nguyenf1 6 Posted November 4, 2021 Share Posted November 4, 2021 I was performing some tests to simulate brute force login and found that emby lacks some pretty basic security measures. If you try to login using an invalid (non existing) username and password, failed login attempt is not displayed in the Dashboard UI alerts. You only get a dashboard alert when a valid username login attempt fails due to a incorrect password. This provides no visibility into brute force attacks. 1. Can you add dashboard alerts for this type of login failure? 2. Can you add these security Notifications and enable by default? For example, I was like to received failed login attempt emails after multiple failed login attempts. 4 1 Link to comment Share on other sites More sharing options...
rbjtech 4222 Posted November 4, 2021 Share Posted November 4, 2021 I Agree there should be a notification - however, you can poll the log for all Auth failures (which do get logged) using something like Fail2Ban (unix) or IPBan (Windows) to then ban the IP address after X attempts to stop any brute force attack. Have a look at this thread to setup IPBan. https://emby.media/community/index.php?/topic/69286-ipban-for-emby/#comment-693664 Link to comment Share on other sites More sharing options...
chef 3745 Posted November 5, 2021 Share Posted November 5, 2021 Strange, I thought we did get failed login attempts in the activity log on the dashboard. This can certainly be achieved with a plugin I would imagine. A while back I wrote a windows plugin that actually banned the IP from accessing the PC on the network after so many failed attempts to login. But it was for windows only. Link to comment Share on other sites More sharing options...
Happy2Play 8242 Posted November 5, 2021 Share Posted November 5, 2021 10 minutes ago, chef said: Strange, I thought we did get failed login attempts in the activity log on the dashboard. We do but as mentioned only for existing/valid Emby user on that server. But yes we should see all attempts shown in Alerts no matter if existing/non-existing user to that server. 3 Link to comment Share on other sites More sharing options...
nguyenf1 6 Posted November 8, 2021 Author Share Posted November 8, 2021 @rbjtech Thank you for the suggestion. @Happy2Play There are other login events which are not logged to activity. For example, password reset attempts are not logged. Also, when a valid user account without remote access attempts to log in remotely. Link to comment Share on other sites More sharing options...
Luke 37008 Posted November 9, 2021 Share Posted November 9, 2021 Hi, yes alerts for these can certainly be added. Thanks. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now