Even though you think you have a strong password set to your user account, it could be brute-forced. To prevent this just use Fail2ban to block brute-force attempts.

We are used to using complicated passwords that’s hard to remember, but take look at this, and you might change your mind:

password_strength

So yes, it’s kind of easy to crack a “complex password”. Luckily this simple guide show you how to set up a strong protection, where you have total control!

Tested on ownCloud server version 9.0

  1. Install Fail2ban
    :~$ sudo apt-get install fail2ban
  2. Go to …/owncloud/config/config.php
    $~: sudo nano /var/www/owncloud/config/config.php

    You have to look for these values, and change them to this:

    'loglevel' => '2',
    'logfile' => '/var/www/owncloud/data/owncloud.log',
    'logtimezone' => 'your_time_zone',

    To verify that logging works, do some failed logins and check /var/www/owncloud/data/owncloud.log.

  3. Go to /etc/fail2ban/filter.d/owncloud.conf
    $~: sudo nano /etc/fail2ban/filter.d/owncloud.conf

    And create this filter:

    [Definition]
    failregex={"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}
    
  4. Go to /etc/fail2ban/jail.local
    $~: sudo nano /etc/fail2ban/jail.local

    Add this definition to your jail.local file:

    [owncloud]
    enabled = true
    filter  = owncloud
    port    = https
    bantime  = 3000
    findtime = 600
    maxretry = 4
    logpath = /var/www/owncloud/data/owncloud.log
  5. restart fail2ban
    :~$ sudo service fail2ban restart
  6. To unban

    If you somehow manage to lock yourself out from the system, just type this command in terminal to unban your IP:

    :~$ sudo fail2ban-client set owncloud unbanip IP_ADRESS
Check for banned IP
:~$ sudo iptables -L -n
Banned IP look like this
Chain fail2ban-owncloud (1 references)
target     prot opt source               destination         
DROP       all  --  192.168.100.100          0.0.0.0/0      
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

 

 PRO TIP

Check out the pre-configured ownCloud VM. Just download and mount. Voila, you have your own server.