kkw
April 14, 2024, 11:02pm
1
Hi,
Debian 12, OC: 10.14.0.3, only https connections.
It’s old thing. I’m trying to use fail2ban to secure OwnCloud instance.
{“reqId”:“161e9bf7-7dfa-4bf6-b0c8-bf8afaa442ca”,“level”:2,“time”:“April 14, 2024 22:22:13”,“remoteAddr”:“(his ip)”,“user”:“(another user)”,“app”:“core”,“method”:“POST”,“url”:“/index.php/apps/oauth2/api/v1/token”,“message”:“Login failed: ‘xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69’ (Remote IP: ‘(his ip)’)”}
1 Like
Interesting issue, unfortunately I cannot help. I’m using the Brute-Force Protection app.
tom42
April 20, 2024, 9:21am
3
Hey,
i think there is an open issue reported to the ownCloud people about this here:
opened 05:08PM - 02 May 23 UTC
### Steps to reproduce
1. Unclear
### Expected behaviour
No failed logins
…
### Actual behaviour
Login failed messages in Log. Mostly hourly. Often at other times. From all users.
### Server configuration
**Operating system**:
Ubuntu 22.04.2 LTS
**Web server:**
Apache
**Database:**
MariaDB 10.6.12
**PHP version:**
7.4.33
**ownCloud version:** (see ownCloud admin page)
10.11.0.6
**Updated from an older ownCloud or fresh install:**
Always updated as soon as new Version was available. Since years.
**Where did you install ownCloud from:**
Sources from Website
**Signing status (ownCloud 9.0 and above):**
No errors have been found.
**The content of config/config.php:**
https://gist.github.com/wassereimer86/b88e074850e24daa6d7f1dab5e7306f7
**List of activated apps:**
https://gist.github.com/wassereimer86/9f6ebb8b32ec8df457f4434d675c13fb
**Are you using external storage, if yes which one:** local/smb/sftp/...
no
**Are you using encryption:** yes/no
no
**Are you using an external user-backend, if yes which one:** LDAP/ActiveDirectory/Webdav/...
no
### Client configuration
Not relevant because this happens to all users on different systems
### Logs
#### Web server error log
Except for many "404 GET [/remote.php/dav/avatars/usernames/128.png] HTTP/1.0"" nothing interesting in there.
#### ownCloud log (data/owncloud.log)
Exemple:
```
{"reqId":"c680d52e-c283-4039-98e2-981a090b98c5","level":2,"time":"2023-04-28T10:28:57+02:00","remoteAddr":"***REMOVED SENSITIVE VALUE***","user":"***REMOVED SENSITIVE VALUE***","app":"core","method":"POST","url":"\/index.php\/apps\/oauth2\/api\/v1\/token","message":"Login failed: '***REMOVED SENSITIVE VALUE***' (Remote IP: '***REMOVED SENSITIVE VALUE***')"}
{"reqId":"7073cc71-224a-49e2-be05-47b26fa79a80","level":2,"time":"2023-04-28T11:28:58+02:00","remoteAddr":"***REMOVED SENSITIVE VALUE***","user":"***REMOVED SENSITIVE VALUE***","app":"core","method":"POST","url":"\/index.php\/apps\/oauth2\/api\/v1\/token","message":"Login failed: '***REMOVED SENSITIVE VALUE***' (Remote IP: '***REMOVED SENSITIVE VALUE***')"}
{"reqId":"3662e577-d5c1-4cff-8d31-bf4549e7593c","level":2,"time":"2023-04-28T12:28:59+02:00","remoteAddr":"***REMOVED SENSITIVE VALUE***","user":"***REMOVED SENSITIVE VALUE***","app":"core","method":"POST","url":"\/index.php\/apps\/oauth2\/api\/v1\/token","message":"Login failed: '***REMOVED SENSITIVE VALUE***' (Remote IP: '***REMOVED SENSITIVE VALUE***')"}
{"reqId":"e5ed8d79-0d4e-462a-9a45-277caee4e1dd","level":2,"time":"2023-04-28T13:29:30+02:00","remoteAddr":"***REMOVED SENSITIVE VALUE***","user":"***REMOVED SENSITIVE VALUE***","app":"core","method":"POST","url":"\/index.php\/apps\/oauth2\/api\/v1\/token","message":"Login failed: '***REMOVED SENSITIVE VALUE***' (Remote IP: '***REMOVED SENSITIVE VALUE***')"}
{"reqId":"538d7b50-f8c9-4e3e-bdb4-9bbf1cdce0bb","level":2,"time":"2023-04-28T14:30:01+02:00","remoteAddr":"***REMOVED SENSITIVE VALUE***,"user":"***REMOVED SENSITIVE VALUE***","app":"core","method":"POST","url":"\/index.php\/apps\/oauth2\/api\/v1\/token","message":"Login failed: '***REMOVED SENSITIVE VALUE***' (Remote IP: '***REMOVED SENSITIVE VALUE***')"}
```
#### Browser log
Not relevant because this happens to all users on different systems