Ownlcoud logs warnings & errors

Hello, I have been using ownCloud for about 9 months and I always get the same king of warning / error in the logs. I am not sure if this is something I should worry about as it looks like someone trying to access the server.

This as example:

{“reqId”:“Yxxxxxxxxxxxx-AUAAAAAM”,“level”:2,“time”:“2021-02-02T19:20:50+01:00”,“remoteAddr”:“xxx.xxx.30.53”,“user”:"–",“app”:“core”,“method”:“GET”,“url”:"/",“message”:“Trusted domain error. “xxx.xxx.30.53” tried to access using “hxxxxx.xxxxserver.net” as host.”}

I get many like this everyday from the beginning and with different IP addresses. ¿Is there anything else I should configure to avoid risks? I have set the HSTS and my domain is accessible with https.

Thanks in advance!

Steps to reproduce

Expected behaviour

Tell us what should happen

Actual behaviour

Tell us what happens instead

Server configuration

Operating system:
Ubuntu 18.04.5 LTS
Web server:

PHP version:

ownCloud version: (see ownCloud admin page)
Updated from an older ownCloud or fresh install:

Where did you install ownCloud from:

Signing status (ownCloud 9.0 and above):

Login as admin user into your ownCloud and access 
paste the results into https://gist.github.com/ and puth the link here.

The content of config/config.php:

Log in to the web-UI with an administrator account and click on
'admin' -> 'Generate Config Report' -> 'Download ownCloud config report'
This report includes the config.php settings, the list of activated apps
and other details in a well sanitized form.


If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder

*ATTENTION:* Do not post your config.php file in public as is. Please use one of the above
methods whenever possible. Both, the generated reports from the web-ui and from occ config:list
consistently remove sensitive data. You still may want to review the report before sending.
If done manually then it is critical for your own privacy to dilligently
remove *all* host names, passwords, usernames, salts and other credentials before posting.
You should assume that attackers find such information and will use them against your systems.

List of activated apps:

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder.

Are you using external storage, if yes which one: local/smb/sftp/…

Are you using encryption: yes/no

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/…

LDAP configuration (delete this part if not used)

With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your ownCloud installation folder

Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';

Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.

Client configuration


Operating system:


Web server error log

Insert your webserver log here

ownCloud log (data/owncloud.log)

Insert your ownCloud log here

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log 
c) ...


As I can see in the log, you should add the trusted domain http://hxxxxx.xxxxserver.net/

First of all, check how many domains you have.

After all, add the external domain with the command.

occ config:system:get trusted_domains

In my case I have 3 “trusted domains” so add your domain with the command. without https://

occ config:system:set trusted_domains 4 --value="hxxxxx.xxxxserver.net"

Do it and let me now the resuts.

Erwin Palma

1 Like

Hi wildwebmaster

I get many like this everyday from the beginning and with different IP addresses […] I get many like this everyday from the beginning and with different IP addresses.

This is indeed possbile. There is a bunch of exploit tools which try to find vulnerabilities on machines in the internet.

So follow epalma’s advice to review your configuration. In this case prefer to edit config.php directly instead of using occ

In your case the stanza could look like

‘trusted_domains’ =>
0 => ‘localhost’,
1 => ‘www.example.com’,

where you replace the example domain with your domain.

I’d recommend not to add any IP addresses unless you know why you enter them, since I guess you’ll never access your cloud via IP address.

For your convenience, here is the link to the manual: https://doc.owncloud.org/server/10.6/admin_manual/installation/manual_installation/manual_installation.html#managing-trusted-domains

1 Like


That is another way to do it as well…

Now, you have two options. :slight_smile:

Thanks @cortho!

1 Like