Skip to content

Implement occ command to reset bruteforce attemps from a given IP address#20005

Merged
MorrisJobke merged 2 commits into
nextcloud:masterfrom
joeried:occ-remove-bruteforce-attempts-by-ip
May 25, 2020
Merged

Implement occ command to reset bruteforce attemps from a given IP address#20005
MorrisJobke merged 2 commits into
nextcloud:masterfrom
joeried:occ-remove-bruteforce-attempts-by-ip

Conversation

@joeried

@joeried joeried commented Mar 17, 2020

Copy link
Copy Markdown
Contributor

Adds a way to remove all bruteforce attempts (after the cutoff time) for a given IP address
Should resolve #3058
I'm not entirely sure that the naming is correct.

@kesselb Please take a look.

@kesselb

kesselb commented Mar 17, 2020

Copy link
Copy Markdown
Contributor

Thanks 👍

  1. The autoloaders are not up to date. Please run: bash build/autoloaderchecker.sh and commit the result.
  2. php occ security:bruteforceattemps:reset-for-ip --ipadress=192.1.1.10 would be the command on my instance. That's quite long ;) I guess it's safe to use security:bruteforce:reset --ip or something else.
  3. I don't get the part with the cut off. As administrator using that command I would expect that the ip is removed. Why the check for the cut off? OK, lets keep that.

@joeried

joeried commented Mar 17, 2020

Copy link
Copy Markdown
Contributor Author
1. The autoloaders are not up to date. Please run: bash build/autoloaderchecker.sh and commit the result.

Thanks, I'll do that.

2. `php occ security:bruteforceattemps:reset-for-ip --ipadress=192.1.1.10` would be the command on my instance. That's quite long ;) I guess it's safe to use `security:bruteforce:reset --ip` or something else.

ipaddress is a argument and not an option. So your command would be [...]security:bruteforceattemps:reset-for-ip 192.1.1.10 (if I'm not mistaken?) but of course thats still quite long and could be shortened.

3. I don't get the part with the cut off. As administrator using that command I would expect that the ip is removed. Why the check for the cut off?

The cut off is taken into account, as this would be consistent with the IP unblock after a successful login.
I thought the idea behind this was to not delete more entries than necessary to bypass the throttling.

Comment thread lib/private/Security/Bruteforce/Throttler.php Outdated
Comment thread lib/private/Security/Bruteforce/Throttler.php Outdated
@joeried joeried force-pushed the occ-remove-bruteforce-attempts-by-ip branch 3 times, most recently from b13400c to bda8017 Compare March 19, 2020 14:24
@kesselb

kesselb commented Mar 19, 2020

Copy link
Copy Markdown
Contributor

All right. Mind to do another rebase (to get rid of the composer annotation update - that's already landed in master) and squash the commits together?

Signed-off-by: Johannes Riedel <joeried@users.noreply.github.com>
@joeried joeried force-pushed the occ-remove-bruteforce-attempts-by-ip branch from bda8017 to 0c38569 Compare March 19, 2020 15:21
@joeried joeried added 3. to review Waiting for reviews and removed 2. developing Work in progress labels Apr 13, 2020
@kesselb kesselb requested review from MorrisJobke and rullzer May 24, 2020 20:01
@kesselb kesselb added this to the Nextcloud 20 milestone May 24, 2020

@MorrisJobke MorrisJobke left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks good 👍 Tested and works

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
@kesselb

kesselb commented May 25, 2020

Copy link
Copy Markdown
Contributor

My bad. I overlooked the rebase and forgot to request a review earlier. Otherwise it might be landed for 19 already 🙈

@MorrisJobke

Copy link
Copy Markdown
Member

I just pushed a fixed space - so let's merge this and continue on this :) Thanks for the feature :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

3. to review Waiting for reviews enhancement

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Delete IP from oc_bruteforce_attempts via occ command

3 participants