":"3662e577-d5c1-4cff-8d31-bf4549e7593c","level":2,"time":"2023-04-28T12:28:59+02:00","remoteAddr":"***REMOVED SENSITIVE VALUE***","user":"***REMOVED SENSITIVE VALUE***","app":"core","method":"POST","url":"\/index.php\/apps\/oauth2\/api\/v1\/token","message":"Login failed: '***REMOVED SENSITIVE VALUE***' (Remote IP: '***REMOVED SENSITIVE VALUE***')"}
{"reqId":"e5ed8d79-0d4e-462a-9a45-277caee4e1dd","level":2,"time":"2023-04-28T13:29:30+02:00","remoteAddr":"***REMOVED SENSITIVE VALUE***","user":"***REMOVED SENSITIVE VALUE***","app":"core","method":"POST","url":"\/index.php\/apps\/oauth2\/api\/v1\/token","message":"Login failed: '***REMOVED SENSITIVE VALUE***' (Remote IP: '***REMOVED SENSITIVE VALUE***')"}
{"reqId":"538d7b50-f8c9-4e3e-bdb4-9bbf1cdce0bb","level":2,"time":"2023-04-28T14:30:01+02:00","remoteAddr":"***REMOVED SENSITIVE VALUE***,"user":"***REMOVED SENSITIVE VALUE***","app":"core","method":"POST","url":"\/index.php\/apps\/oauth2\/api\/v1\/token","message":"Login failed: '***REMOVED SENSITIVE VALUE***' (Remote IP: '***REMOVED SENSITIVE VALUE***')"}
```
#### Browser log
Not relevant because this happens to all users on different systems
system
Closed
July 19, 2024, 9:21am
4
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.