Prevent brute force attacks against ownCloud

Owncloud does not prevent brute forces attacks by itself and a hacker could try thousands of passwords continuously until they crack it.

Fail2ban can be used to prevent this type of attack.

Owncloud does not log failed login attempts by default and therefore /var/www/owncloud/config/config.php needs to be modified.

Add the following to the bottom of config.php, change the timezone to match the server and change the log file to a file of your choice (For security reason do not put the log file in a location the webserver can access).

Next we need to create the log file using nano.

We need to ensure owncloud has full permissions on the file using chown.

Try to login with the wrong password and check if anything gets written to the log file.

Install fail2ban from the Ubuntu repos. Once fail2ban has been installed we need to create a local jail file.

We need to create a new filter to scan the log files and match a failed login attempt. Create /etc/fail2ban/filter.d/owncloud.conf
Add the following:

We need both lines for different versions of owncloud.

Update: ownCloud 8.2

Please use this Definition Regex instead:

Create a new file with sudo nano /etc/fail2ban/jail.local
Insert the following:

*Modify the log path to your chosen log file.*

I modified the default settings in the jail.conf file to enable emails, increase the ban time to 10 hours and decreased the number of login attempts before a ban.

This information was sourced from:

Ubuntu Community
Rojtberg’s Blog