Jump to content

Windows Emby Server - Block User and IP (DDOS, Firewall)


mrjurek
 Share

Recommended Posts

mrjurek
English:
 
Hello
 
I suggest expanding the security:
- user blocking function, 5 items (to be determined by the administrator) of consecutive incorrect logins
- blocking the IP address (DDOS, Firewall), if for a period of 15 minutes (to be determined by the administrator) there will be an incorrect authorization (amount to be determined by the administrator) for 1 hour (to be determined by the administrator). IP addresses should be visible in the menu, it should be easy to clean the individual or all addresses, there should be a schedule for cleaning these addresses set by the administrator (for example: always Monday 1:00).
 
Firewall in Windows (command block in php):
shell_exec("netsh advfirewall firewall add rule name=EmbyServ_".$time."_".$ipp." profile=any dir=in action=block enable=yes remoteip=$ipp");
command no block in php:
shell_exec("netsh advfirewall firewall delete rule name=..................);
 
 
5ab9fe49e3e84_AdvancedSecurity.png
 
 
Polish:
Witam
 
Proponuję rozudowę security:
Proponuję rozbudowę security:
- funkcja blokowania użytkownika po 5 szt. (do ustalenia przez administratora) kolejnych nieprawidłowych logowań.
- blokowanie adresu IP (DDOS, Firewall), jeśli przez okres 15 min (do ustalenia przez administratora) nastąpią nieprawidłowe logowania (ilość do ustalenia przez administratora) na okres 1 godziny (do ustalenia przez administratora). Adresy IP powinny być widoczne w menu, powinno być łatwe menu czyszczenia pojedynczych lub wszystkich adresów, powinien być harmonogram czyszczenia tych adresów ustalany przez administratora (always Monday 1:00).

 

Firewall in Windows (command block in php):
shell_exec("netsh advfirewall firewall add rule name=EmbyServ_".$time."_".$ipp." profile=any dir=in action=block enable=yes remoteip=$ipp");
command no block in php:
shell_exec("netsh advfirewall firewall delete rule name=..................);

 

Link to comment
Share on other sites

  • 4 weeks later...
mrjurek
ok, I saw (3.3.1.19-beta).

 

However, Black List and White List are not a solution for a dynamic IP address (ISP address in my mobile phone). :(

Edited by mrjurek
Link to comment
Share on other sites

Swynol

Ye this would be a good addition. 

 

I do something similar with NGINX reverse proxy. if your using NGINX i can help setup a black list.

Link to comment
Share on other sites

I think anything more sophisticated you will probably want to handle at the router or reverse proxy level.

Link to comment
Share on other sites

horstepipe

Ye this would be a good addition. 

 

I do something similar with NGINX reverse proxy. if your using NGINX i can help setup a black list.

Hey

I‘d really appreciate if you could tell us more about what you setup in nginx for security purposes.

Link to comment
Share on other sites

Swynol

i have the normal NGINX security stuff

 

ssl_session_timeout 30m;

ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_certificate      E:\le64\Domain.crt;
ssl_certificate_key  E:\le64\Domain.key;
ssl_session_cache shared:SSL:10m;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

 

proxy_hide_header X-Powered-By;
proxy_hide_header X-Frame-Options;
add_header X-Content-Type-Options "nosniff"  always;
add_header Strict-Transport-Security "max-age=2592000; includeSubdomains" always;

add_header x-xss-protection 1;

 

 

I also use cloudflare to hide my WAN IP plus add a bit of DDOS protection and security. I also use country blocking on my router to block some of the more dodgy places.

 

And finally i use a black list. I got my initial black list from a security website which keeps a huge list of flagged dodgy IPs. Then i keep an eye on my NGINX access logs for anything suspicious. If something is flagged I add it to my blacklist. Only issue is i have to manually add the IP, and its usually after an attack. In NGINX you include the below line in the nginx.conf file

 

include blacklistips.conf;

 

You can download my blacklist here

 

https://drive.google.com/open?id=1NP99QRgynozorwEjxK5WVRYTNhtec9iE

 

and place it in NGINX/Conf folder

 

And finally I use an IPS/IDS (intrusion Prevention Service / Intrusion Detection Service) on my router, any abnormalities are either blocked or flagged to me.

 

{touch wood} i havent had a successful attack. Usually my router reports around 10000 blocked threats every 24 hours.

 

5ad8b607e8253_threats.jpg

Link to comment
Share on other sites

mrjurek
NGINX is a great idea. I have to try.

 

Personally, I have a server on Apache PHP and in it through my script blocks IP addresses in the Firewall (I use the Emby log).

 

 

Sorry for my English. :)

Edited by mrjurek
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...