Jump to content


Photo

Windows Emby Server - Block User and IP (DDOS, Firewall)

emby server block IP DDOS firewall security

  • Please log in to reply
7 replies to this topic

#1 mrjurek OFFLINE  

mrjurek

    Newbie

  • Members
  • 4 posts
  • Local time: 05:48 AM
  • LocationPoland

Posted 27 March 2018 - 04:18 AM

English:
 
Hello
 
I suggest expanding the security:
- user blocking function, 5 items (to be determined by the administrator) of consecutive incorrect logins
- blocking the IP address (DDOS, Firewall), if for a period of 15 minutes (to be determined by the administrator) there will be an incorrect authorization (amount to be determined by the administrator) for 1 hour (to be determined by the administrator). IP addresses should be visible in the menu, it should be easy to clean the individual or all addresses, there should be a schedule for cleaning these addresses set by the administrator (for example: always Monday 1:00).
 
Firewall in Windows (command block in php):
shell_exec("netsh advfirewall firewall add rule name=EmbyServ_".$time."_".$ipp." profile=any dir=in action=block enable=yes remoteip=$ipp");
command no block in php:
shell_exec("netsh advfirewall firewall delete rule name=..................);
 
 
5ab9fe49e3e84_AdvancedSecurity.png
 
 
Polish:
Witam
 
Proponuję rozudowę security:
Proponuję rozbudowę security:
- funkcja blokowania użytkownika po 5 szt. (do ustalenia przez administratora) kolejnych nieprawidłowych logowań.
- blokowanie adresu IP (DDOS, Firewall), jeśli przez okres 15 min (do ustalenia przez administratora) nastąpią nieprawidłowe logowania (ilość do ustalenia przez administratora) na okres 1 godziny (do ustalenia przez administratora). Adresy IP powinny być widoczne w menu, powinno być łatwe menu czyszczenia pojedynczych lub wszystkich adresów, powinien być harmonogram czyszczenia tych adresów ustalany przez administratora (always Monday 1:00).

 

Firewall in Windows (command block in php):
shell_exec("netsh advfirewall firewall add rule name=EmbyServ_".$time."_".$ipp." profile=any dir=in action=block enable=yes remoteip=$ipp");
command no block in php:
shell_exec("netsh advfirewall firewall delete rule name=..................);

 



#2 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 153496 posts
  • Local time: 12:48 AM

Posted 27 March 2018 - 11:18 AM

Hi, the next release of the server will have expanded IP filtering settings.

#3 mrjurek OFFLINE  

mrjurek

    Newbie

  • Members
  • 4 posts
  • Local time: 05:48 AM
  • LocationPoland

Posted 19 April 2018 - 05:18 AM

ok, I saw (3.3.1.19-beta).
 
However, Black List and White List are not a solution for a dynamic IP address (ISP address in my mobile phone). :(

Edited by mrjurek, 19 April 2018 - 05:20 AM.


#4 Swynol OFFLINE  

Swynol

    Advanced Member

  • Members
  • 1068 posts
  • Local time: 05:48 AM
  • LocationWales, UK

Posted 19 April 2018 - 06:02 AM

Ye this would be a good addition. 

 

I do something similar with NGINX reverse proxy. if your using NGINX i can help setup a black list.



#5 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 153496 posts
  • Local time: 12:48 AM

Posted 19 April 2018 - 11:03 AM

I think anything more sophisticated you will probably want to handle at the router or reverse proxy level.

#6 horstepipe OFFLINE  

horstepipe

    Advanced Member

  • Members
  • 1682 posts
  • Local time: 06:48 AM

Posted 19 April 2018 - 11:08 AM

Ye this would be a good addition. 
 
I do something similar with NGINX reverse proxy. if your using NGINX i can help setup a black list.


Hey
I‘d really appreciate if you could tell us more about what you setup in nginx for security purposes.

#7 Swynol OFFLINE  

Swynol

    Advanced Member

  • Members
  • 1068 posts
  • Local time: 05:48 AM
  • LocationWales, UK

Posted 19 April 2018 - 11:31 AM

i have the normal NGINX security stuff

 

ssl_session_timeout 30m;

ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_certificate      E:\le64\Domain.crt;
ssl_certificate_key  E:\le64\Domain.key;
ssl_session_cache shared:SSL:10m;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

 

proxy_hide_header X-Powered-By;
proxy_hide_header X-Frame-Options;
add_header X-Content-Type-Options "nosniff"  always;
add_header Strict-Transport-Security "max-age=2592000; includeSubdomains" always;

add_header x-xss-protection 1;

 

 

I also use cloudflare to hide my WAN IP plus add a bit of DDOS protection and security. I also use country blocking on my router to block some of the more dodgy places.

 

And finally i use a black list. I got my initial black list from a security website which keeps a huge list of flagged dodgy IPs. Then i keep an eye on my NGINX access logs for anything suspicious. If something is flagged I add it to my blacklist. Only issue is i have to manually add the IP, and its usually after an attack. In NGINX you include the below line in the nginx.conf file

 

include blacklistips.conf;

 

You can download my blacklist here

 

https://drive.google...K5WVRYTNhtec9iE

 

and place it in NGINX/Conf folder

 

And finally I use an IPS/IDS (intrusion Prevention Service / Intrusion Detection Service) on my router, any abnormalities are either blocked or flagged to me.

 

{touch wood} i havent had a successful attack. Usually my router reports around 10000 blocked threats every 24 hours.

 

5ad8b607e8253_threats.jpg



#8 mrjurek OFFLINE  

mrjurek

    Newbie

  • Members
  • 4 posts
  • Local time: 05:48 AM
  • LocationPoland

Posted 20 April 2018 - 07:26 AM

NGINX is a great idea. I have to try.
 
Personally, I have a server on Apache PHP and in it through my script blocks IP addresses in the Firewall (I use the Emby log).
 
 
Sorry for my English. :)

Edited by mrjurek, 20 April 2018 - 07:27 AM.






Also tagged with one or more of these keywords: emby, server, block, IP, DDOS, firewall, security

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users