chef 3745 Posted March 18, 2020 Share Posted March 18, 2020 (edited) I have completely reworked this plugin, and it now uses a great service which will find out a whole lot of information about the brute force attacker. It will figure out if it is happening from a Proxy source, give ISP/Device/Location and Date information, while banning the IP from contacting the Server. DOWNLOAD: Blacklist.zip Edited October 27, 2020 by chef update plugin 3 Link to comment Share on other sites More sharing options...
maegibbons 1267 Posted March 18, 2020 Share Posted March 18, 2020 Hi I am generally a big believer in emby doing what it does best and leaving stuff outside of media to other tools. HOWEVER, as a plugin based upon failed logins injecting block rules in to Windows firewall sounds interesting. So please have a look at. Krs Mark Sent from my SM-N976B using Tapatalk Link to comment Share on other sites More sharing options...
chef 3745 Posted March 18, 2020 Author Share Posted March 18, 2020 (edited) Cool it works! I've been testing using the Emby log to simulate the actions involved! The Ban would have happened on the third attempt in 30 seconds! Just like a Brute force attack. 2020-03-18 19:29:31.748 Info HttpServer: HTTP POST http://localhost:8096/emby/Users/authenticatebyname. UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 2020-03-18 19:29:31.753 Error UserManager: Error authenticating with provider Default *** Error Report *** Version: 4.3.1.0 Command line: C:\Users\MediaServer\AppData\Roaming\Emby-Server\system\EmbyServer.dll -noautorunwebapp Operating system: Microsoft Windows NT 6.1.7601 Service Pack 1 64-Bit OS: True 64-Bit Process: True User Interactive: True Runtime: file:///C:/Users/MediaServer/AppData/Roaming/Emby-Server/system/System.Private.CoreLib.dll Processor count: 8 Program data path: C:\Users\MediaServer\AppData\Roaming\Emby-Server\programdata Application directory: C:\Users\MediaServer\AppData\Roaming\Emby-Server\system System.Exception: System.Exception: Invalid username or password at Emby.Server.Implementations.Library.DefaultAuthenticationProvider.Authenticate(String username, String password, User resolvedUser) at Emby.Server.Implementations.Library.UserManager.AuthenticateWithProvider(IAuthenticationProvider provider, String username, String password, User resolvedUser, CancellationToken cancellationToken) Source: Emby.Server.Implementations TargetSite: System.Threading.Tasks.Task`1[MediaBrowser.Controller.Authentication.ProviderAuthenticationResult] Authenticate(System.String, System.String, MediaBrowser.Controller.Entities.User) 2020-03-18 19:29:31.754 Info HttpClient: POST https://connect.emby.media/service/user/authenticate 2020-03-18 19:29:31.807 Info UserManager: Authentication request for Elliot has been denied. 2020-03-18 19:29:31.812 Info Firewall Ban: TESTING IP BAN: ::1 Edited March 18, 2020 by chef 3 Link to comment Share on other sites More sharing options...
maegibbons 1267 Posted March 19, 2020 Share Posted March 19, 2020 Cool.... Sent from my SM-N976B using Tapatalk Link to comment Share on other sites More sharing options...
chef 3745 Posted March 20, 2020 Author Share Posted March 20, 2020 I have done it! Only caviot, EmbyServer.exe has to be started with Admin privileges, but I have successfully create a plugin in which will ban bad login attempts IPs. It took a while to get it working, but it works. I can see some issues, like making sure emby is elevated when it is run. 1 Link to comment Share on other sites More sharing options...
chef 3745 Posted March 21, 2020 Author Share Posted March 21, 2020 (edited) A whole day of testing and things are working very well in Windows. Once the IP is blocked the emby page becomes unresponsive. perfect! 1. I'm going to add a time out feature where the IP address will become active after a specific time. 2.Linux is next. I've got to do some research to figure out the best way to add rules to a Linux firewall. Edited March 21, 2020 by chef 1 Link to comment Share on other sites More sharing options...
PrincessClevage 173 Posted March 21, 2020 Share Posted March 21, 2020 Nice Dish Chef, Where can I find the plugin? Link to comment Share on other sites More sharing options...
chef 3745 Posted March 21, 2020 Author Share Posted March 21, 2020 I'm going to do another day of testing. Make sure that the removal of firewall rules is flawless. Then I'll post it on GitHub, and here in this thread. Do you know if, when Emby restarts from an elevated process (it has been run as administrator) if the restarted process version is also run as administrator? Link to comment Share on other sites More sharing options...
PrincessClevage 173 Posted March 21, 2020 Share Posted March 21, 2020 I doubt it but can set to always run as admin https://www.cnet.com/how-to/always-run-a-program-in-administrator-mode-in-windows-10/ Link to comment Share on other sites More sharing options...
chef 3745 Posted March 25, 2020 Author Share Posted March 25, 2020 (edited) I've updated the main thread here with a video and download link. This is very beta, if anyone is worried about what is happening at the system level, I would take a moment and read the github repo so they can see the uses of iptables in Linux and netsh.exe in Windows. Thanks! Edited March 25, 2020 by chef 2 Link to comment Share on other sites More sharing options...
PrincessClevage 173 Posted March 26, 2020 Share Posted March 26, 2020 (edited) Once this is stabilised this should be considered to be added as part of core emby build imo Edited March 26, 2020 by PrincessClevage 1 Link to comment Share on other sites More sharing options...
chef 3745 Posted March 27, 2020 Author Share Posted March 27, 2020 I've added a new feature. The configuration keeps track of successful login IPs, device and users. To combat DDOS attacks and brute Force, the server will create a Boolean value called "IsRegistered" and compare failed attempts device type, users and IPs to attempt to block access sooner if things aren't adding up. 2 Link to comment Share on other sites More sharing options...
PrincessClevage 173 Posted March 28, 2020 Share Posted March 28, 2020 Can be a slippery (for the masses) slope adding in additional logic. Appreciate the work Chef! Link to comment Share on other sites More sharing options...
neik 835 Posted April 2, 2020 Share Posted April 2, 2020 @@chef, do you plan on publishing this to the official PlugIn catalogue? Link to comment Share on other sites More sharing options...
chef 3745 Posted April 2, 2020 Author Share Posted April 2, 2020 (edited) Edited April 2, 2020 by chef 1 Link to comment Share on other sites More sharing options...
maegibbons 1267 Posted April 3, 2020 Share Posted April 3, 2020 I think the Emby developers have a similar thing being worked out for the core emby code. Not sure of it will involve the firewall, but I believe emby will have a lockout system implemented in the near future. [emoji2] If it is coming after the Live TV upgrade and Channel Management that could still be 5 years or more away. Can we not use your plug-in in the meantime? Krs Matk Sent from my SM-N976B using Tapatalk 2 Link to comment Share on other sites More sharing options...
neik 835 Posted April 3, 2020 Share Posted April 3, 2020 If it is coming after the Live TV upgrade and Channel Management that could still be 5 years or more away. Can we not use your plug-in in the meantime? Krs Matk Sent from my SM-N976B using Tapatalk Agree! Once it gets into the Emby core this plugin would probably be obsolete but until then it would be a nice feature to use. @@Luke, @@ebr, can this be included in the catalogue? Or any statement regarding what chef said? Link to comment Share on other sites More sharing options...
PrincessClevage 173 Posted April 3, 2020 Share Posted April 3, 2020 You can use it now, just download the zip file and place the dll into the plugin directory then restart emby server the check the plugin section under emby server management Link to comment Share on other sites More sharing options...
chef 3745 Posted April 3, 2020 Author Share Posted April 3, 2020 I've updated the download link on the first post. Link to comment Share on other sites More sharing options...
mrjurek 0 Posted June 25, 2020 Share Posted June 25, 2020 I keep my fingers crossed. Please add * .dll file to download. Link to comment Share on other sites More sharing options...
chef 3745 Posted September 11, 2020 Author Share Posted September 11, 2020 Blacklist.zip Link to comment Share on other sites More sharing options...
chef 3745 Posted October 23, 2020 Author Share Posted October 23, 2020 (edited) I've come back to this plugin recently after I noticed that someone was hitting my domain repeatedly, trying to get past different user accounts. I reinstalled this plugin back on my machine, and It worked! They are blocked. unless they change their IP and try hitting it again, they will stay blocked, and to be honest, this plugin will just ban them after three missed tries anyway. This seems to be a working updated version of Blacklist plugin. The image below shows the interface, but I removed the attackers IP because, I'm pretty sure that the community consists of much better hackers then that person, and I didn't want to cause them any real issues. LOL. Edited October 27, 2020 by chef 1 Link to comment Share on other sites More sharing options...
chef 3745 Posted October 27, 2020 Author Share Posted October 27, 2020 I've changed the first post with an update. I have figured out how to get a whole lot of hacker information in this plugin. If someone brute forces your server, this plugin will stop that from happening. 1 Link to comment Share on other sites More sharing options...
PrincessClevage 173 Posted October 27, 2020 Share Posted October 27, 2020 (edited) 1 hour ago, chef said: I've changed the first post with an update. I have figured out how to get a whole lot of hacker information in this plugin. If someone brute forces your server, this plugin will stop that from happening. Any notifications of when blocks occur possible? Edited October 27, 2020 by PrincessClevage Link to comment Share on other sites More sharing options...
chef 3745 Posted October 27, 2020 Author Share Posted October 27, 2020 9 hours ago, PrincessClevage said: Any notifications of when blocks occur possible? absolutely. Would you like to see it in the activity list on the dashboard, or a popup message sent out to logged in Admin users? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now