Nyko 1 Posted November 12, 2021 Posted November 12, 2021 Hello, I have Emby behind an Nginx Reverse Proxy with Fail2Ban, strong passwords, and limited accounts. I decided to add in GoAccess to check the logs and I've noticed a lot of attempts on EMBY that have me suspecting that it's being attacked and/or accessed by someone I don't know. I'm realizing now that using /emby as your location for reverse proxy is probably not a good idea. I'm not expert in any regard, so if I'm crazy let me know I did some testing on some of the URLs and noticed that I was /emby/emby/Users/Public was accessible remotely w/out any authentication. Even if you're not displaying user names remotely, this file is accessible and provides pretty much all the user data accordingly. There are other URLs that also seem to work and provide information but I wanted to get the thread started for now until I have time to dig through more of the data. Any thoughts? Thanks `Nyko
Luke 42085 Posted November 12, 2021 Posted November 12, 2021 Quote /emby/emby/Users/Public This is the api that provides apps with the list of users to display on the visual login screen. You are in complete control via user permissions of which users appear in this, and which will not.
Nyko 1 Posted November 12, 2021 Author Posted November 12, 2021 2 hours ago, Luke said: This is the api that provides apps with the list of users to display on the visual login screen. You are in complete control via user permissions of which users appear in this, and which will not. Ok, I have 'Hide this user from login screens on devices they've never signed into' configured and when I found this url, I realized the user info is exposed. After configuring 'Hide this user from login screens when connected remotely' the usernames no longer appear. Thanks for the info Luke, appreciate it. When reviewing not found URLs it did seem that there were a high amount of hits for a handful, any chance you might be able to tell if this would be normal? NOT FOUND URLS (404S) TOP NOT FOUND URLS SORTED BY HITS [, AVGTS, CUMTS, MAXTS, MTHD, PROTO]
Luke 42085 Posted November 12, 2021 Posted November 12, 2021 Well they've got the /emby doubled so that's probably why.
Nyko 1 Posted November 13, 2021 Author Posted November 13, 2021 Ok Cool, as always, Thank you & your team for all the work you put in with Emby. Just incase you may not get enough feedback, there's a lot of us users who appreciate you and your team. `N 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now