Jump to content

Add security login alerts and notifications


nguyenf1
 Share

Recommended Posts

nguyenf1

I was performing some tests to simulate brute force login and found that emby lacks some pretty basic security measures.   If you try to login using an invalid (non existing) username and password, failed login attempt is not displayed in the Dashboard UI alerts.  You only get a dashboard alert when a valid username login attempt fails due to a incorrect password.  This provides no visibility into brute force attacks.

1. Can you add dashboard alerts for this type of login failure?

2. Can you add these security Notifications and enable by default?  For example, I was like to received failed login attempt emails after multiple failed login attempts.

  • Like 4
  • Agree 1
Link to comment
Share on other sites

rbjtech

I Agree there should be a notification - however, you can poll the log for all Auth failures (which do get logged) using something like Fail2Ban (unix) or IPBan (Windows) to then ban the IP address after X attempts to stop any brute force attack.

Have a look at this thread to setup IPBan.

https://emby.media/community/index.php?/topic/69286-ipban-for-emby/#comment-693664

 

 

 

Link to comment
Share on other sites

Strange, I thought we did get failed login attempts in the activity log on the dashboard.

 

This can certainly be achieved with a plugin I would imagine.

A while back I wrote a windows plugin that actually banned the IP from accessing the PC on the network after so many failed attempts to login.

But it was for windows only.

Link to comment
Share on other sites

Happy2Play
10 minutes ago, chef said:

Strange, I thought we did get failed login attempts in the activity log on the dashboard.

We do but as mentioned only for existing/valid Emby user on that server.

But yes we should see all attempts shown in Alerts no matter if existing/non-existing user to that server.

  • Thanks 3
Link to comment
Share on other sites

nguyenf1

@rbjtech Thank you for the suggestion.

@Happy2Play There are other login events which are not logged to activity.  For example, password reset attempts are not logged.  Also, when a valid user account without remote access attempts to log in remotely.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...