Track suspicious login attempts on Nextcloud with the help of a simple app.
Nextcloud is one of the most capable on-premises cloud servers on the market. It’s reliable, it’s scalable, and it’s secure. Of course, security is in the eye of the beholder, which means you might find it needs a bit more to lock it down out of the box. Fortunately, with each iteration, the platform offers even more tools to keep your data safe.
With the release of Nextcloud 16 comes a new app that can detect suspicious login attempts on your Nextcloud instance. The app in question is called Suspicious Login, and it will once installed and enabled automatically detect and warn the admin of suspicious login attempts.
SEE: Hybrid cloud: A guide for IT pros (TechRepublic download)
How Suspicious Login works
The app works by tracking and logging successful login attempts and feeds them into the Nextcloud database login_address table. Once enough data has been collected a training model is generated. With the first model trained, the app will begin classifying IP/UID tuples on logins. Should the app detect a password login where the attempt is classified as suspicious (by the trained model), it will add the entry to the suspicous_login table.
It should be noted that this app is still in the incubation stage, but it’s definitely worth trying out.
Let’s install and enable the app.
Installing Suspicious Login
Log into your Nextcloud instance as an admin user. Once logged in, click the profile drop-down in the upper right corner and click Apps. From the left sidebar, select Security and then locate the Suspicious Login app (Figure A).
Click the Download And Enable button. When prompted, type your Nextcloud admin password.
Once the app has been installed (it will automatically enable itself), you can go to the Nextcloud Admin section, click Security, and scroll to the bottom of the page. You should see that the app is ready, but has yet to collect any data (Figure B).
The more time passes and the more users log into that server, you should start seeing that Suspicious Login has started collection data. The model should take about 60 days to fully train. After that, it will start reporting anything it finds suspicious.
Note: There are no configuration options for this app, as this is a “set it and forget it” tool that works autonomously.
And that is all you need to do in order to enable the tracking of suspicious login attempts on your Nextcloud server. It’s not immediate, but given enough time it should start reporting to you any login attempts that are suspect. Add this app to your Nextcloud instance and enjoy yet another layer of security.