neik 835 Posted October 27, 2020 Share Posted October 27, 2020 IMHO it should be in the activity list and maybe a separate log file with IP and time of blocking. Link to comment Share on other sites More sharing options...
chef 3745 Posted October 27, 2020 Author Share Posted October 27, 2020 Will do! 1 Link to comment Share on other sites More sharing options...
XSR 11 Posted October 27, 2020 Share Posted October 27, 2020 For me I get this error.. Quote 2020-10-27 10.43.16.194 Error App: Error disposing ServerEntryPoint *** Error Report *** Version: 4.6.0.3 Command line: D:\embyserver\system\EmbyServer.dll Operating system: Microsoft Windows 10.0.19042 Framework: .NET Core 3.1.8 OS/Process: x64/x64 Runtime: D:/embyserver/system/System.Private.CoreLib.dll Processor count: 8 Data path: D:\embyserver\programdata Application path: D:\embyserver\system System.NotImplementedException: System.NotImplementedException: The method or operation is not implemented. at Blacklist.ServerEntryPoint.Dispose() at Emby.Server.Implementations.ApplicationHost.Dispose(Boolean dispose) Source: Blacklist TargetSite: Void Dispose() Link to comment Share on other sites More sharing options...
XSR 11 Posted October 27, 2020 Share Posted October 27, 2020 and this.. Quote 2020-10-27 08.56.10.050 Error SessionManager: Error in event handler *** Error Report *** Version: 4.6.0.3 Command line: D:\embyserver\system\EmbyServer.dll Operating system: Microsoft Windows 10.0.19042 Framework: .NET Core 3.1.8 OS/Process: x64/x64 Runtime: D:/system/System.Private.CoreLib.dll Processor count: 8 Data path: D:\embyserver\programdata Application path: D:\embyserver\system System.AggregateException: System.AggregateException: One or more errors occurred. (Object reference not set to an instance of an object.) ---> System.NullReferenceException: Object reference not set to an instance of an object. at Blacklist.ServerEntryPoint.CheckConnectionAttempt(AuthenticationRequest authenticationRequest, PluginConfiguration config) --- End of inner exception stack trace --- at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions) at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification) at System.Threading.Tasks.Task`1.get_Result() at Blacklist.ServerEntryPoint.SessionManager_AuthenticationFailed(Object sender, GenericEventArgs`1 e) at MediaBrowser.Common.Events.EventHelper.FireEventIfNotNull[T](EventHandler`1 handler, Object sender, T args, ILogger logger) Source: System.Private.CoreLib TargetSite: Void ThrowIfExceptional(Boolean) InnerException: System.NullReferenceException: Object reference not set to an instance of an object. Source: Blacklist TargetSite: Void MoveNext() at Blacklist.ServerEntryPoint.CheckConnectionAttempt(AuthenticationRequest authenticationRequest, PluginConfiguration config) 1 Link to comment Share on other sites More sharing options...
chef 3745 Posted October 27, 2020 Author Share Posted October 27, 2020 (edited) 14 minutes ago, XSR said: and this.. Oh, are you on beta server? I see .netcore 3 I'll have to check that out. Edited October 27, 2020 by chef Link to comment Share on other sites More sharing options...
chef 3745 Posted October 27, 2020 Author Share Posted October 27, 2020 25 minutes ago, XSR said: and this.. I know what this is. If you are on a subnet address, like 192.168.*.* then it will error when trying to locate the address. I will fix this. Link to comment Share on other sites More sharing options...
chef 3745 Posted October 27, 2020 Author Share Posted October 27, 2020 I believe I have fixed those errors, and I updated the original post. Link to comment Share on other sites More sharing options...
chef 3745 Posted October 27, 2020 Author Share Posted October 27, 2020 I've also added the alert under the "Alerts" section on the dashboard. 2 Link to comment Share on other sites More sharing options...
XSR 11 Posted October 27, 2020 Share Posted October 27, 2020 25 minutes ago, chef said: I believe I have fixed those errors, and I updated the original post. Now its working thanks Link to comment Share on other sites More sharing options...
PrincessClevage 173 Posted October 27, 2020 Share Posted October 27, 2020 7 hours ago, chef said: absolutely. Would you like to see it in the activity list on the dashboard, or a popup message sent out to logged in Admin users? Is it possible to trigger an email alert with details of the blocked event? Link to comment Share on other sites More sharing options...
chef 3745 Posted October 27, 2020 Author Share Posted October 27, 2020 4 minutes ago, PrincessClevage said: Is it possible to trigger an email alert with details of the blocked event? Should be easy enough Link to comment Share on other sites More sharing options...
PenkethBoy 2063 Posted October 27, 2020 Share Posted October 27, 2020 (edited) cough - how about both? poss with config option to choose one or the other sorry should have read the whole thread - oops Edited October 27, 2020 by PenkethBoy 1 Link to comment Share on other sites More sharing options...
chef 3745 Posted October 27, 2020 Author Share Posted October 27, 2020 Anyone using Linux? Link to comment Share on other sites More sharing options...
chef 3745 Posted October 28, 2020 Author Share Posted October 28, 2020 (edited) This is kinda cool. If you click the flag icon, a dialog will appear which shows a good satellite image of the location the reverse look up found LOL. If you try this, clear browser data after server restart. Blacklist.zip Edited October 28, 2020 by chef 1 Link to comment Share on other sites More sharing options...
PenkethBoy 2063 Posted October 28, 2020 Share Posted October 28, 2020 lol - so your hacker was a phantom from beyond the grave - do you get the grave marker number as well? 1 Link to comment Share on other sites More sharing options...
chef 3745 Posted October 28, 2020 Author Share Posted October 28, 2020 Just now, PenkethBoy said: lol - so your hacker was a phantom from beyond the grave - do you get the grave marker number as well? yeah. LOL! I'm logged in a work and they use a VPN. there must be a server farm in that field or house somewhere LOL Link to comment Share on other sites More sharing options...
chef 3745 Posted October 29, 2020 Author Share Posted October 29, 2020 Sending Email notifications has become some problematic code. There have been some changes in how smtp services allow interaction. This might take a bit long then I thought. Link to comment Share on other sites More sharing options...
rbjtech 4222 Posted October 31, 2020 Share Posted October 31, 2020 (edited) Great plugin @chef Thanks. Currently I use IPBan for Windows which does the same thing, but being integrated into the Emby framework/Notifications would be great - I'm going to give it a try. ps - First rule of any remotely accessible system is RENAME the Admin accounts That way, they need to not only brute force the password, but the guess the admin account name as well before they even try an attempt ... Personally, I also remove the remote access for the (renamed..) Admin accounts, using a VPN if I ever need to remotely administer my system. edit - Ah - (sorry should have read the thread properly) .. Emby needs to be run as Admin for it to work - this is a showstopper for me. Running an external facing system as OS Admin is a no-no. Shame. If you could call a service account with the appropriate privileges (Network Configuration Operators group) to add f/w rules, then that would be a perfect solution ... Edited October 31, 2020 by rbjtech 1 Link to comment Share on other sites More sharing options...
chef 3745 Posted October 31, 2020 Author Share Posted October 31, 2020 3 hours ago, rbjtech said: Great plugin @chef Thanks. Currently I use IPBan for Windows which does the same thing, but being integrated into the Emby framework/Notifications would be great - I'm going to give it a try. ps - First rule of any remotely accessible system is RENAME the Admin accounts That way, they need to not only brute force the password, but the guess the admin account name as well before they even try an attempt ... Personally, I also remove the remote access for the (renamed..) Admin accounts, using a VPN if I ever need to remotely administer my system. edit - Ah - (sorry should have read the thread properly) .. Emby needs to be run as Admin for it to work - this is a showstopper for me. Running an external facing system as OS Admin is a no-no. Shame. If you could call a service account with the appropriate privileges (Network Configuration Operators group) to add f/w rules, then that would be a perfect solution ... I didn't know that that was a bad idea. So a separate service that has admin privileges and handles the firewall control, but can be configured in the plugin, is better? Link to comment Share on other sites More sharing options...
rbjtech 4222 Posted October 31, 2020 Share Posted October 31, 2020 Hi @chef - if the Emby app was compromised for any reason (code vulnerability etc) then running it as OS Administrator effectively means the hacker now has privileges to do as they please. If run as a 'service account / non-admin account' then they have limited privileges to disrupt and need to find another way to elevate their privilege. The easiest option if people are using a non-admin/service account (as I do) is to simply add the 'Network Configuration Operators Group' to your existing non-admin/service account. You can then add/delete firewall rules, as if you were admin. The most secure option, is have a separate service account for your plugin - but that would mean a new account/password etc to be setup which is probably overkill for your average home user. I'm going to try your plugin when I get the chance - by adding the 'Network Configuration Operators Group' and it should work with my existing service account. Link to comment Share on other sites More sharing options...
chef 3745 Posted October 31, 2020 Author Share Posted October 31, 2020 23 minutes ago, rbjtech said: Hi @chef - if the Emby app was compromised for any reason (code vulnerability etc) then running it as OS Administrator effectively means the hacker now has privileges to do as they please. If run as a 'service account / non-admin account' then they have limited privileges to disrupt and need to find another way to elevate their privilege. The easiest option if people are using a non-admin/service account (as I do) is to simply add the 'Network Configuration Operators Group' to your existing non-admin/service account. You can then add/delete firewall rules, as if you were admin. The most secure option, is have a separate service account for your plugin - but that would mean a new account/password etc to be setup which is probably overkill for your average home user. I'm going to try your plugin when I get the chance - by adding the 'Network Configuration Operators Group' and it should work with my existing service account. This is great info! How do you add Network Configuration Operators Group? Link to comment Share on other sites More sharing options...
rbjtech 4222 Posted November 1, 2020 Share Posted November 1, 2020 (edited) Two ways - either add the user to the group .. double click it and add the user .. .. Or add the group to the user. Edited November 1, 2020 by rbjtech 1 Link to comment Share on other sites More sharing options...
rbjtech 4222 Posted November 2, 2020 Share Posted November 2, 2020 (edited) Hmm - Hold Fire on any further investigation @chef - on an independent test, adding to the group is not allowing me to add/remove rules Let me investigate why .. edit - ok so it does work, but UAC may get in the way if using the GUI - but as presumably you are using code to do it, then you should be able to elevate the privilege using the user account instead. The below example(s) were done using a standard (non-admin) user account being a member of 'Network Configuration Operators'. The first at standard permissions, the 2nd at elevated permissions for this user (not Administrator, despite what it says ..). Edited November 2, 2020 by rbjtech 1 Link to comment Share on other sites More sharing options...
XSR 11 Posted November 2, 2020 Share Posted November 2, 2020 (edited) Maybe in Line value need to be to elevate cmd: UseShellExecute = true Source I cant test it.. sorry Edited November 2, 2020 by XSR 1 Link to comment Share on other sites More sharing options...
chef 3745 Posted November 2, 2020 Author Share Posted November 2, 2020 I'll give it a try, and see if I can get the user to be Network operator. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now