New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Delete IP from oc_bruteforce_attempts via occ command #3058
Comments
I think it makes sense |
Works for me. :) |
Would it make sense to allow deleting an IP from this table via the admin-panel? |
since the brute force protection is not working properly for all users (for example NATted networks are a big problem) this feature definately should be there |
Maybe this could be part of the app that was developed around bruteforce protection already: |
I meant #3156 |
Any progress here ? |
ping @jospoortvliet as discussed publically after your 36c3 talk. I regard a final solution of this issue as easy and as important. |
Would you mind to share your use case? The throttling is only for a certain ip address. This is only a issue for nat or your reverse proxy configuration is invalid (nextcloud do not see the correct ip). server/lib/private/Security/Bruteforce/Throttler.php Lines 256 to 274 in 5bf3d1b
If anyone want's to submit a patch. You can reuse some of the code from there. Happy coding ☕ |
@kesselb use case? Very stupid simple use case: Nextcloud on a rented server. User/s try to hack a password, get blocked by the mechanism. Same happens, if your clients (not using the dedicated token method but password) use the wrong password - because user had changed that on via the web interface--- so there are many use cases. As an admin I wish to have a plugin or admin setting which allows to safely delete specific or all blocked IP from the table. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
So? Their IP address is blocked. You can still login. |
No. my own IP address is blocked, because my own other devices, in the same network and coming with the same IP to the server - when connected via username/password, not with token - were using the old (wrong) password. It took me a long time to figure out, what the problem was. You do really not understand the problem, whereas @jospoortvliet does. Please ask him. |
That's rude. Please use a more polite language the next time. Anyway I do understand the problem. Probably someone will pick it up. I don't see a strong urge to implement such a feature. Please refrain from asking for progress. 👍 the issue and subscribe for updates is enough. |
I would like to take a look at this issue. @kesselb You quoted code that can be reused. My first thought would be to extend the resetDelay function so that:
Does that make sense? |
Cool 👍 I think that's much additional complexity for this method. As start you might write a command to delete a single IP from the list. We can always extend later. Probably not bad to also write a command that lists the current blocks (if there is no such command yet). |
It would increase complexity, but on the other hand a new method would be relatively similar to the existing one. But I also understand your argument and that was also one of the reasons why I wanted to ask. |
At the moment you have to delete an IP address which was blocked by a brute-force-detection via an SQL command on the database.
https://help.nextcloud.com/t/how-can-i-unblock-an-ip-blocked-through-brute-force-detection/5731
It would be nice to to this via an "occ" command.
The text was updated successfully, but these errors were encountered: