The Brute Force Protection app temporarily blocks login attempts to user accounts from the originating IP address after a configurable number of failed login attempts. Administrators can configure the ban duration and the threshold of unsuccessful login attempts within a given time period. This helps protect ownCloud instances against brute-force password attacks.
Brute Force Protection is a security app for ownCloud Server (Classic). It is available on Docker Hub as part of the ownCloud Server image.
- Clone this repository into the
apps/directory of your ownCloud Server installation - Run
maketo build the app - Enable the app:
occ app:enable brute_force_protection - Configure the protection parameters in the ownCloud admin panel
Star this repo and Watch for release notifications!
We welcome contributions! Please read the Contributing Guidelines and our Code of Conduct before getting started.
- Rebase Early, Rebase Often! We use a rebase workflow. Always rebase on the target branch before submitting a PR.
- Dependabot: Automated dependency updates are managed via Dependabot. Review and merge dependency PRs promptly.
- Signed Commits: All commits must be PGP/GPG signed. See GitHub's signing guide.
- DCO Sign-off: Every commit must carry a
Signed-off-byline:git commit -s -S -m "your commit message" - GitHub Actions Policy: Workflows may only use actions that are (a) owned by
owncloud, (b) created by GitHub (actions/*), or (c) verified in the GitHub Marketplace.
Help translate this project on Transifex: https://explore.transifex.com/owncloud-org/owncloud/
Please submit translations via Transifex -- do not open pull requests for translation changes.
Do not open a public GitHub issue for security vulnerabilities.
Report vulnerabilities at https://security.owncloud.com -- see SECURITY.md.
Bug bounty: YesWeHack ownCloud Program
This project is licensed under the GPL-2.0.
The Kiteworks Open Source Program Office, operating under the ownCloud brand, launched on May 5, 2026, to steward the open source ecosystem around ownCloud's products. The OSPO ensures transparent governance, license compliance, community health, and sustainable collaboration between the open source community and Kiteworks, which acquired ownCloud in 2023.
- OSPO Home: https://kiteworks.com/opensource
- GitHub: https://github.com/owncloud
- ownCloud: https://owncloud.com
For questions about the OSPO or licensing, contact ospo@kiteworks.com.
The OSPO is driving a strategic relicensing of ownCloud repositories toward the Apache License 2.0, following the Apache Software Foundation's third-party license policy.
Individual repositories will migrate as their audit is completed. The LICENSE file in each repo reflects its current license status (not the target).
Current license: GPL-2.0 (Category X per Apache policy -- cannot be included in Apache-2.0 works).
Migration prerequisites for this repository:
- CLA/DCO coverage: All past contributors must have signed agreements permitting relicensing
- Copyleft dependency audit: All GPL dependencies must be replaced or isolated
- KDE heritage review: Any code with KDE-era copyrights requires legal analysis
- Complete relicensing: GPL-2.0 is a strong copyleft license; migration requires full relicensing of all files