Jump to content
mrjurek

Windows Emby Server - Block User and IP (DDOS, Firewall)

Recommended Posts

mrjurek
English:
 
Hello
 
I suggest expanding the security:
- user blocking function, 5 items (to be determined by the administrator) of consecutive incorrect logins
- blocking the IP address (DDOS, Firewall), if for a period of 15 minutes (to be determined by the administrator) there will be an incorrect authorization (amount to be determined by the administrator) for 1 hour (to be determined by the administrator). IP addresses should be visible in the menu, it should be easy to clean the individual or all addresses, there should be a schedule for cleaning these addresses set by the administrator (for example: always Monday 1:00).
 
Firewall in Windows (command block in php):
shell_exec("netsh advfirewall firewall add rule name=EmbyServ_".$time."_".$ipp." profile=any dir=in action=block enable=yes remoteip=$ipp");
command no block in php:
shell_exec("netsh advfirewall firewall delete rule name=..................);
 
 
5ab9fe49e3e84_AdvancedSecurity.png
 
 
Polish:
Witam
 
Proponuję rozudowę security:
Proponuję rozbudowę security:
- funkcja blokowania użytkownika po 5 szt. (do ustalenia przez administratora) kolejnych nieprawidłowych logowań.
- blokowanie adresu IP (DDOS, Firewall), jeśli przez okres 15 min (do ustalenia przez administratora) nastąpią nieprawidłowe logowania (ilość do ustalenia przez administratora) na okres 1 godziny (do ustalenia przez administratora). Adresy IP powinny być widoczne w menu, powinno być łatwe menu czyszczenia pojedynczych lub wszystkich adresów, powinien być harmonogram czyszczenia tych adresów ustalany przez administratora (always Monday 1:00).

 

Firewall in Windows (command block in php):
shell_exec("netsh advfirewall firewall add rule name=EmbyServ_".$time."_".$ipp." profile=any dir=in action=block enable=yes remoteip=$ipp");
command no block in php:
shell_exec("netsh advfirewall firewall delete rule name=..................);

 

Share this post


Link to post
Share on other sites
Luke

Hi, the next release of the server will have expanded IP filtering settings.

Share this post


Link to post
Share on other sites
mrjurek
ok, I saw (3.3.1.19-beta).

 

However, Black List and White List are not a solution for a dynamic IP address (ISP address in my mobile phone). :(

Edited by mrjurek

Share this post


Link to post
Share on other sites
Swynol

Ye this would be a good addition. 

 

I do something similar with NGINX reverse proxy. if your using NGINX i can help setup a black list.

Share this post


Link to post
Share on other sites
Luke

I think anything more sophisticated you will probably want to handle at the router or reverse proxy level.

Share this post


Link to post
Share on other sites
horstepipe

Ye this would be a good addition. 

 

I do something similar with NGINX reverse proxy. if your using NGINX i can help setup a black list.

Hey

I‘d really appreciate if you could tell us more about what you setup in nginx for security purposes.

Share this post


Link to post
Share on other sites
Swynol

i have the normal NGINX security stuff

 

ssl_session_timeout 30m;

ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_certificate      E:\le64\Domain.crt;
ssl_certificate_key  E:\le64\Domain.key;
ssl_session_cache shared:SSL:10m;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

 

proxy_hide_header X-Powered-By;
proxy_hide_header X-Frame-Options;
add_header X-Content-Type-Options "nosniff"  always;
add_header Strict-Transport-Security "max-age=2592000; includeSubdomains" always;

add_header x-xss-protection 1;

 

 

I also use cloudflare to hide my WAN IP plus add a bit of DDOS protection and security. I also use country blocking on my router to block some of the more dodgy places.

 

And finally i use a black list. I got my initial black list from a security website which keeps a huge list of flagged dodgy IPs. Then i keep an eye on my NGINX access logs for anything suspicious. If something is flagged I add it to my blacklist. Only issue is i have to manually add the IP, and its usually after an attack. In NGINX you include the below line in the nginx.conf file

 

include blacklistips.conf;

 

You can download my blacklist here

 

https://drive.google.com/open?id=1NP99QRgynozorwEjxK5WVRYTNhtec9iE

 

and place it in NGINX/Conf folder

 

And finally I use an IPS/IDS (intrusion Prevention Service / Intrusion Detection Service) on my router, any abnormalities are either blocked or flagged to me.

 

{touch wood} i havent had a successful attack. Usually my router reports around 10000 blocked threats every 24 hours.

 

5ad8b607e8253_threats.jpg

Share this post


Link to post
Share on other sites
mrjurek
NGINX is a great idea. I have to try.

 

Personally, I have a server on Apache PHP and in it through my script blocks IP addresses in the Firewall (I use the Emby log).

 

 

Sorry for my English. :)

Edited by mrjurek

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...