Server - Bruteforce Detection/Blocking.

[dragon2611 27]

Since some people will have their server accessible from the internet to facilitate remote streaming (E.g on mobile/away from home) is it possible to implement someone kind of brute-force detection blocking that could temporarily lock the account or ban the offending IP for a short time?

 

 

[Luke 37067]

yes this is on the to do list

[matpez 0]

Hi guys,

 

an old question but the right one for me?

 

Has this been implemented?

[Luke 37067]

No, but it's still something I plan to add.

[rbjtech 4265]

Depending on OS, then there are many existing services that do this - Fail2Ban, IP Ban etc.

 

I personally run Windows based 'IP Ban' scanning the emby log file for Auth errors in real time and then Ban that IP for x minutes after 3 failed attempts for example.

 

Example <Source> config below :-

 

<Source>Emby</Source>

<PathAndMask>C:\Users\****\AppData\Roaming\Emby-Server\programdata\logs\embyserver.txt</PathAndMask>

<Recursive>true</Recursive>

<FailedLoginRegex>

  <![CDATA[

  Warn\sHttpServer:\sAUTH-ERROR:\s(?<ipaddress>.+?)?\s-\sInvalid*

  ]]>

</FailedLoginRegex>

<PlatformRegex>Windows</PlatformRegex>

<PingInterval>10000</PingInterval>

<MaxFileSize>16777216</MaxFileSize>

[oneduality 8]

Any movement on this? it was a 4 ( nearly 5 )  year old request and I could definitely use it.

I'm using the standalone windows server

[oneduality 8]

 

Depending on OS, then there are many existing services that do this - Fail2Ban, IP Ban etc.

 

I personally run Windows based 'IP Ban' scanning the emby log file for Auth errors in real time and then Ban that IP for x minutes after 3 failed attempts for example.

 

Example <Source> config below :-

 

<Source>Emby</Source>

<PathAndMask>C:\Users\****\AppData\Roaming\Emby-Server\programdata\logs\embyserver.txt</PathAndMask>

<Recursive>true</Recursive>

<FailedLoginRegex>

  <![CDATA[

  Warn\sHttpServer:\sAUTH-ERROR:\s(?<ipaddress>.+?)?\s-\sInvalid*

  ]]>

</FailedLoginRegex>

<PlatformRegex>Windows</PlatformRegex>

<PingInterval>10000</PingInterval>

<MaxFileSize>16777216</MaxFileSize>

 

I might have to take a look at this if it's not yet something native..  I know it's still on "the list" 

 

EDIT: I got this installed and it SEEMS to work never used this software before.. thanks

Edited January 1, 2020 by oneduality

[jerrac 4]

Plus one for built in brute force protection.

I'm working on implementing fail2ban, but I'm sure Windows users would be happier with it built in. As would I, it would be a much simpler setup than trying to figure out the right regexes and config files for fail2ban. (Yes, I am looking at the various topics on the subject. )

Thanks!

[K1ng_Lear 185]

+1 and Push up

[oneduality 8]

Still nothing.  which is unfortunate.. most things seem to go at a snail's pace with this project.. which is a shame, I do like it. Just disappointed with the money spent and the lack of any apparent interest or speed in implementing years old requests.

I'm losing faith and have been looking to into alternatives, security is important but just not to Emby's devs apparently.. It was 2019 when we were told they plan to add it.. the original request was 2015!!! we're soon to enter 2021 .. C'mon guys.. give me my faith back in this project, there's still playback issues that have never been solved that I just got tired of bringing up because so many others already have..  Can we get a road map to when security / bf protection will be added? I don't run on Linux or I could have done it myself already but this is running on windows and I'm not going to setup an in house linux server just due to lack of development priority of something that absolutely should be a priority .. I'm a linux admin as a professional, I run linux at home in vms, not planning to leave a vm spun up just for this.. 

- Oneduality

PAID LIFE MEMBER FOR SEVERAL YEARS

Edited December 13, 2020 by oneduality

[jerrac 4]

So, the traditional response is "it's open source, go code it..." But I just looked at the github repo and found out it isn't open source anymore. https://github.com/MediaBrowser/Emby/pull/3645/commits/de9a814d2c36f43d3cc5148fda9ee48f6c870a09

That stinks.

Guess I'll have to go look for alternatives now...

[oneduality 8]

No - it isn't, there is a project that forked off of Emby before Emby closed the source  a long time ago .. it looks similar to Emby, functions like Emby but Emby is much better.

But if they are saying go code it.. well, it's not open source.. this should be handled by the devs and the devs SAID they would add it.. but that was nearly two years ago, and as I mentioned.. the very first request for this was all the way back in 2015..  it upsets me as a paid life time subscriber because pretty m uch every issue I've had still remains.. I've got numerous complaints in the forums.. there's tons of feature requests that have been out there for years..  

Actually I just looked back, they even said THIS was on the to do list back in 2015 .. which is just crazy to even think that it's taking so long

2 hours ago, jerrac said:

So, the traditional response is "it's open source, go code it..." But I just looked at the github repo and found out it isn't open source anymore. https://github.com/MediaBrowser/Emby/pull/3645/commits/de9a814d2c36f43d3cc5148fda9ee48f6c870a09

That stinks.

Guess I'll have to go look for alternatives now...

 

Edited December 13, 2020 by oneduality

[jerrac 4]

3 hours ago, oneduality said:

But if they are saying go code it..

I was the one saying that....

Overall I'm inclined to give devs the benefit of the doubt when it comes to how long it takes to implement features. I do some development work as part of my sysadmin job. So I know how much work it can actually be.

Sure I'd make different decisions, but when I've benefited for years now, for free, I'm not going to complain too much. Heck, if I had the extra cash, I'd have bought the lifetime sub and still wouldn't complain too much about things.

My reason for saying I'm looking at alternatives is that I believe we should be able to see, and modify for personal use, all the code that runs on our devices. Not just open source, but proprietary and closed source applications as well. This is especially true for something like emby, which in a space notorious for big media companies going after the little guys.

[oneduality 8]

6 hours ago, jerrac said:

I was the one saying that....

Overall I'm inclined to give devs the benefit of the doubt when it comes to how long it takes to implement features. I do some development work as part of my sysadmin job. So I know how much work it can actually be.

Sure I'd make different decisions, but when I've benefited for years now, for free, I'm not going to complain too much. Heck, if I had the extra cash, I'd have bought the lifetime sub and still wouldn't complain too much about things.

My reason for saying I'm looking at alternatives is that I believe we should be able to see, and modify for personal use, all the code that runs on our devices. Not just open source, but proprietary and closed source applications as well. This is especially true for something like emby, which in a space notorious for big media companies going after the little guys.

I do try to do that.. I'm a devops engr. and so I do massive custom coding projects for clients as well as maintain 15 linux cloud servers so I get the work involved, been at it since the 90s..  Just talking about a feature that's soon to be 6 years in the pipeline.

I've written code that does this very thing on an apache server but that code won't run in the windows environmentI run emby on, it also requires iptables. At home I run linux in vms just as a mini lab to test things for my job, not for encoding.. Keeping a VM running just to act as a proxy won't work for me either... I could buy a Pi4 or something but I already spent money on Emby.. buying hardware on top of it seems senseless.. 

I would be happen even with blocking by region which would be super easy to implement.. downloading a geoip database and providing a way to select what countries/regions to block. That would solve a huge part of what I'm seeing. It's KIND of able to do that by blacklisting or whitelisting IP ranges, but it's one text input to do it and it's far from perfect since those ranges change fairly often.. So while it COULD work, it's way less than ideal..  

The bottom line is it's a security issue and it really should have some level of priority.. 

PS. I didn't benefit on it for free at all personally, I paid for a lifetime Emby Premier subscription a long time ago.. I wanted to support the Emby team.. that cost me $119 so I'd HATE to leave it,  it's otherwise pretty good despite playback issues that are fixed sometimes then broken when updates come out.. fading in and out of being an issue... but security is important.