China tried to login

hotbrass · Mar 21, 2016

I see that china tried to log in to my Blue Iris at 12:02am from 117.21.173.4 in myu Status Connections tab. I dont know if they were successful. Maybe it was just an attempt?

Any way to block the ip?

The offenders: http://who.is/whois-ip/ip-address/117.21.173.4

nayr · Mar 21, 2016

why is your blueiris server exposed to the internet? what else do you expect when you do this?

open any port to the internet and someone will probe it within a few hours, and then someone else will later.. and sooner or later it will be hammered until the next one comes and repeats it.

VPN, use it.. you'd freak out if you knew how many times a day someone tries to hack your home network.. its basically non-stop.

JMartin · Mar 21, 2016

You know... I've got an oddball attempt to login to my Blue Iris also, a week ago or so (someone from San Diego). But what I find most interesting is that when I go the page in BI that shows this, I cannot "clear" this entry.
All of my login attempts are logged, and if I hit "clear" they go away... but this San Diego IP stays listed (same original time stamp).

Thoughts anyone?

Jim

[Bookmarks a few VPN YouTube videos to watch later tonight and learn a bit about doing it right].

hotbrass · Mar 21, 2016

nayr said:
why is your blueiris server exposed to the internet? what else do you expect when you do this?

open any port to the internet and someone will probe it within a few hours, and then someone else will later.. and sooner or later it will be hammered until the next one comes and repeats it.

VPN, use it.. you'd freak out if you knew how many times a day someone tries to hack your home network.. its basically non-stop.

THats a great idea. How do I go about doing that? What is the easiest and least cost way, preferably free?

nayr · Mar 21, 2016

first make sure your router does not already have a VPN Server avilable and ready to configure, many modern ones will.. if not see if you can install DD-WRT, it comes with VPN Server.

else you can configure your BI Server to run a VPN Server and only let the VPN Server allow incoming connections.. OpenVPN seems to be easy for people.

105437 · Mar 21, 2016

nayr said:
first make sure your router does not already have a VPN Server avilable and ready to configure, many modern ones will.. if not see if you can install DD-WRT, it comes with VPN Server.

else you can configure your BI Server to run a VPN Server and only let the VPN Server allow incoming connections.. OpenVPN seems to be easy for people.

I run dd-WRT and have OpenVPN configured on the router. I use the Private Internet Access VPN and it works alright except I get several sites that block the IPs that PIA uses and I also get many sites that use Captchas instead of just blocking.

I also found that I had to use Policy Based Routing to exclude the BI Server IP because if I didn't I couldn't connect from a WAN connection which is probably due to my limited networking skills etc.

nayr · Mar 21, 2016

just put vpn clients on your phone to connect to the vpn server on dd-wrt.. private internet is just site to site vpn to hide your location, you want standard remote access, client to server vpn for your phones/laptops/etc.

105437 · Mar 21, 2016

nayr said:
just put vpn clients on your phone to connect to the vpn server on dd-wrt.. private internet is just site to site vpn to hide your location, you want standard remote access, client to server vpn for your phones/laptops/etc.

Thanks for the info! Can you suggest a few VPN client apps for iOS?

hotbrass · Mar 21, 2016

I have ddwrt on my modem. I will look into it. Thanks!

nayr · Mar 21, 2016

they are built in, you dont need any apps.

https://support.apple.com/en-us/HT201550

Zorac · Mar 22, 2016

another options, if your ip on you mobile device is static or in a certain range, you could filter connections (in your router) so that only those certain ip ranges can connect to that specific port. also use a non standard port. not as secure as a vpn, but better than nothing (and easier)

nayr · Mar 22, 2016

I disagree entirely, if you have VPN built into your router like these guys do.. setting it up is easier than forwarding ports.

and non specific ports dont protect anything, I can scan every single of the 65k ports in a few mins and detect any HTTP services on any of em easy as pie.

filtering out hosts wont work if you want to use any old wifi, hotel access, or remote connection you can get your hands on.

VPN is the only way to remotely access cameras, or any IoT device.. if you cant bother to set it up.. dont bother to remotely access them.

ruppmeister · Mar 22, 2016

@nayr - I know all the benefits of using a VPN by now, as well as majority of the dangers to opening up ports to allow remote access. But recently I have installed other server functions (plex media server) that I want to open up and allow access to outside my network. I have read the problems of trying to access Plex over VPN and have been looking at other "safer" alternatives to just opening up the ports needed blindly. I ran across nginx as a reverse proxy and want to know if this reduces the risk of port scanning to my network since all traffic would be passing through either port 80 or 443, both of which are open for normal traffic anyhow. Can we safely place a reverse proxy in front of service from Blue Iris and such and not have to establish the VPN for remote access? What are your thoughts on this?

bp2008 · Mar 22, 2016

ruppmeister said:
@nayr - I know all the benefits of using a VPN by now, as well as majority of the dangers to opening up ports to allow remote access. But recently I have installed other server functions (plex media server) that I want to open up and allow access to outside my network. I have read the problems of trying to access Plex over VPN and have been looking at other "safer" alternatives to just opening up the ports needed blindly. I ran across nginx as a reverse proxy and want to know if this reduces the risk of port scanning to my network since all traffic would be passing through either port 80 or 443, both of which are open for normal traffic anyhow. Can we safely place a reverse proxy in front of service from Blue Iris and such and not have to establish the VPN for remote access? What are your thoughts on this?

There is a misconception here about port 80 and 443 both being "open for normal traffic anyhow". You are probably thinking of outgoing connections. When you connect to a web server on port 80 or 443, your router's NAT assigns a random port (likely in the 50000-65535 range) for the reply to come back. Ports 80 and 443 are not open for incoming connections unless you specifically open them and forward them to some IP address on your LAN.

A reverse proxy does not reduce the risk of being scanned. Plex over VPN can work just fine; most information you read online about problems with Plex and a VPN involve your router or PC acting as the VPN client, not the VPN server.

ruppmeister · Mar 22, 2016

bp2008 said:
There is a misconception here about port 80 and 443 both being "open for normal traffic anyhow". You are probably thinking of outgoing connections. When you connect to a web server on port 80 or 443, your router's NAT assigns a random port (likely in the 50000-65535 range) for the reply to come back. Ports 80 and 443 are not open for incoming connections unless you specifically open them and forward them to some IP address on your LAN.

A reverse proxy does not reduce the risk of being scanned. Plex over VPN can work just fine; most information you read online about problems with Plex and a VPN involve your router or PC acting as the VPN client, not the VPN server.

Thanks for the reply, @bp2008. I think what I was reading about Plex and VPN problems stem from the overhead that is present in bandwidth when using a VPN. It already costs quite a bit of outbound bandwidth to stream media content so when you place the bottleneck of a VPN over that, then you get choppy and laggy playback. Another difficulty with VPN for Plex at least is how to get my kids easy access using VPN. They use iphone, tablets, and web interface to get to Plex content currently. I can't image a good solution for them to stream content from Plex to be jumping through a VPN every time they want to stream.

I know this is more of a Plex issue than Blue Iris, but since I was already looking into going through the trouble of setting up reverse proxy for Plex, I wanted to know the security implications of putting BI behind the reverse proxy also. So is reverse proxy any safer than just opening up ports, or am I going to find other security problems with this setup?

Rockford622 · Mar 22, 2016

ruppmeister said:
@nayr - I know all the benefits of using a VPN by now, as well as majority of the dangers to opening up ports to allow remote access. But recently I have installed other server functions (plex media server) that I want to open up and allow access to outside my network. I have read the problems of trying to access Plex over VPN and have been looking at other "safer" alternatives to just opening up the ports needed blindly. I ran across nginx as a reverse proxy and want to know if this reduces the risk of port scanning to my network since all traffic would be passing through either port 80 or 443, both of which are open for normal traffic anyhow. Can we safely place a reverse proxy in front of service from Blue Iris and such and not have to establish the VPN for remote access? What are your thoughts on this?

If you want to access your Plex server from outside your home network, all you have to do is sign up for a free account. Then once you login to www.plex.tv and your server is configured to connect to the main Plex server, you should be able to see all of your content.

I believe this would be the safest way.

Rockford622 · Mar 22, 2016

ruppmeister said:
Thanks for the reply, @bp2008. I think what I was reading about Plex and VPN problems stem from the overhead that is present in bandwidth when using a VPN. It already costs quite a bit of outbound bandwidth to stream media content so when you place the bottleneck of a VPN over that, then you get choppy and laggy playback. Another difficulty with VPN for Plex at least is how to get my kids easy access using VPN. They use iphone, tablets, and web interface to get to Plex content currently. I can't image a good solution for them to stream content from Plex to be jumping through a VPN every time they want to stream.

I know you didn't see my message yet (posted at the same time), but this issue will be solved by logging your kids devices into your Plex account. No VPN needed.

ruppmeister · Mar 22, 2016

Rockford622 said:
I know you didn't see my message yet (posted at the same time), but this issue will be solved by logging your kids devices into your Plex account. No VPN needed.

Maybe I have a setting in my server that prevents this, but with my configuration currently, I cannot access Plex without opening up port 32400. Perhaps you didn't know it, but UPnP may have got you good and opened it up on your behalf when you setup Plex (assuming you do have Plex). My remote devices will not connect to my Plex server without the open port though. Plex is doing the reverse proxy on your behalf when you are using the Plex account is what I think is going on.

Rockford622 · Mar 22, 2016

ruppmeister said:
Maybe I have a setting in my server that prevents this, but with my configuration currently, I cannot access Plex without opening up port 32400. Perhaps you didn't know it, but UPnP may have got you good and opened it up on your behalf when you setup Plex (assuming you do have Plex). My remote devices will not connect to my Plex server without the open port though. Plex is doing the reverse proxy on your behalf when you are using the Plex account is what I think is going on.

Yes, I do have Plex.

The way that it's supposed to work is your Plex server connects to the main Plex site with your account credentials. Then, you go to www.plex.tv and login there. The system will see that your home server is connected to the main Plex system (which you just logged into) and will direct you into your system through that connection. There should not be a need to open up port 32400 to the Internet.

nayr · Mar 22, 2016

Lets see, plex contains movies and tv shows.. opening it up to the internet is not a big deal.. mine is open, just like my PS4.. hack either and you wont get anything I give a shit about, well.. I might pay you if you hack my PS4 but digress.

my cameras on the other hand? no fucking way.. vpn only way to reach em

if my sisters PS4 and mom's android TV could vpn into my plex server i'd probably VPN it too.. I have the bandwidth and power.. but I also host the family DVR.

Search

China tried to login

hotbrass

Young grasshopper

nayr

JMartin

Getting the hang of it

hotbrass

Young grasshopper

nayr

105437

BIT Beta Team

nayr

105437

BIT Beta Team

hotbrass

Young grasshopper

nayr

Zorac

Getting the hang of it

nayr

ruppmeister

Getting the hang of it

bp2008

ruppmeister

Getting the hang of it

Rockford622

Getting the hang of it

Rockford622

Getting the hang of it

ruppmeister

Getting the hang of it

Rockford622

Getting the hang of it

nayr