Skip to content

owncloud/brute_force_protection

Brute Force Protection

License ownCloud OSPO Docker Hub

The Brute Force Protection app temporarily blocks login attempts to user accounts from the originating IP address after a configurable number of failed login attempts. Administrators can configure the ban duration and the threshold of unsuccessful login attempts within a given time period. This helps protect ownCloud instances against brute-force password attacks.

Part of Classic (OC10)

Brute Force Protection is a security app for ownCloud Server (Classic). It is available on Docker Hub as part of the ownCloud Server image.

Getting Started

  1. Clone this repository into the apps/ directory of your ownCloud Server installation
  2. Run make to build the app
  3. Enable the app: occ app:enable brute_force_protection
  4. Configure the protection parameters in the ownCloud admin panel

Documentation

Community & Support

Star this repo and Watch for release notifications!

Contributing

We welcome contributions! Please read the Contributing Guidelines and our Code of Conduct before getting started.

Workflow

  • Rebase Early, Rebase Often! We use a rebase workflow. Always rebase on the target branch before submitting a PR.
  • Dependabot: Automated dependency updates are managed via Dependabot. Review and merge dependency PRs promptly.
  • Signed Commits: All commits must be PGP/GPG signed. See GitHub's signing guide.
  • DCO Sign-off: Every commit must carry a Signed-off-by line:
    git commit -s -S -m "your commit message"
    
  • GitHub Actions Policy: Workflows may only use actions that are (a) owned by owncloud, (b) created by GitHub (actions/*), or (c) verified in the GitHub Marketplace.

Translations

Help translate this project on Transifex: https://explore.transifex.com/owncloud-org/owncloud/

Please submit translations via Transifex -- do not open pull requests for translation changes.

Security

Do not open a public GitHub issue for security vulnerabilities.

Report vulnerabilities at https://security.owncloud.com -- see SECURITY.md.

Bug bounty: YesWeHack ownCloud Program

License

This project is licensed under the GPL-2.0.

About the ownCloud OSPO

The Kiteworks Open Source Program Office, operating under the ownCloud brand, launched on May 5, 2026, to steward the open source ecosystem around ownCloud's products. The OSPO ensures transparent governance, license compliance, community health, and sustainable collaboration between the open source community and Kiteworks, which acquired ownCloud in 2023.

For questions about the OSPO or licensing, contact ospo@kiteworks.com.

License Migration to Apache 2.0

The OSPO is driving a strategic relicensing of ownCloud repositories toward the Apache License 2.0, following the Apache Software Foundation's third-party license policy.

Individual repositories will migrate as their audit is completed. The LICENSE file in each repo reflects its current license status (not the target).

Current license: GPL-2.0 (Category X per Apache policy -- cannot be included in Apache-2.0 works).

Migration prerequisites for this repository:

  • CLA/DCO coverage: All past contributors must have signed agreements permitting relicensing
  • Copyleft dependency audit: All GPL dependencies must be replaced or isolated
  • KDE heritage review: Any code with KDE-era copyrights requires legal analysis
  • Complete relicensing: GPL-2.0 is a strong copyleft license; migration requires full relicensing of all files

About

Brute-force protection app for ownCloud

Topics

Resources

License

Code of conduct

Contributing

Security policy

Stars

6 stars

Watchers

58 watching

Forks

Packages

 
 
 

Contributors