ownCloud Brute-Force Protection

ownCloud Brute-Force Protection

The ownCloud Brute-Force Protection app for login attempts can thwart many ownCloud security issues. The app helps protect against brute force attacks, including dictionary attacks, by banning IPv4 addresses after a set amount of incorrect unsuccessful user login attempts.

Install the ownCloud Brute-Force Protection App

Below we’ll cover how to install and configure the ownCloud Brute-Force Protection app to suit your needs.

ownCloud Brute-Force Protection settings
  1. Log into ownCloud and install the Brute-Force Protection app.
  2. From the settings page, under Admin, select Security.
  3. The ownCloud security app adds three options under Brute Force Protection. The first feature is “Count failed attempts over how many seconds?” The default 60 seconds is good for getting started. Increase the threshold by at least another minute if users report being locked out at random, which may indicate a cyber attack, and related ownCloud security issues.
  4. The preset 3 for “Ban after how many failed attempts?” is common and expected. Change this as you see fit.
  5. Five minutes (300 seconds) to “Ban for how many seconds?” is a conservative lockout period. A 30 minute duration or longer should better block advanced cyber attacks utilizing multiple IPs.
  6. Select Save settings.

Improve ownCloud Security

One app alone is not enough to truly harden ownCloud server security. You should also install the Password Policy ownCloud app which forces users to create stronger passwords. If you’ve suffered cyber intrusions due to weak password management before, educate users about two factor authentication (TFA) solutions before implementing a time-based one-time password (TOTP) solution. Android, Apple, and other smartphone operating systems have QR code apps to support this.

Additionally, talk with your hosting provider about ways to harden your hosting account and web server security. For example, ownCloud depends on PHP, a server-side programming language that usually needs to be updated at least annually. Make sure you understand your server firewall and antivirus solutions as no ownCloud security apps can protect your data from malware.

Learn more from our ownCloud Education Channel.

J
Jacqueem Content Writer I

Technical writer focused on cybersecurity and musicianship.

More Articles by Jacqueem

Was this article helpful? Let us know!