Brute-force settings

Highest Nextcloud version

Nextcloud 24
Show all releases

Community rating
Author

Nextcloud GmbH

Co-Maintainers
  • skjnldsv
  • nextcloud_release_service
Last updated

2 years, 9 months ago

Categories

Security

Resources
Interact
Report problem Request feature Ask questions or discuss

Brute Force Protection is meant to protect Nextcloud servers from attempts to guess user passwords in various ways. Besides the obvious "let's try a big list of commonly used passwords" attack, it also makes it harder to use slightly more sophisticated attacks via the reset password form or trying to find app password tokens.

If triggered, brute force protection makes requests coming from an IP on a bruteforce protected controller with the same API slower for a 24 hour period.

With this app, the admin can exempt an IP address or range from this protection which can be useful for testing purposes or when there are false positives due to a lot of users on one IP address.

Releases

Nextcloud version Stable channel Nightly channel All releases
24 2.4.0 - 24
23 2.4.0 - 23
22 2.4.0 - 22
21 2.4.0 - 21
20 2.2.0 - 20
19 2.2.0 - 19
18 2.1.0 - 18
17 1.6.0 - 17
16 1.6.0 - 16
15 1.6.0 - 15
14 1.6.0 - 14
13 1.6.0 - 13
12 1.6.0 - 12

Comments

Anonymous
Good
Ok
Bad
2 years, 1 month ago

App is now released alongside with Nextcloud core, thus this page is deprecated.