Merge pull request #30731 from nextcloud/bugfix/noid/help-debugging-bruteforce-attempts

Log bruteforce throttle and blocking

1 files changed, 11 insertions, 0 deletions

diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php
index fa4c58e4559..abbe77c6637 100644
--- a/lib/private/Security/Bruteforce/Throttler.php
+++ b/lib/private/Security/Bruteforce/Throttler.php
@@ -354,9 +354,20 @@ class Throttler {
 	public function sleepDelayOrThrowOnMax(string $ip, string $action = ''): int {
 		$delay = $this->getDelay($ip, $action);
 		if (($delay === self::MAX_DELAY_MS) && $this->getAttempts($ip, $action, 0.5) > self::MAX_ATTEMPTS) {
+			$this->logger->info('IP address blocked because it reached the maximum failed attempts in the last 30 minutes [action: {action}, ip: {ip}]', [
+				'action' => $action,
+				'ip' => $ip,
+			]);
 			// If the ip made too many attempts within the last 30 mins we don't execute anymore
 			throw new MaxDelayReached('Reached maximum delay');
 		}
+		if ($delay > 100) {
+			$this->logger->info('IP address throttled because it reached the attempts limit in the last 30 minutes [action: {action}, delay: {delay}, ip: {ip}]', [
+				'action' => $action,
+				'ip' => $ip,
+				'delay' => $delay,
+			]);
+		}
 		usleep($delay * 1000);
 		return $delay;
 	}