mrjurek 0 Posted March 27, 2018 Posted March 27, 2018 English: Hello I suggest expanding the security: - user blocking function, 5 items (to be determined by the administrator) of consecutive incorrect logins - blocking the IP address (DDOS, Firewall), if for a period of 15 minutes (to be determined by the administrator) there will be an incorrect authorization (amount to be determined by the administrator) for 1 hour (to be determined by the administrator). IP addresses should be visible in the menu, it should be easy to clean the individual or all addresses, there should be a schedule for cleaning these addresses set by the administrator (for example: always Monday 1:00). Firewall in Windows (command block in php): shell_exec("netsh advfirewall firewall add rule name=EmbyServ_".$time."_".$ipp." profile=any dir=in action=block enable=yes remoteip=$ipp"); command no block in php: shell_exec("netsh advfirewall firewall delete rule name=..................); Polish: Witam Proponuję rozudowę security: Proponuję rozbudowę security: - funkcja blokowania użytkownika po 5 szt. (do ustalenia przez administratora) kolejnych nieprawidłowych logowań. - blokowanie adresu IP (DDOS, Firewall), jeśli przez okres 15 min (do ustalenia przez administratora) nastąpią nieprawidłowe logowania (ilość do ustalenia przez administratora) na okres 1 godziny (do ustalenia przez administratora). Adresy IP powinny być widoczne w menu, powinno być łatwe menu czyszczenia pojedynczych lub wszystkich adresów, powinien być harmonogram czyszczenia tych adresów ustalany przez administratora (always Monday 1:00). Firewall in Windows (command block in php): shell_exec("netsh advfirewall firewall add rule name=EmbyServ_".$time."_".$ipp." profile=any dir=in action=block enable=yes remoteip=$ipp"); command no block in php: shell_exec("netsh advfirewall firewall delete rule name=..................);
Luke 38848 Posted March 27, 2018 Posted March 27, 2018 Hi, the next release of the server will have expanded IP filtering settings.
mrjurek 0 Posted April 19, 2018 Author Posted April 19, 2018 (edited) ok, I saw (3.3.1.19-beta). However, Black List and White List are not a solution for a dynamic IP address (ISP address in my mobile phone). Edited April 19, 2018 by mrjurek
Swynol 375 Posted April 19, 2018 Posted April 19, 2018 Ye this would be a good addition. I do something similar with NGINX reverse proxy. if your using NGINX i can help setup a black list.
Luke 38848 Posted April 19, 2018 Posted April 19, 2018 I think anything more sophisticated you will probably want to handle at the router or reverse proxy level.
horstepipe 364 Posted April 19, 2018 Posted April 19, 2018 Ye this would be a good addition. I do something similar with NGINX reverse proxy. if your using NGINX i can help setup a black list. Hey I‘d really appreciate if you could tell us more about what you setup in nginx for security purposes.
Swynol 375 Posted April 19, 2018 Posted April 19, 2018 i have the normal NGINX security stuff ssl_session_timeout 30m; ssl_protocols TLSv1.2 TLSv1.1 TLSv1;ssl_certificate E:\le64\Domain.crt;ssl_certificate_key E:\le64\Domain.key;ssl_session_cache shared:SSL:10m;ssl_prefer_server_ciphers on;ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; proxy_hide_header X-Powered-By;proxy_hide_header X-Frame-Options;add_header X-Content-Type-Options "nosniff" always;add_header Strict-Transport-Security "max-age=2592000; includeSubdomains" always; add_header x-xss-protection 1; I also use cloudflare to hide my WAN IP plus add a bit of DDOS protection and security. I also use country blocking on my router to block some of the more dodgy places. And finally i use a black list. I got my initial black list from a security website which keeps a huge list of flagged dodgy IPs. Then i keep an eye on my NGINX access logs for anything suspicious. If something is flagged I add it to my blacklist. Only issue is i have to manually add the IP, and its usually after an attack. In NGINX you include the below line in the nginx.conf file include blacklistips.conf; You can download my blacklist here https://drive.google.com/open?id=1NP99QRgynozorwEjxK5WVRYTNhtec9iE and place it in NGINX/Conf folder And finally I use an IPS/IDS (intrusion Prevention Service / Intrusion Detection Service) on my router, any abnormalities are either blocked or flagged to me. {touch wood} i havent had a successful attack. Usually my router reports around 10000 blocked threats every 24 hours.
mrjurek 0 Posted April 20, 2018 Author Posted April 20, 2018 (edited) NGINX is a great idea. I have to try. Personally, I have a server on Apache PHP and in it through my script blocks IP addresses in the Firewall (I use the Emby log). Sorry for my English. Edited April 20, 2018 by mrjurek
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now