Even though you think you have a strong password set to your user account, it could be brute-forced. To prevent this just use Fail2ban to block brute-force attempts.
We are used to using complicated passwords that’s hard to remember, but take look at this, and you might change your mind:
So yes, it’s kind of easy to crack a “complex password”. Luckily this simple guide show you how to set up a strong protection, where you have total control!
Tested on ownCloud server version 9.0
-
Install Fail2ban
:~$ sudo apt-get install fail2ban
-
Go to …/owncloud/config/config.php
$~: sudo nano /var/www/owncloud/config/config.php
You have to look for these values, and change them to this:
'loglevel' => '2', 'logfile' => '/var/www/owncloud/data/owncloud.log', 'logtimezone' => 'your_time_zone',
To verify that logging works, do some failed logins and check /var/www/owncloud/data/owncloud.log.
-
Go to /etc/fail2ban/filter.d/owncloud.conf
$~: sudo nano /etc/fail2ban/filter.d/owncloud.conf
And create this filter:
[Definition] failregex={"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}
-
Go to /etc/fail2ban/jail.local
$~: sudo nano /etc/fail2ban/jail.local
Add this definition to your jail.local file:
[owncloud] enabled = true filter = owncloud port = https bantime = 3000 findtime = 600 maxretry = 4 logpath = /var/www/owncloud/data/owncloud.log
-
restart fail2ban
:~$ sudo service fail2ban restart
-
To unban
If you somehow manage to lock yourself out from the system, just type this command in terminal to unban your IP:
:~$ sudo fail2ban-client set owncloud unbanip IP_ADRESS
Check for banned IP
:~$ sudo iptables -L -n
Banned IP look like this
Chain fail2ban-owncloud (1 references) target prot opt source destination DROP all -- 192.168.100.100 0.0.0.0/0 RETURN all -- 0.0.0.0/0 0.0.0.0/0