How to check who is trying to login?

Hello Team,

I have opened up my Nextcloud to the Internet for remote access. I have a port forward rule to my Nextcloud only so my Nethserver login is not available from outside our network.

My question is related to how I can watch or confirm attempts to login to my Nextcloud that have failed. What I’m hoping to monitor or keep track of is attempts or hacks on my Nextcloud login. Does Nethserver provide a way for me to keep eyes on this? Is there a way to configure Nethserver/Nextcloud to block attempts or put a timeout on login attempts.

Thank you in advance for any help you can provide.

If you have any web facing application running on your NethServer, you absolutely must install fail2ban module… It will save you for so many illegal login/abuse attempts… also having SSH on a different port is good for a lot less log in attempts…

Nextcloud has brute force protection and a Brute-force settings app. I think the protection is enabled by default but the app could have been disabled after an update, or manually disabled for performance reasons (at least in the past).

You can search nextcloud.log for “Bruteforce” and/or “Login failed” (either from Nextcloud Logging interface, or grepping /var/lib/nethserver/nextcloud/nextcloud.log)

Agree with @robb, having Fail2Ban is extremely helpful: you can set a number of login attempts before blocking the offender and for how long it will be blocked.

Appreciate the replies.

I do have Brute Force Settings app enabled in my Nextcloud. I didn’t realize that was there and automatically enabled. That app enabled will definitely help me.

My security router is blocking my entire network so any attempt to get to my Nethserver via SSH would not be allowed. The only port I’ve opened to my Nethserver is 443 for login to my Nextcloud. which for now is the only app running on my Nethserver.

I don’t see fail2ban on Nethserver. I know it can be installed using stephdl repo. So far I’ve not enabled any outside applications or repos to my Nethserver. What are the caveats I’ll need to consider when upgrading or patching my Nethserver if I do install fail2ban from stephdl repo? Fail2ban would be a pretty critical piece of software in my opinion. Does anyone know if there are plans to integrate Fail2ban into Nethserver?

Thanks again for you assistance.

If you are willing to add stephdl repo, you can insatll any module available from that repo with a single install command. I consider his modules stable enough for production, but of course I can’t decide that for you…
Anyways, when installing fail2ban from stephdl repo, it will be fully integrated in NethServer and NethServer admin web interface.

Thanks @robb for the feedback on my question. I’ve tested stephdl’s apps before on my testserver and I’m very impressed with the amount of work stephdl puts into adding these for the community. How do these external modules survive upgrades to Nethserver though? I’m hesitant to include a module that may not work after an upgrade to Nethserver. It’s unfortunate these external modules can’t be integrated into Nethserver as supported.

Thank you.

@stephdl can you comment on this please?

Hi @greavette,

Don’t worry, the modules are updated via repository.

https://wiki.nethserver.org/doku.php?id=stephdl_repository

@stephdl maintains his packages well and keeps them updated, raised bugs are fixed fast and transparent.

The packages are high-quality, yum-cron for instance will be integrated to nethserver base packages in near future.

I use fail2ban, yum-cron, phpmyadmin and some more and didn’t experience problems so far.

Hi

this is free software game, if I hit a bus, github is here and the work won’t disappear, @mrmarkuz you are my spiritual heir, please continue the job

about 2500-3000 unique IP per month, if something is wrong we know it quick…be cool

yes already asked, I have a long story now with my repo you know, the legend claims that I became a developer because I could not access to a build system, then I created my repo…it was in 2013.