Or the latest updated nethserver and also nextcloud, everything seems to work but I can no longer log in with admin with the default password Nethesis,1234
Why haven’t you changed the “default” password?
Most likely some script kiddie changed your password for you.
He still probably has full access - you don’t!
There is a very good reason to change those passwords as soon as NethServer / Nextcloud is installed…
This is a very basic, beginners error!
I would say your server is compromised, best would be a reinstall.
You can reset both passwords - but you’ld need a working password first.
Even then, I would NOT trust the server anymore… Reinstall!
My 2 cents
Reinstalling all of the server or just nextclolud …
If you have a “decent” password for your Server (root & admin) only Nextcloud needs handling.
If the server has only recently been setup, you can recover the Nextcloud Password:
Scroll down until here:
“How to reset Nextcloud’s admin password”
Note: Do NOT use the same password for the Nextcloud local admin as you are using for root / admin. Keep this password seperate!
If you later on intend to use AD or LDAP for Nextcloud, you will still need the local admin to setup AD correctly in NC… (Later on, this user is hardly ever used!) But you need to manually give other Users (AD or LDAP users) NC “admin” rights!
If this solves your problem, please mark this as solved!
This can help others having same or similiar problems…
My 2 cents
Well, no, you could reset the Nextcloud admin password using the
occ command, assuming you can log into the server as root. But I’m with you–why in the hell would anyone leave the admin password of a public-facing service at a well-known and published default?
I assumed the root / admin of nextserver was changed too - that would leave NO usable login…
But it seems only NC was modified - a typical script kiddie…
If the attacking dude had any real know-how, this server would be long compromised…
I did provide the link to the OCC command:
It’s normal, after installation of NC, that it’s available online with the standard password. Changing that ASAP is one of the first tasks after installing NC.
In a post in a different topic, this was about an unattended Install, implying Nethserver had the same root password as NC… That would imply (for my logic at least) that the whole server is compromised…
That’s why I said this is an absolute beginners mistake!
Like all those dudes who think they’re cool and smart and “hacked” their iPhone. All “rooted” iPhones all use the same password. And more than 90% don’t understand this, but activate ssh on the “rooted” iPhone… The password is always the same, alpine… 90% still used that password (To dumb to think about changing the password, and too iliterate to read beyond the “rooting” itself).
A few years back, I had a script on my notebook, active when “on the road”, eg at a hotspot, that “looked” for hacked iPhones, if any were found, logged in via SSH, changed the password to “iamastupididiot” and a small screen shown a couple of seconds later explaining what happened…
In any case, they couldn’t use their iPhone after the reboot command sent via SSH…
I didn’t consider that “hacking”, but teaching noobs that there IS a difference between a script kiddie and someone who knows what is going on…
I’m self employed, but if I were an employed sysadmin, and after starting a new job, one of the first tasks is to establish basic security. That’s read as changing the passwords for ALL admin users!
Second task would be to delete / recreate all SSH logins (SSH-Keys)…
My 2 cents
Lol, silly question, have you tried changing your browser? I had some problems with chrome sometime ago… i just started firefox and i could login…
First, THANK YOU FOR EVERYTHING
Then I managed to fix it …… … and then either changed the password.
It is true that you had to change but or always left But now everything is back to normal obviously with the password changed …
This is why SSH certificates are a good thing. Maybe some day I’ll get LLNG to the point where I can use it to authenticate for those.
Sure using SSH Certs via some management tool like LLNG provides better handling and revocation. Until recently, SSH Certs were hardly used in the workplace.
But on most UN*X or Linux Servers you’ll find many, mostly undocumented SSH-Keys…
Reality is often not the nice theoretically ideal world - often far from that…
BTW, the same problems also exist for a lot of Access systems (Badge based)… Zurich Airport replaced their “old” system ten years ago because a revocation would entail an employee wandering through the airport with a Notebook, and reprogramming the high double-digit amount of Gates, Doors, etc. This almost always meant that a revocation was often several days not valid.
They ordered a new system - and that had the same problem…
Theoretically, it could handle remote management, but it didn’t work for a couple of years…
So, from my side, a big thumbs up to continue the good work so far on LLNG - and get that tool working!
My 3 cents
(Throwing in an additional cent for the good work, idea, and persistance to get it working!)
PS: I do know that link, and fully agree!
Right now I’m running into two serious problems:
- The Apache virtual host configuration is doing weird things (preventing Let’s Encrypt cert issuance), and appears to be overriding the default virtual host configuration as well. This one has me kind of stumped.
- It doesn’t work with AD systems at this time. I haven’t done much with this issue, but I think I at least know where to be looking.
But this is rather off the subject of this topic–we seem to get sidetracked easily.