A security issue on Nextcloud servers was reported by NextCloud. This is the original advisory from NC
The Murena Cloud team is aware about it and will be putting in a fix by Monday. 16 Oct.
Update: As a temporary fix the team has ensured that Users’ IPs with more than 10 failed auth requests in a minute are fully blacklisted. The team is working on a permanent resolution for the issue which will be in place by Monday. The team is monitoring the systems during this timeframe.
Update 16 Oct
The team has been monitoring the networks over the week and found the fix applied to any IP trying to bruteforce was working well. In addition the team will also
- Apply the fix from nextcloud
- Re evaluate and add a throttler at proxy limit if needed
This activity will be done over this week. The time being taken to monitor and evaluate the systems.
Update 17 Oct
The fix as suggested by NextCloud have been applied
The team continues to monitor the systems for any suspicious activity.