From a55673cec84f5972b7c89edf59326ec9a55a6667 Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Wed, 21 Sep 2022 17:12:01 +0200 Subject: [PATCH 1/4] Rename "user" to "account" in description Signed-off-by: Vincent Petry --- README.md | 34 +++++++++++++++++----------------- appinfo/info.xml | 2 +- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 237bb9ab..594080dc 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,17 @@ -# BruteForceSettings - -This app provides the possibility to manage some settings of the brute force protection in Nextcloud. - -- [See app in NC AppStore](https://apps.nextcloud.com/apps/bruteforcesettings) - -## Screenshot - -![Screenshot of configuration](https://raw.githubusercontent.com/nextcloud/bruteforcesettings/master/screenshots/1.png) - -## Description - -Brute Force Protection is meant to protect Nextcloud servers from attempts to guess user passwords in various ways. Besides the obvious "*let's try a big list of commonly used passwords*" attack, it also makes it harder to use slightly more sophisticated attacks via the reset password form or trying to find app password tokens. - -If triggered, brute force protection makes requests coming from an IP on a bruteforce protected controller with the same API slower for a 24 hour period. - -With this app, the admin can exempt an IP address or range from this protection which can be useful for testing purposes or when there are false positives due to a lot of users on one IP address. +# BruteForceSettings + +This app provides the possibility to manage some settings of the brute force protection in Nextcloud. + +- [See app in NC AppStore](https://apps.nextcloud.com/apps/bruteforcesettings) + +## Screenshot + +![Screenshot of configuration](https://raw.githubusercontent.com/nextcloud/bruteforcesettings/master/screenshots/1.png) + +## Description + +Brute Force Protection is meant to protect Nextcloud servers from attempts to guess account passwords in various ways. Besides the obvious "*let's try a big list of commonly used passwords*" attack, it also makes it harder to use slightly more sophisticated attacks via the reset password form or trying to find app password tokens. + +If triggered, brute force protection makes requests coming from an IP on a bruteforce protected controller with the same API slower for a 24 hour period. + +With this app, the admin can exempt an IP address or range from this protection which can be useful for testing purposes or when there are false positives due to a lot of accounts on one IP address. diff --git a/appinfo/info.xml b/appinfo/info.xml index e10465f2..b4e057e7 100644 --- a/appinfo/info.xml +++ b/appinfo/info.xml @@ -4,7 +4,7 @@ Brute-force settings Whitelist IPs Date: Tue, 25 Apr 2023 10:29:09 +0200 Subject: [PATCH 2/4] Update README.md Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Andy Scherzinger --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 594080dc..a9037bb0 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ This app provides the possibility to manage some settings of the brute force pro ## Description -Brute Force Protection is meant to protect Nextcloud servers from attempts to guess account passwords in various ways. Besides the obvious "*let's try a big list of commonly used passwords*" attack, it also makes it harder to use slightly more sophisticated attacks via the reset password form or trying to find app password tokens. +Brute Force Protection is meant to protect Nextcloud servers from attempts to guess passwords and tokens in various ways. Besides the obvious "*let's try a big list of commonly used passwords*" attack, it also makes it harder to use slightly more sophisticated attacks via the reset password form or trying to find app password tokens. If triggered, brute force protection makes requests coming from an IP on a bruteforce protected controller with the same API slower for a 24 hour period. From 51e361cf4525f1c4c5d5a0655d924193e860670e Mon Sep 17 00:00:00 2001 From: Andy Scherzinger Date: Tue, 25 Apr 2023 10:29:29 +0200 Subject: [PATCH 3/4] Update README.md Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Andy Scherzinger --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a9037bb0..41faca10 100644 --- a/README.md +++ b/README.md @@ -14,4 +14,4 @@ Brute Force Protection is meant to protect Nextcloud servers from attempts to gu If triggered, brute force protection makes requests coming from an IP on a bruteforce protected controller with the same API slower for a 24 hour period. -With this app, the admin can exempt an IP address or range from this protection which can be useful for testing purposes or when there are false positives due to a lot of accounts on one IP address. +With this app, the admin can exempt an IP address or range from this protection which can be useful for testing purposes or when there are false positives due to a lot of people on a single IP address. From 2781baf8eb66a9149d2fd8de7419b5ffa35d48c4 Mon Sep 17 00:00:00 2001 From: Andy Scherzinger Date: Sun, 14 May 2023 11:10:03 +0200 Subject: [PATCH 4/4] fix backport, add remaining changes Signed-off-by: Andy Scherzinger --- appinfo/info.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/appinfo/info.xml b/appinfo/info.xml index b4e057e7..b76589f2 100644 --- a/appinfo/info.xml +++ b/appinfo/info.xml @@ -14,7 +14,7 @@ bruteforce protected controller with the same API slower for a 24 hour period. With this app, the admin can exempt an IP address or range from this protection which can be useful for testing purposes or when there are false -positives due to a lot of users on one IP address.]]> +positives due to a lot of accounts on one IP address.]]> 2.5.0 agpl Roeland Jago Douma