• Login
  • Register
    • Login Register
    Login
    Username/Email:
    Password:
    Or login with a social network below
  • Forum
  • Website
  • GitHub
  • Status
  • Translation
  • Features
  • Team
  • Rules
  • Help
  • Feeds
User Links
  • Login
  • Register
    • Login Register
    Login
    Username/Email:
    Password:
    Or login with a social network below

    Useful Links Forum Website GitHub Status Translation Features Team Rules Help Feeds
    Jellyfin Forum Support General Questions Router Blocking Suspicious Connection

     
    • 0 Vote(s) - 0 Average

    Router Blocking Suspicious Connection

    Duvel
    Offline

    Member
    Posts: 85
    Threads: 9
    Joined: 2023 Jul
    Reputation: 5
    Country:Belgium
    #5
    Yesterday, 09:10 AM (This post was last modified: Yesterday, 12:32 PM by Duvel. Edited 12 times in total.)
    (Yesterday, 04:43 AM)Tcon Wrote: I'm kinda new to all this stuff. I followed the instructions in this YouTube video (https://www.youtube.com/watch?v=AEyhpuWeiTk&t=1182s), but basically, I installed Caddy and used Duck DNS to host it. If I remember correctly, I opened ports 443, 80, and 2019. The router forwards the packets directly to these ports on my server. I can't see, or don't know how to see, the ports the mysterious visitor is trying to access. One of the IP addresses was 194.0.234.12. Thanks for the help!

    So this is a malicious bot 100%

    https://app.crowdsec.net/cti/194.0.234.12

    If you cant open link, check my 2 images attached to see how nice it is :-)

    How does it works: It targets domain names or IP addresses from a list or a sequence, and it scans specific ports or all possible ports, and tries to brute force login pages and/or exploit known vunerabilities and/or exploit misconfigured things for direct injection of malware or later exploitation by a human or another bot. That's why it is important to regularly update your systems to patch security flaws.

    But as I said previously, this is normal stuff happening 24/7 to everyone, so dont panic.

    For everything it tries that is not on ports 443,80 and 2019, you are covered by your router's firewall. 
    For 80,443 that are landing on your reverse proxy, you have no protection on your router and rely on end-app security, Jellyfin is quite secure so its OK. But If you want to better secure that part, installing a Crowdsec bouncer on Caddy would be a good idea. However its hard if you dont know anything. Learning curve is high.

    A minimum is to at least use on the Jellyfin machine a security component that detect and block brute force login attempts on your jellyfin, like Fail2Ban that reads your logs in real-time to detect denied login attempts, and block the offender IP on your machine (IPtables) after a certain threshold.

    I dont know what you do with port 2019 so I cant provide guidance for that one (maybe its related to duckdns, I dont use it so I dont know and I havent watched your video)

    To summarize....When you open your server's to the world, you are exposed and you have to learn what the dangers are, and even better to implement some security components. Hopefully there are plenty of good tutorials on the net Winking-face


    Attached Files Thumbnail(s)
           
    « Next Oldest | Next Newest »

    Users browsing this thread: 1 Guest(s)


    Messages In This Thread
    Router Blocking Suspicious Connection - by Tcon - 2025-11-25, 03:51 AM
    RE: Router Blocking Suspicious Connection - by T-10 - 2025-11-25, 02:53 PM
    RE: Router Blocking Suspicious Connection - by Duvel - 2025-11-25, 11:49 PM
    RE: Router Blocking Suspicious Connection - by Tcon - Yesterday, 04:43 AM
    RE: Router Blocking Suspicious Connection - by Duvel - Yesterday, 09:10 AM

    • View a Printable Version
    • Subscribe to this thread
    Forum Jump:

    Home · Team · Help · Contact
    © Designed by D&D - Powered by MyBB
    L


    Jellyfin

    The Free Software Media System

    Linear Mode
    Threaded Mode