diederich89

Members
  • Posts

    13
  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

diederich89's Achievements

Noob

Noob (1/14)

0

Reputation

  1. Hi Mik3, thank you very much for your fast reply! The idea with temporarily disabling the nextclowd own bruteforce protection did the trick: BOOM...crowdsec blocked my IP I have never been so happy to see a "you got blocked" page haha I didn't find out how to turn-off the bruteforce protection on vaultwarden so far, but I guess, if I can see crowdsec reading the logfile in the commandline and since I configured it the same way as i did it with nextcloud, it will work, too. I use SWAG as reverse-proxy and nextcloud, vaultwarden and so on are sitting behind SWAG. I was hoping, that crowdsec can also watch for SQL-Injection tryouts and so on or if a nextcloud version gets vulnerable and there are public exploits, that crowdsec would download the pattern automatically and block these exploit-attempts. I thought that would be possible since I read that crowdsec can also block hafnium exploit attempts (Exchange Zero Day). The attacker in this case would try to add powershell commands to a URL-Variable to gain root access. Someone on the internet said that crowdsec can see these attacks and block the IP of the attacker. But I guess that is not possible on nextcloud parser and too much of a wish
  2. hi there, i have the same problem with "No matching files for pattern". I can manually block my IP and unblock it, so I guess crowdsec is working correct. But it seems like my nextcloud logs won't be read! Nextcloud-Parser seems to be active: But nextcloud logs aren't displayer here: And in cli it says: So I guess nextcloud logfile won't be read? this is my acquis.yaml: My questsions are: 1. how can I check nextcloud.log with crowdsec? 2. how can I verify for sure, that crowdsec is working on nextcloud? 3. how can I test a malicious string or something on my nextcloud to see if my IP-Adress is getting banned through crowdsec? Thanks for help ::: EDIT: OK, I've found it out myself You have to create a path variable on nextcloud docker and crowdsec docker: Then you have to tell nextcloud to change the logfile path: sudo -u abc touch /log/nextcloud.log chmod 777 /log/nextcloud.log Then Edit the config.php and insert the path: nano /mnt/user/appdata/nextcloud/www/nextcloud/config/config.php 'loglevel' => 1, 'logfile' => '/log/nextcloud.log', ::: Now I have another question How can we test if crowdsec is doing something at all? As far as I know, crowdsec can only prevent bruteforce for nextcloud (which is too bad, I was hoping, that crowdsec is a real intrusion prevention system and blocks more attack szenarios like "trying SQL Injections".... nethertheless I now have the problem, that I can't test crowdsec for bruteforce attacks since nextcloud anti-bruteforce tool is blocking my tests BEFORE crowdsec is blocking anything. Does anybody have an idea on how to test if crowdsec is doing its job? How can I trigger a pattern to verify?
  3. after I switched to another usb-hub and had the same issue, i replaced my usb stick. Now I can say: my usb stick was dying On my new usb stick, I can reboot over 10 times in a row without a single issue. Thanks for your help!
  4. Thanks for this hint! When I unplug every USB except the unraid USB, I can boot 5 times in a row without any issues. I then pluged the USB-Hub back in which has my USB mouse and USB Keyboard and then the boot-problems happened again. I will buy another USB-Hub and try again.
  5. It is a USB2 Port for the boot drive. (Front USB) I have attached a USB-Hub to another Rear USB which is passed through to the Win10 VM. Do you have any further ideas?
  6. thanks for your reply, I will read further on how to use the second network adapter on my unraid for different dockers and throw the second network adapter in a vlan.
  7. hi there, I have the problem (ever since), that my unraid usb stick is not recognized by my Server and it boots directly to windows. I updated bios to the latest version. After that, my server recognizes the usb stick every reboot, but every now and then it fails to boot properly. When I stick my usb stick to another USB Port, and reboot then it boots normal for a few times before it happens again. I have attached you pictures of the errors. Unraid stops booting. What I have done so far: 1. played around with legacy and UEFI boot 2. deactivated secure boot (for sure) 3. deactivated fast boot 4. bios update The model of my motherboard is TUF X299 MARK 1 I'm a UNRAID user and big fan since december 2022. My brand new usb stick which I bought on christmas had this problem ever since. Once the system has booted everything runs smooth for weeks! Do you have any suggestions to stop this? I would be very happy to solve this problem since my Nextcloud is not available after a powerloss and that's a big problem when I need it and I am not at home thanks!
  8. Thanks for your fast reply! So if there is an exploit on nextcloud itself which leads to a rootshell on the docker container "nextcloud", someone could install for example metasploit on that container and can try to attack my Win10 Client in my home network (since it is pingable and connectable). That's a thing I can't get out of my head and I really don't like Attacker attacks --> https://nextcloud.OWNSERVER --> runs an exploit to gain access to a root shell on nextcloud docker --> install "hacking tools" on nextcloud docker --> attacks my Win10 VM and hacks to RDP Port (which I assume is open in that scenario)
  9. Thanks for reply! I did some deeper research and read a little more about docker container. Are the following information correct? 1. Docker container on unraid are not executed with root rights per default 2. so if a Docker container gets hacked, nothing can be installed on the docker container and escaping to another container is not possible 3. using docker.socks directly in an container is indeed very dangerous and could lead to hacked unraid hosts and takeover So if you avoid doing Point 3, there is nothing bad about the containers being able to ping each other and the internal network. Right?
  10. Hi there, I switched to traefik and had the same problem. So that did the trick for me: nano /mnt/user/appdata/nextcloud/php/www2.conf insert these variables: pm = ondemand pm.max_children = 300 pm.start_servers = 8 pm.min_spare_servers = 8 pm.max_spare_servers = 16 pm.max_requests = 500
  11. hi there, I'm wondering how to secure Dockers with iptables, too. I have nextcloud running through swag like spaceinvador does in his tutorial. SWAG and nextcloud can reach my internal network and my Windows10 Client directly on any port which is a security issue in my opinion. Because if SWAG or Nextcloud docker gets hacked, then my whole system can get compromised. So I want to block internal traffic between the dockers and isolate the proxynet completely. Is that possible? I have posted screenshots of my setup and a established connection from the nextcloud docker to RDP Port of my Win10 Client which i wan't to block with iptables. I want to only allow the following communication and block all others: SWAG 172.18.0.5 to NextCloud 172.18.0.3 443 + 80 SWAG 172.18.0.5 to Documentserver 172.18.0.4 443 + 80 NextCloud 172.18.0.3 to SWAG 172.18.0.5 443 + 80 Documentserver 172.18.0.4 to SWAG 172.18.0.5 443 + 80 I already tried many different commands on iptables but nothing works. Does anybody have an idea and can help? Would be very grateful Thanks!
  12. same problem here. A simple restart of the SWAG container is solving the problem temporarily. I was thinking it was a good workaround to just restart SWAG hourly through UserScripts, but then I found out: 1. if I am clicking "too much" on the nextcloud webinterface and browse trough too much folders, then it crashes again 2. a reboot of SWAG is solving the problem But that's not a great solution, since I can't just reboot the SWAG container manually when it happens when I am not at home Does anybody have a solution for this? Thanks!