FULL DISCLOSURE: Data Collection in the Process of BotNet Takedown

[softworkz 3335]

(added another bullet: "Risk Assessment" to my post above)

[MBSki 1016]

Regarding http vs https, seems like users have to jump through hoops to setup https. Is there maybe an easy way to get this setup, or, even better, can changes be made to the server to make this a quick setup?

[ebr 14913]

23 minutes ago, MBSki said:

Regarding http vs https, seems like users have to jump through hoops to setup https. Is there maybe an easy way to get this setup, or, even better, can changes be made to the server to make this a quick setup?

Not without us taking a lot more control of your network environment and, for a security conscious person, I would imagine that would be undesirable.

[MBSki 1016]

4 minutes ago, ebr said:

Not without us taking a lot more control of your network environment and, for a security conscious person, I would imagine that would be undesirable.

Ok, maybe some kind of add-on that users can opt into? Or at a minimum, does a step by step tutorial exist and I'm just not finding it?

[ebr 14913]

1 minute ago, MBSki said:

Or at a minimum, does a step by step tutorial exist and I'm just not finding it?

There is more than one way to skin this cat but, yes: Secure Your Server

[cptlores 23]

Not to worried since I am behind a reverse proxy, and had require local password set.

Also am I correct in assuming that when running the docker version, even if a system was hacked it would be "fixed" when updating to the latest the docker image and starting a new Emby container?

[Q-Droid 643]

6 minutes ago, cptlores said:

Not to worried since I am behind a reverse proxy, and had require local password set.

Also am I correct in assuming that when running the docker version, even if a system was hacked it would be "fixed" when updating to the latest the docker image and starting a new Emby container?

The risk and fix are the same for Docker, host installed and portable versions of the Emby server. Plugins are maintained in the config location (programdata), not with the server software. Even those plugins included with the base software have their updates saved in the "programdata" path.

 

[Carlo 4330]

On 6/4/2023 at 12:01 PM, rbjtech said:

4.8.0.37 Beta does ?

Mine is sent to send a Pushover alert on Auth Failed - seem to work fine.  (High Priority Alert would have been nice, but small steps and all that..)

But agree it still needs abit of work - I would like all Auth requests sent to a file for example and then use that as the log for Fail2Ban.   The issue with using the normal Emby logs is they are huge, even with Debug off ...

To me, the most valuable information to have is never shown, no notifications, no alerts, nada. Logout as user and try logging in about 10 times using accounts that don't exist on your system make up a password and try logging in with these accounts: Budweiser. Coors, Pabst, Amstel, Corona, Modelo, Heineken, Guinness, Samuel, Dortmunder

What did you learn? Emby hides information about beer? Perhaps it likes beer to much and wants to keep it a secret.

Your server could be getting hit with a distributed login attempt slowing down the server but unless one of the usernames being tried happens to exist you would never know. If the password is tried on a existing account that will show.

I want to see this valuable information as it's the first bit of information that can be used to stop it. If I'm getting a wall of red login attempt or a little gauge showing 400 logins per second or bandwidth in use as well as bandwidth used by streams. When your bandwidth is hitting a level far higher than what's being used by streaming media there is certainly something that needs attention.

Notify me of X bandwidth in use, Y login attempts per second and things that give me a fuller picture of abuse and I'm much happier.

Carlo

[pwhodges 1531]

Agreed - my mail server tells me of each attempt on a non-existent account name, as does my SSH server.

Paul

[rbjtech 4265]

35 minutes ago, pwhodges said:

Agreed - my mail server tells me of each attempt on a non-existent account name, as does my SSH server.

Paul

Parsing the huge emby log files is 'ok' but it's not very flexible not does it provide all the info - that's why I used Scripter-X (before I removed it) as I configured it to tell me as much information about the failed request as possible - incl the password used on failed attempts (not sure if that should be passed or not .. but it was ..)

[softworkz 3335]

4 hours ago, Carlo said:

Budweiser. Coors, Pabst, Amstel, Corona, Modelo, Heineken, Guinness, Samuel, Dortmunder

What's wrong with you...the only German beer you name is "Dortmunder"?

Edited June 19, 2023 by softworkz

[sross44 233]

1 hour ago, softworkz said:

What's wrong with you...the only German beer you name is "Dortmunder"?

Even the rest of the choices arent' that great lol. I did enjoy a good amount of cheap PBR in college though. 

[Ronstang 202]

2 hours ago, softworkz said:

What's wrong with you...the only German beer you name is "Dortmunder"?

Dortmünder is actually pretty good, at least to me.    Somewhere around here I have some of those porcelain swing top Dortmünder bottles from the early 80s.  In high school we used to drink them with a sandwich at the German Deli in the mall.  LOL!  Altenmünster too!

[Carlo 4330]

Sorry to disappoint, but I cheated and asked an AI chat engine something like this:

Generate 6 sample list of one-word answers using the criteria:
each list is made of 10 random popular brand or product nicknames having world-wide distribution fitting the criteria of being a snack, beverage, fast food or fruit.

I remember one list seemed to be all Coca Cola or PepsiCo products (only other beverage list). Another seemed to be snack chip oriented but to me mixed product and brand names. One seemed pretty literal where everything was fast food or quick prepared items that were all fast food packaged combinations of drinks, snack/desert, burgers but no fruit items or so I thought.

The beer list was actually the closest to what I had in mind but found it interesting it choose to use a subset or category of beverages being alcohol related.

Interestingly I got one set I never would have expected and didn't even think about it until writing this.  In hindsight this was probably the closest thing to what I actually asked for. It was different products by the same brand, APPLE which it considered a "fruit"?

Instead of asking for things more directly I like to ask for multiple outputs of whatever. Wording of the criteria and how the AI parses this and makes it's rules/filters is sometimes crazy accurate but nothing like what you expected!

It's fun to "open up" a bit what you ask, just to see where an AI engine goes with it.

 

 

 

[softworkz 3335]

14 minutes ago, Carlo said:

Sorry to disappoint, but I cheated and asked an AI chat engine

Makes perfect sense: the list looks like compiled by someone who reads about beer but doesn't drink any.

[Carlo 4330]

At least the AI didn't go all trendy with hipster IPAs.
I P A lot if I drink that. LOL

Sorry for the lack of German beers, next time I'll specify good beers.