Lots of login failed in log after update to material version

[jsalatiel]

Since the last update to the new material design version, my owncloud log is being flooded with

Error PHP Cannot modify header information - headers already sent by (output started at /var/www/owncloud/user-otp/user_otp/lib/otp.php:310) at /var/www/owncloud/lib/private/api.php#346 2015-12-14T13:46:02-03:00 Warning core Login failed: 'salas' Error PHP session_regenerate_id(): Cannot regenerate session id - headers already sent at /var/www/owncloud/lib/private/user.php#241 2015-12-14T13:46:02-03:00 The app appears to be working , but this flood is making very difficult be able to use fail2ban to block bruteforce attempts because connection from the new android app is generating a 'login failed' message.

Nothing was changed on the server (otp in use for a long time with no problem) and this log started appearing right after update to the material design, so i think something changed on the client;

ii owncloud 8.1.4-12.1
ii php5 5.6.14+dfsg-0+deb8u1 ii apache2 2.4.10-10+deb8u3

[tobiasKaminsky]

Do you mean the new owncloud-1.9 version? Or the beta version?

[jsalatiel]

Sorry , i forgot to say. owncloud 1.9.0 downloaded from play store

[AndyScherzinger]

@davivel @masensio looping you in here since it shouldn't be material design related, since material has been introduced with 1.8.0

[jsalatiel]

I don't update play store apps very often, so i cant say exactly in which version it started. I only got the material design version yesterday and it is already 1.9.

[jsalatiel]

I only noticed this problem because right after update the app in play store, i was unable to connect to the server and found out that fail2ban had banned my ip address because of several 'login failed'. So i manually unban my ip address and seconds later it was banned again.

[davivel]

@jsalatiel , would you consider to upgrade your server?

I have to search for the issue, but I'm sure I've read that error message before and was server-side related. Let me check...

[davivel]

@jsalatiel , do you know what version of the app was installed before you updated?

[jsalatiel]

Hi @davivel , i have scheduled the update to january 16. If it is a server related problem it will be fixed there :) i have no idea what version it was. Sorry :/

[jsalatiel]

btw, i see absolutely no errors when accessing through webdav from another clients;

[davivel]

No, I was wrong. I've read that log before, but in other issues of the Android app. Too many, indeed.

[davivel]

Do you use Nginx ?

[jsalatiel]

No, apache2 2.4.10-10+deb8u3

ii owncloud 8.1.4-12.1 ii php5 5.6.14+dfsg-0+deb8u1

[jsalatiel]

Upgraded server to 8.2.2-1.1and still same problem! {"reqId":"xxxx","remoteAddr":"xxx.xxx.xxx.xxx","app":"core","message":"Login failed: 'salas' (Remote IP: 'xxx.xxx.xxx.xxx')","level":2,"time":"2016-01-11T21:41:33-03:00"}

[davivel]

@jsalatiel , is this still a problem for you?

Thanks in advance.

[jsalatiel]

Hi, i was able to track down the problem. Apparently new versions of android app started to make GET for different paths in the server than those it did before.

For example: /cloud/capabilities/ /apps/files_sharing/api/v1/sharees(.) ( Why two e's ? sharee ? before it was just share! )

So OTP was not bypassing connections for these URLs. You can close this issue. Thanks and i am sorry for not reporting. A forgot =)

[AndyScherzinger]

sharee is the person/group you want to share something with :)

[davivel]

@jsalatiel , thank a lot, no problem at all :)