How to view Nextcloud's Brute Force Attempts Table
Nextcloud includes "Brute Force" protection. Basically, if a user enters the wrong password too many times then their IP address is throttled.
This quick how to describes how to view the list of IP addresses that have been added to Nextcloud's Brute Force Attempts table.
- ssh into your Nextcloud Server: ssh user@nextcloudserver
- get into your mysql client: sudo mysql (you may need to use something like sudo -u USER -p PASSWORD -h HOSTNAME)
- list the databases: show databases;
- select the Nextcloud database: user nextcloud_db;
- list tables in the database: show tables;
- list all lines in the oc_bruteforce_attempts table: select * from oc_bruteforce_attempts;
Note that if you are behind a Reverse Proxy you may see that all of the entries are the same and they're all the IP of your Reverse Proxy server. If this is the case you have 2 options:
- Update your Reverse Proxy server to pass the client's IP to Nextcloud
- Whitelist your Reverse Proxy's IP (effectively eliminating Nextcloud's Brute Force protections) by installing the Nextcloud App Brute-force settings