Jump to content
chef

[Plugin] Firewall IP blocking with reverse lookup - Reworked

Recommended Posts

neik

IMHO it should be in the activity list and maybe a separate log file with IP and time of blocking.

Share this post


Link to post
Share on other sites
chef

Will do!

  • Thanks 1

Share this post


Link to post
Share on other sites
XSR

For me I get this error..

Quote

2020-10-27 10.43.16.194 Error App: Error disposing ServerEntryPoint
    *** Error Report ***
    Version: 4.6.0.3
    Command line: D:\embyserver\system\EmbyServer.dll
    Operating system: Microsoft Windows 10.0.19042
    Framework: .NET Core 3.1.8
    OS/Process: x64/x64
    Runtime: D:/embyserver/system/System.Private.CoreLib.dll
    Processor count: 8
    Data path: D:\embyserver\programdata
    Application path: D:\embyserver\system
    System.NotImplementedException: System.NotImplementedException: The method or operation is not implemented.
       at Blacklist.ServerEntryPoint.Dispose()
       at Emby.Server.Implementations.ApplicationHost.Dispose(Boolean dispose)
    Source: Blacklist
    TargetSite: Void Dispose()

 

Share this post


Link to post
Share on other sites
XSR

and this..

Quote

2020-10-27 08.56.10.050 Error SessionManager: Error in event handler
    *** Error Report ***
    Version: 4.6.0.3
    Command line: D:\embyserver\system\EmbyServer.dll
    Operating system: Microsoft Windows 10.0.19042
    Framework: .NET Core 3.1.8
    OS/Process: x64/x64
    Runtime: D:/system/System.Private.CoreLib.dll
    Processor count: 8
    Data path: D:\embyserver\programdata
    Application path: D:\embyserver\system
    System.AggregateException: System.AggregateException: One or more errors occurred. (Object reference not set to an instance of an object.)
     ---> System.NullReferenceException: Object reference not set to an instance of an object.
       at Blacklist.ServerEntryPoint.CheckConnectionAttempt(AuthenticationRequest authenticationRequest, PluginConfiguration config)
       --- End of inner exception stack trace ---
       at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
       at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
       at System.Threading.Tasks.Task`1.get_Result()
       at Blacklist.ServerEntryPoint.SessionManager_AuthenticationFailed(Object sender, GenericEventArgs`1 e)
       at MediaBrowser.Common.Events.EventHelper.FireEventIfNotNull[T](EventHandler`1 handler, Object sender, T args, ILogger logger)
    Source: System.Private.CoreLib
    TargetSite: Void ThrowIfExceptional(Boolean)
    InnerException: System.NullReferenceException: Object reference not set to an instance of an object.
    Source: Blacklist
    TargetSite: Void MoveNext()
       at Blacklist.ServerEntryPoint.CheckConnectionAttempt(AuthenticationRequest authenticationRequest, PluginConfiguration config)

 

  • Like 1

Share this post


Link to post
Share on other sites
chef
14 minutes ago, XSR said:

and this..

 

Oh, are you on beta server? I see .netcore 3

 

I'll have to check that out.

Edited by chef

Share this post


Link to post
Share on other sites
chef
25 minutes ago, XSR said:

and this..

 

I know what this is. If you are on a subnet address, like 192.168.*.* then it will error when trying to locate the address. I will fix this.

Share this post


Link to post
Share on other sites
chef

I believe I have fixed those errors, and I updated the original post.

Share this post


Link to post
Share on other sites
chef

I've also added the alert under the "Alerts" section on the dashboard.

backlistOctober27.png.5468bbc4832b02e42c2be91a75093466.png

  • Like 2

Share this post


Link to post
Share on other sites
XSR
25 minutes ago, chef said:

I believe I have fixed those errors, and I updated the original post.

Now its working 👍 thanks

Share this post


Link to post
Share on other sites
PrincessClevage
7 hours ago, chef said:

absolutely. Would you like to see it in the activity list on the dashboard, or a popup message sent out to logged in Admin users?

Is it possible to trigger an email alert with details of the blocked event?

Share this post


Link to post
Share on other sites
chef
4 minutes ago, PrincessClevage said:

Is it possible to trigger an email alert with details of the blocked event?

Should be easy enough 😉

Share this post


Link to post
Share on other sites
PenkethBoy

cough - how about both?

poss with config option to choose one or the other

😈

sorry should have read the whole thread - oops

Edited by PenkethBoy
  • Haha 1

Share this post


Link to post
Share on other sites
chef

Anyone using Linux? 

Share this post


Link to post
Share on other sites
chef

This is kinda cool. If you click the flag icon, a dialog will appear which shows a good satellite image of the location the reverse look up found 😀 LOL. If you try this, clear browser data after server restart.

 

Blacklist.zipblacklistmap.thumb.png.8c7bcd559c34c2ce01216404df1a0146.png

Edited by chef
  • Like 1

Share this post


Link to post
Share on other sites
PenkethBoy

lol - so your hacker was a phantom from beyond the grave - do you get the grave marker number as well?

😂

  • Haha 1

Share this post


Link to post
Share on other sites
chef
Just now, PenkethBoy said:

lol - so your hacker was a phantom from beyond the grave - do you get the grave marker number as well?

😂

yeah. LOL!  I'm logged in a work and they use a VPN. there must be a server farm in that field or house somewhere LOL

Share this post


Link to post
Share on other sites
chef

Sending Email notifications has become some problematic code. There have been some changes in how smtp services allow interaction. This might take a bit long then I thought.

Share this post


Link to post
Share on other sites
rbjtech

Great plugin @chef Thanks.

Currently I use IPBan for Windows which does the same thing, but being integrated into the Emby framework/Notifications would be great - I'm going to give it a try.

ps - First rule of any remotely accessible system is RENAME the Admin accounts ;)  That way, they need to not only brute force the password, but the guess the admin account name as well before they even try an attempt ...  

Personally, I also remove the remote access for the (renamed..) Admin accounts, using a VPN if I ever need to remotely administer my system.

edit - Ah - (sorry should have read the thread properly) .. Emby needs to be run as Admin for it to work - this is a showstopper for me.  Running an external facing system as OS Admin is a no-no.   Shame.  If you could call a service account with the appropriate privileges (Network Configuration Operators group) to add f/w rules, then that would be a perfect solution ... 

 

 

 

Edited by rbjtech
  • Thanks 1

Share this post


Link to post
Share on other sites
chef
3 hours ago, rbjtech said:

Great plugin @chef Thanks.

Currently I use IPBan for Windows which does the same thing, but being integrated into the Emby framework/Notifications would be great - I'm going to give it a try.

ps - First rule of any remotely accessible system is RENAME the Admin accounts ;)  That way, they need to not only brute force the password, but the guess the admin account name as well before they even try an attempt ...  

Personally, I also remove the remote access for the (renamed..) Admin accounts, using a VPN if I ever need to remotely administer my system.

edit - Ah - (sorry should have read the thread properly) .. Emby needs to be run as Admin for it to work - this is a showstopper for me.  Running an external facing system as OS Admin is a no-no.   Shame.  If you could call a service account with the appropriate privileges (Network Configuration Operators group) to add f/w rules, then that would be a perfect solution ... 

 

 

 

I didn't know that that was a bad idea.

So a separate service that has admin privileges and handles the firewall control, but can be configured in the plugin, is better?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...