Jump to content

Search the Community

Showing results for tags 'bruteforce'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General
    • Announcements
    • Emby Premiere Purchase/Subscription Support
    • Feature Requests
    • Tutorials and Guides
  • Emby Server
    • General/Windows
    • Android Server
    • Asustor
    • FreeBSD
    • Linux
    • NetGear ReadyNAS
    • MacOS
    • QNAP
    • Synology
    • TerraMaster NAS
    • Thecus
    • Western Digital
    • DLNA
    • Live TV
  • Emby Apps
    • Amazon Alexa
    • Android Mobile
    • Android TV / Fire TV
    • Emby Theater
    • iOS
    • Apple TV
    • Kodi
    • Raspberry Pi
    • Roku
    • Samsung Smart TV
    • Sony PlayStation
    • LG Smart TV
    • Web App
    • Windows Media Center
    • Plugins
  • Language-specific support
    • Arabic
    • Dutch
    • French
    • German
    • Italian
    • Portuguese
    • Russian
    • Spanish
    • Swedish
  • Community Contributions
    • Ember for Emby
    • Fan Art & Videos
    • Tools and Utilities
    • Web App CSS
  • Other
    • General Discussion
    • Developer API
    • Hardware
    • Media Clubs
    • Legacy Support

Blogs

  • Emby Blog

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 1 result

  1. everydayevil

    ANSWERED fail2ban custom emby filter

    Hello all, I'm using the emby built in ssl for external announcement and i'm trying to write a fail2ban filter for direct emby log support. In reviewing the logs i was only able to find a log line with the connecting IP in the HTTP 401 response. Initially I was just going to regex that however on further review I'm seeing non-auth fail 401 messages returned. That leaves me having to try to mangle together some multiline regex nightmare trying to match first the authentication failure line then the 401 for the <HOST> ip. I've been working on this all day, I'm not even sure it's possible. I know many people use reverse proxy and fail2ban on the apache logs but i'd prefer to use the emby native ssl since it's there. Has anyone figured out the regex for this? _______________________________________________________________________________________________________________________________ 2016-02-14 15:55:43.8718 Info UserManager: Authentication request for <username> has been denied. 2016-02-14 15:55:43.8820 Error DtoUtils: ServiceBase<TRequest>::Service Exception *** Error Report *** Version: 3.0.5821.0 Command line: /usr/lib/emby-server/bin/MediaBrowser.Server.Mono.exe -programdata /var/lib/emby-server -restartpath /usr/lib/emby-server/restart.sh Operating system: Unix 3.19.0.25 Processor count: 8 64-Bit OS: True 64-Bit Process: True Program data path: /var/lib/emby-server Mono: 4.2.1 (Stable 4.2.1.102/6dd2d0d Thu Dec 3 04:04:55 UTC 2015) Application Path: /usr/lib/emby-server/bin/MediaBrowser.Server.Mono.exe Invalid user or password entered. MediaBrowser.Controller.Net.SecurityException at MediaBrowser.Server.Implementations.Session.SessionManager+<AuthenticateNewSession>c__asyncC.MoveNext () <0x41c76b00 + 0x0080b> in <filename unknown>:0 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () <0x7fa7314f36d0 + 0x00029> in <filename unknown>:0 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) <0x7fa7314f16b0 + 0x000a7> in <filename unknown>:0 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) <0x7fa7314f1630 + 0x0006b> in <filename unknown>:0 at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) <0x7fa7314f15e0 + 0x0003a> in <filename unknown>:0 at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1+ConfiguredTaskAwaiter[TResult].GetResult () <0x7fa7314f1d10 + 0x00017> in <filename unknown>:0 at MediaBrowser.Api.UserService+<Post>c__async1.MoveNext () <0x41c75ea0 + 0x00680> in <filename unknown>:0 2016-02-14 15:55:43.8849 Error HttpServer: Error processing request for /emby/Users/authenticatebyname *** Error Report *** Version: 3.0.5821.0 Command line: /usr/lib/emby-server/bin/MediaBrowser.Server.Mono.exe -programdata /var/lib/emby-server -restartpath /usr/lib/emby-server/restart.sh Operating system: Unix 3.19.0.25 Processor count: 8 64-Bit OS: True 64-Bit Process: True Program data path: /var/lib/emby-server Mono: 4.2.1 (Stable 4.2.1.102/6dd2d0d Thu Dec 3 04:04:55 UTC 2015) Application Path: /usr/lib/emby-server/bin/MediaBrowser.Server.Mono.exe Invalid user or password entered. ServiceStack.HttpError No Stack Trace Available 2016-02-14 15:55:43.8913 Info HttpServer: HTTP Response 401 to <Offending IP>. Time: 32ms. https://<server address>:8920/emby/Users/authenticatebyname ____________________________________________________________________________________________________________________________________ It would be nice it the emby logs included the offending IP in the authentication failure line. That regex would be straight forward. 2016-02-14 15:55:43.8718 Info UserManager: Authentication request for <username> has been denied from <Offending IP> Thanks ahead of time -everydayevil
×
×
  • Create New...