China tried to login

why is your blueiris server exposed to the internet? what else do you expect when you do this?

open any port to the internet and someone will probe it within a few hours, and then someone else will later.. and sooner or later it will be hammered until the next one comes and repeats it.

VPN, use it.. you'd freak out if you knew how many times a day someone tries to hack your home network.. its basically non-stop.
 
You know... I've got an oddball attempt to login to my Blue Iris also, a week ago or so (someone from San Diego). But what I find most interesting is that when I go the page in BI that shows this, I cannot "clear" this entry.
All of my login attempts are logged, and if I hit "clear" they go away... but this San Diego IP stays listed (same original time stamp).

Thoughts anyone?

Jim

[Bookmarks a few VPN YouTube videos to watch later tonight and learn a bit about doing it right].
 
Last edited by a moderator:
nayr said:
why is your blueiris server exposed to the internet? what else do you expect when you do this?

open any port to the internet and someone will probe it within a few hours, and then someone else will later.. and sooner or later it will be hammered until the next one comes and repeats it.

VPN, use it.. you'd freak out if you knew how many times a day someone tries to hack your home network.. its basically non-stop.
Click to expand...

THats a great idea. How do I go about doing that? What is the easiest and least cost way, preferably free?
 
first make sure your router does not already have a VPN Server avilable and ready to configure, many modern ones will.. if not see if you can install DD-WRT, it comes with VPN Server.

else you can configure your BI Server to run a VPN Server and only let the VPN Server allow incoming connections.. OpenVPN seems to be easy for people.
 
nayr said:
first make sure your router does not already have a VPN Server avilable and ready to configure, many modern ones will.. if not see if you can install DD-WRT, it comes with VPN Server.

else you can configure your BI Server to run a VPN Server and only let the VPN Server allow incoming connections.. OpenVPN seems to be easy for people.
Click to expand...

I run dd-WRT and have OpenVPN configured on the router. I use the Private Internet Access VPN and it works alright except I get several sites that block the IPs that PIA uses and I also get many sites that use Captchas instead of just blocking.

I also found that I had to use Policy Based Routing to exclude the BI Server IP because if I didn't I couldn't connect from a WAN connection which is probably due to my limited networking skills etc.
 
just put vpn clients on your phone to connect to the vpn server on dd-wrt.. private internet is just site to site vpn to hide your location, you want standard remote access, client to server vpn for your phones/laptops/etc.
 
nayr said:
just put vpn clients on your phone to connect to the vpn server on dd-wrt.. private internet is just site to site vpn to hide your location, you want standard remote access, client to server vpn for your phones/laptops/etc.
Click to expand...

Thanks for the info! Can you suggest a few VPN client apps for iOS?
 
Last edited by a moderator:
another options, if your ip on you mobile device is static or in a certain range, you could filter connections (in your router) so that only those certain ip ranges can connect to that specific port. also use a non standard port. not as secure as a vpn, but better than nothing (and easier)
 
I disagree entirely, if you have VPN built into your router like these guys do.. setting it up is easier than forwarding ports.

and non specific ports dont protect anything, I can scan every single of the 65k ports in a few mins and detect any HTTP services on any of em easy as pie.

filtering out hosts wont work if you want to use any old wifi, hotel access, or remote connection you can get your hands on.

VPN is the only way to remotely access cameras, or any IoT device.. if you cant bother to set it up.. dont bother to remotely access them.
 
@nayr - I know all the benefits of using a VPN by now, as well as majority of the dangers to opening up ports to allow remote access. But recently I have installed other server functions (plex media server) that I want to open up and allow access to outside my network. I have read the problems of trying to access Plex over VPN and have been looking at other "safer" alternatives to just opening up the ports needed blindly. I ran across nginx as a reverse proxy and want to know if this reduces the risk of port scanning to my network since all traffic would be passing through either port 80 or 443, both of which are open for normal traffic anyhow. Can we safely place a reverse proxy in front of service from Blue Iris and such and not have to establish the VPN for remote access? What are your thoughts on this?
 
Last edited by a moderator:
ruppmeister said:
@nayr - I know all the benefits of using a VPN by now, as well as majority of the dangers to opening up ports to allow remote access. But recently I have installed other server functions (plex media server) that I want to open up and allow access to outside my network. I have read the problems of trying to access Plex over VPN and have been looking at other "safer" alternatives to just opening up the ports needed blindly. I ran across nginx as a reverse proxy and want to know if this reduces the risk of port scanning to my network since all traffic would be passing through either port 80 or 443, both of which are open for normal traffic anyhow. Can we safely place a reverse proxy in front of service from Blue Iris and such and not have to establish the VPN for remote access? What are your thoughts on this?
Click to expand...

There is a misconception here about port 80 and 443 both being "open for normal traffic anyhow". You are probably thinking of outgoing connections. When you connect to a web server on port 80 or 443, your router's NAT assigns a random port (likely in the 50000-65535 range) for the reply to come back. Ports 80 and 443 are not open for incoming connections unless you specifically open them and forward them to some IP address on your LAN.

A reverse proxy does not reduce the risk of being scanned. Plex over VPN can work just fine; most information you read online about problems with Plex and a VPN involve your router or PC acting as the VPN client, not the VPN server.
 
Last edited by a moderator:
bp2008 said:
There is a misconception here about port 80 and 443 both being "open for normal traffic anyhow". You are probably thinking of outgoing connections. When you connect to a web server on port 80 or 443, your router's NAT assigns a random port (likely in the 50000-65535 range) for the reply to come back. Ports 80 and 443 are not open for incoming connections unless you specifically open them and forward them to some IP address on your LAN.

A reverse proxy does not reduce the risk of being scanned. Plex over VPN can work just fine; most information you read online about problems with Plex and a VPN involve your router or PC acting as the VPN client, not the VPN server.
Click to expand...

Thanks for the reply, @bp2008. I think what I was reading about Plex and VPN problems stem from the overhead that is present in bandwidth when using a VPN. It already costs quite a bit of outbound bandwidth to stream media content so when you place the bottleneck of a VPN over that, then you get choppy and laggy playback. Another difficulty with VPN for Plex at least is how to get my kids easy access using VPN. They use iphone, tablets, and web interface to get to Plex content currently. I can't image a good solution for them to stream content from Plex to be jumping through a VPN every time they want to stream.

I know this is more of a Plex issue than Blue Iris, but since I was already looking into going through the trouble of setting up reverse proxy for Plex, I wanted to know the security implications of putting BI behind the reverse proxy also. So is reverse proxy any safer than just opening up ports, or am I going to find other security problems with this setup?
 
Last edited by a moderator:
ruppmeister said:
@nayr - I know all the benefits of using a VPN by now, as well as majority of the dangers to opening up ports to allow remote access. But recently I have installed other server functions (plex media server) that I want to open up and allow access to outside my network. I have read the problems of trying to access Plex over VPN and have been looking at other "safer" alternatives to just opening up the ports needed blindly. I ran across nginx as a reverse proxy and want to know if this reduces the risk of port scanning to my network since all traffic would be passing through either port 80 or 443, both of which are open for normal traffic anyhow. Can we safely place a reverse proxy in front of service from Blue Iris and such and not have to establish the VPN for remote access? What are your thoughts on this?
Click to expand...

If you want to access your Plex server from outside your home network, all you have to do is sign up for a free account. Then once you login to www.plex.tv and your server is configured to connect to the main Plex server, you should be able to see all of your content.

I believe this would be the safest way.
 
ruppmeister said:
Thanks for the reply, @bp2008. I think what I was reading about Plex and VPN problems stem from the overhead that is present in bandwidth when using a VPN. It already costs quite a bit of outbound bandwidth to stream media content so when you place the bottleneck of a VPN over that, then you get choppy and laggy playback. Another difficulty with VPN for Plex at least is how to get my kids easy access using VPN. They use iphone, tablets, and web interface to get to Plex content currently. I can't image a good solution for them to stream content from Plex to be jumping through a VPN every time they want to stream.
Click to expand...

I know you didn't see my message yet (posted at the same time), but this issue will be solved by logging your kids devices into your Plex account. No VPN needed.
 
Rockford622 said:
I know you didn't see my message yet (posted at the same time), but this issue will be solved by logging your kids devices into your Plex account. No VPN needed.
Click to expand...

Maybe I have a setting in my server that prevents this, but with my configuration currently, I cannot access Plex without opening up port 32400. Perhaps you didn't know it, but UPnP may have got you good and opened it up on your behalf when you setup Plex (assuming you do have Plex). My remote devices will not connect to my Plex server without the open port though. Plex is doing the reverse proxy on your behalf when you are using the Plex account is what I think is going on.
 
ruppmeister said:
Maybe I have a setting in my server that prevents this, but with my configuration currently, I cannot access Plex without opening up port 32400. Perhaps you didn't know it, but UPnP may have got you good and opened it up on your behalf when you setup Plex (assuming you do have Plex). My remote devices will not connect to my Plex server without the open port though. Plex is doing the reverse proxy on your behalf when you are using the Plex account is what I think is going on.
Click to expand...

Yes, I do have Plex.

The way that it's supposed to work is your Plex server connects to the main Plex site with your account credentials. Then, you go to www.plex.tv and login there. The system will see that your home server is connected to the main Plex system (which you just logged into) and will direct you into your system through that connection. There should not be a need to open up port 32400 to the Internet.
 
Lets see, plex contains movies and tv shows.. opening it up to the internet is not a big deal.. mine is open, just like my PS4.. hack either and you wont get anything I give a shit about, well.. I might pay you if you hack my PS4 but digress.

my cameras on the other hand? no fucking way.. vpn only way to reach em

if my sisters PS4 and mom's android TV could vpn into my plex server i'd probably VPN it too.. I have the bandwidth and power.. but I also host the family DVR.
 
You must log in or register to reply here.
Top Bottom