|
1 | | -# Brute Force Protection App |
2 | | -[](https://drone.owncloud.com/owncloud/brute_force_protection) |
3 | | -[](https://sonarcloud.io/dashboard?id=owncloud_brute_force_protection) |
4 | | -[](https://sonarcloud.io/dashboard?id=owncloud_brute_force_protection) |
5 | | -[](https://sonarcloud.io/dashboard?id=owncloud_brute_force_protection) |
6 | | - |
7 | | -The Brute Force Protection App temporarily blocks logins to user accounts, from the originating IP address, after a configurable number of failed login attempts have taken place. The time frame of the ban and the number of unsuccessful login attempts during a time period are all configurable by ownCloud administrators. |
| 1 | +# Brute Force Protection |
| 2 | + |
| 3 | +<!-- OSPO-managed README | Generated: 2026-04-16 | v2 --> |
| 4 | + |
| 5 | +[](LICENSE) [](https://kiteworks.com/opensource) [](https://hub.docker.com/r/owncloud/server) |
| 6 | + |
| 7 | +The Brute Force Protection app temporarily blocks login attempts to user accounts from the originating IP address after a configurable number of failed login attempts. Administrators can configure the ban duration and the threshold of unsuccessful login attempts within a given time period. This helps protect ownCloud instances against brute-force password attacks. |
| 8 | + |
| 9 | +## Part of Classic (OC10) |
| 10 | + |
| 11 | +Brute Force Protection is a security app for [ownCloud Server (Classic)](https://github.com/owncloud/core). It is available on [Docker Hub as part of the ownCloud Server image](https://hub.docker.com/r/owncloud/server). |
| 12 | + |
| 13 | +## Getting Started |
| 14 | + |
| 15 | +1. Clone this repository into the `apps/` directory of your ownCloud Server installation |
| 16 | +2. Run `make` to build the app |
| 17 | +3. Enable the app: `occ app:enable brute_force_protection` |
| 18 | +4. Configure the protection parameters in the ownCloud admin panel |
| 19 | + |
| 20 | +## Documentation |
| 21 | + |
| 22 | +- [ownCloud Server documentation](https://doc.owncloud.com) |
| 23 | + |
| 24 | +## Community & Support |
| 25 | + |
| 26 | +**[Star](https://github.com/owncloud/brute_force_protection)** this repo and **Watch** for release notifications! |
| 27 | + |
| 28 | +- [ownCloud Website](https://owncloud.com) |
| 29 | +- [Community Discussions](https://github.com/orgs/owncloud/discussions) |
| 30 | +- [Matrix Chat](https://app.element.io/#/room/#owncloud:matrix.org) |
| 31 | +- [Documentation](https://doc.owncloud.com) |
| 32 | +- [Enterprise Support](https://owncloud.com/contact-us/) |
| 33 | +- [OSPO Home](https://kiteworks.com/opensource) |
| 34 | + |
| 35 | +## Contributing |
| 36 | + |
| 37 | +We welcome contributions! Please read the [Contributing Guidelines](CONTRIBUTING.md) |
| 38 | +and our [Code of Conduct](CODE_OF_CONDUCT.md) before getting started. |
| 39 | + |
| 40 | +### Workflow |
| 41 | + |
| 42 | +- **Rebase Early, Rebase Often!** We use a rebase workflow. Always rebase on the target branch before submitting a PR. |
| 43 | +- **Dependabot**: Automated dependency updates are managed via Dependabot. Review and merge dependency PRs promptly. |
| 44 | +- **Signed Commits**: All commits **must** be PGP/GPG signed. See [GitHub's signing guide](https://docs.github.com/en/authentication/managing-commit-signature-verification). |
| 45 | +- **DCO Sign-off**: Every commit must carry a `Signed-off-by` line: |
| 46 | + ``` |
| 47 | + git commit -s -S -m "your commit message" |
| 48 | + ``` |
| 49 | +- **GitHub Actions Policy**: Workflows may only use actions that are (a) owned by `owncloud`, (b) created by GitHub (`actions/*`), or (c) verified in the GitHub Marketplace. |
| 50 | + |
| 51 | +## Translations |
| 52 | + |
| 53 | +Help translate this project on Transifex: |
| 54 | +**<https://explore.transifex.com/owncloud-org/owncloud/>** |
| 55 | + |
| 56 | +Please submit translations via Transifex -- do not open pull requests for translation changes. |
| 57 | + |
| 58 | +## Security |
| 59 | + |
| 60 | +**Do not open a public GitHub issue for security vulnerabilities.** |
| 61 | + |
| 62 | +Report vulnerabilities at **<https://security.owncloud.com>** -- see [SECURITY.md](SECURITY.md). |
| 63 | + |
| 64 | +Bug bounty: [YesWeHack ownCloud Program](https://yeswehack.com/programs/owncloud-bug-bounty-program) |
| 65 | + |
| 66 | +## License |
| 67 | + |
| 68 | +This project is licensed under the [GPL-2.0](LICENSE). |
| 69 | + |
| 70 | +## About the ownCloud OSPO |
| 71 | + |
| 72 | +The [Kiteworks Open Source Program Office](https://kiteworks.com/opensource), operating under |
| 73 | +the [ownCloud](https://owncloud.com) brand, launched on May 5, 2026, to steward the open source |
| 74 | +ecosystem around ownCloud's products. The OSPO ensures transparent governance, license compliance, |
| 75 | +community health, and sustainable collaboration between the open source community and |
| 76 | +[Kiteworks](https://www.kiteworks.com), which acquired ownCloud in 2023. |
| 77 | + |
| 78 | +- **OSPO Home**: <https://kiteworks.com/opensource> |
| 79 | +- **GitHub**: <https://github.com/owncloud> |
| 80 | +- **ownCloud**: <https://owncloud.com> |
| 81 | + |
| 82 | +For questions about the OSPO or licensing, contact ospo@kiteworks.com. |
| 83 | + |
| 84 | +### License Migration to Apache 2.0 |
| 85 | + |
| 86 | +The OSPO is driving a strategic relicensing of ownCloud repositories toward the |
| 87 | +[Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0), following |
| 88 | +the [Apache Software Foundation's third-party license policy](https://www.apache.org/legal/resolved.html). |
| 89 | + |
| 90 | +Individual repositories will migrate as their audit is completed. The LICENSE file |
| 91 | +in each repo reflects its **current** license status (not the target). |
| 92 | + |
| 93 | +**Current license: GPL-2.0** (Category X per Apache policy -- cannot be included in Apache-2.0 works). |
| 94 | + |
| 95 | +Migration prerequisites for this repository: |
| 96 | + |
| 97 | +- **CLA/DCO coverage**: All past contributors must have signed agreements permitting relicensing |
| 98 | +- **Copyleft dependency audit**: All GPL dependencies must be replaced or isolated |
| 99 | +- **KDE heritage review**: Any code with KDE-era copyrights requires legal analysis |
| 100 | +- **Complete relicensing**: GPL-2.0 is a strong copyleft license; migration requires full relicensing of all files |
0 commit comments