Jump to content

[Plugin] Firewall IP blocking with reverse lookup - Reworked


chef

Recommended Posts

For me I get this error..

Quote

2020-10-27 10.43.16.194 Error App: Error disposing ServerEntryPoint
    *** Error Report ***
    Version: 4.6.0.3
    Command line: D:\embyserver\system\EmbyServer.dll
    Operating system: Microsoft Windows 10.0.19042
    Framework: .NET Core 3.1.8
    OS/Process: x64/x64
    Runtime: D:/embyserver/system/System.Private.CoreLib.dll
    Processor count: 8
    Data path: D:\embyserver\programdata
    Application path: D:\embyserver\system
    System.NotImplementedException: System.NotImplementedException: The method or operation is not implemented.
       at Blacklist.ServerEntryPoint.Dispose()
       at Emby.Server.Implementations.ApplicationHost.Dispose(Boolean dispose)
    Source: Blacklist
    TargetSite: Void Dispose()

 

Link to comment
Share on other sites

and this..

Quote

2020-10-27 08.56.10.050 Error SessionManager: Error in event handler
    *** Error Report ***
    Version: 4.6.0.3
    Command line: D:\embyserver\system\EmbyServer.dll
    Operating system: Microsoft Windows 10.0.19042
    Framework: .NET Core 3.1.8
    OS/Process: x64/x64
    Runtime: D:/system/System.Private.CoreLib.dll
    Processor count: 8
    Data path: D:\embyserver\programdata
    Application path: D:\embyserver\system
    System.AggregateException: System.AggregateException: One or more errors occurred. (Object reference not set to an instance of an object.)
     ---> System.NullReferenceException: Object reference not set to an instance of an object.
       at Blacklist.ServerEntryPoint.CheckConnectionAttempt(AuthenticationRequest authenticationRequest, PluginConfiguration config)
       --- End of inner exception stack trace ---
       at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
       at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
       at System.Threading.Tasks.Task`1.get_Result()
       at Blacklist.ServerEntryPoint.SessionManager_AuthenticationFailed(Object sender, GenericEventArgs`1 e)
       at MediaBrowser.Common.Events.EventHelper.FireEventIfNotNull[T](EventHandler`1 handler, Object sender, T args, ILogger logger)
    Source: System.Private.CoreLib
    TargetSite: Void ThrowIfExceptional(Boolean)
    InnerException: System.NullReferenceException: Object reference not set to an instance of an object.
    Source: Blacklist
    TargetSite: Void MoveNext()
       at Blacklist.ServerEntryPoint.CheckConnectionAttempt(AuthenticationRequest authenticationRequest, PluginConfiguration config)

 

  • Like 1
Link to comment
Share on other sites

14 minutes ago, XSR said:

and this..

 

Oh, are you on beta server? I see .netcore 3

 

I'll have to check that out.

Edited by chef
Link to comment
Share on other sites

25 minutes ago, XSR said:

and this..

 

I know what this is. If you are on a subnet address, like 192.168.*.* then it will error when trying to locate the address. I will fix this.

Link to comment
Share on other sites

PrincessClevage
7 hours ago, chef said:

absolutely. Would you like to see it in the activity list on the dashboard, or a popup message sent out to logged in Admin users?

Is it possible to trigger an email alert with details of the blocked event?

Link to comment
Share on other sites

4 minutes ago, PrincessClevage said:

Is it possible to trigger an email alert with details of the blocked event?

Should be easy enough 😉

Link to comment
Share on other sites

PenkethBoy

cough - how about both?

poss with config option to choose one or the other

😈

sorry should have read the whole thread - oops

Edited by PenkethBoy
  • Haha 1
Link to comment
Share on other sites

This is kinda cool. If you click the flag icon, a dialog will appear which shows a good satellite image of the location the reverse look up found 😀 LOL. If you try this, clear browser data after server restart.

 

Blacklist.zipblacklistmap.thumb.png.8c7bcd559c34c2ce01216404df1a0146.png

Edited by chef
  • Like 1
Link to comment
Share on other sites

PenkethBoy

lol - so your hacker was a phantom from beyond the grave - do you get the grave marker number as well?

😂

  • Haha 1
Link to comment
Share on other sites

Just now, PenkethBoy said:

lol - so your hacker was a phantom from beyond the grave - do you get the grave marker number as well?

😂

yeah. LOL!  I'm logged in a work and they use a VPN. there must be a server farm in that field or house somewhere LOL

Link to comment
Share on other sites

Sending Email notifications has become some problematic code. There have been some changes in how smtp services allow interaction. This might take a bit long then I thought.

Link to comment
Share on other sites

rbjtech

Great plugin @chef Thanks.

Currently I use IPBan for Windows which does the same thing, but being integrated into the Emby framework/Notifications would be great - I'm going to give it a try.

ps - First rule of any remotely accessible system is RENAME the Admin accounts ;)  That way, they need to not only brute force the password, but the guess the admin account name as well before they even try an attempt ...  

Personally, I also remove the remote access for the (renamed..) Admin accounts, using a VPN if I ever need to remotely administer my system.

edit - Ah - (sorry should have read the thread properly) .. Emby needs to be run as Admin for it to work - this is a showstopper for me.  Running an external facing system as OS Admin is a no-no.   Shame.  If you could call a service account with the appropriate privileges (Network Configuration Operators group) to add f/w rules, then that would be a perfect solution ... 

 

 

 

Edited by rbjtech
  • Thanks 1
Link to comment
Share on other sites

3 hours ago, rbjtech said:

Great plugin @chef Thanks.

Currently I use IPBan for Windows which does the same thing, but being integrated into the Emby framework/Notifications would be great - I'm going to give it a try.

ps - First rule of any remotely accessible system is RENAME the Admin accounts ;)  That way, they need to not only brute force the password, but the guess the admin account name as well before they even try an attempt ...  

Personally, I also remove the remote access for the (renamed..) Admin accounts, using a VPN if I ever need to remotely administer my system.

edit - Ah - (sorry should have read the thread properly) .. Emby needs to be run as Admin for it to work - this is a showstopper for me.  Running an external facing system as OS Admin is a no-no.   Shame.  If you could call a service account with the appropriate privileges (Network Configuration Operators group) to add f/w rules, then that would be a perfect solution ... 

 

 

 

I didn't know that that was a bad idea.

So a separate service that has admin privileges and handles the firewall control, but can be configured in the plugin, is better?

Link to comment
Share on other sites

rbjtech

Hi @chef - if the Emby app was compromised for any reason (code vulnerability etc) then running it as OS Administrator effectively means the hacker now has privileges to do as they please.  If run as a 'service account / non-admin account' then they have limited privileges to disrupt and need to find another way to elevate their privilege.

The easiest option if people are using a non-admin/service account (as I do) is to simply add the 'Network Configuration Operators Group' to your existing non-admin/service account.  You can then add/delete firewall rules, as if you were admin. 👍  

The most secure option, is have a separate service account for your plugin - but that would mean a new account/password etc to be setup which is probably overkill for your average home user.

I'm going to try your plugin when I get the chance - by adding the 'Network Configuration Operators Group' and it should work with my existing service account. 😀

 

Link to comment
Share on other sites

23 minutes ago, rbjtech said:

Hi @chef - if the Emby app was compromised for any reason (code vulnerability etc) then running it as OS Administrator effectively means the hacker now has privileges to do as they please.  If run as a 'service account / non-admin account' then they have limited privileges to disrupt and need to find another way to elevate their privilege.

The easiest option if people are using a non-admin/service account (as I do) is to simply add the 'Network Configuration Operators Group' to your existing non-admin/service account.  You can then add/delete firewall rules, as if you were admin. 👍  

The most secure option, is have a separate service account for your plugin - but that would mean a new account/password etc to be setup which is probably overkill for your average home user.

I'm going to try your plugin when I get the chance - by adding the 'Network Configuration Operators Group' and it should work with my existing service account. 😀

 

This is great info! How do you add Network Configuration Operators Group?

Link to comment
Share on other sites

rbjtech

Two ways - either add the user to the group .. double click it and add the user ..

add_user_to_group.PNG

 

.. Or add the group to the user.

 

add_group_to_user.PNG

Edited by rbjtech
  • Like 1
Link to comment
Share on other sites

rbjtech

Hmm - Hold Fire on any further investigation @chef - on an independent test,  adding to the group is not allowing me to add/remove rules :(  Let me investigate why .. 

edit - ok so it does work, but UAC may get in the way if using the GUI - but as presumably you are using code to do it, then you should be able to elevate the privilege using the user account instead.

The below example(s) were done using a standard (non-admin) user account being a member of 'Network Configuration Operators'.  The first at standard permissions, the 2nd at elevated permissions for this user (not Administrator, despite what it says ..).

   

Capture.PNG

Edited by rbjtech
  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...