Add some security features

Got an idea? Missing something? Post your feature request here.

Moderator: moderators

Add some security features

Postby toolman » Thu Oct 13, 2016 2:52 pm

Lately I experience a lot of scriptkiddies trying to gain acces to my Subsonic-server.
Quite annoying, but they can't do much harm. However it would be great if Subsonic had some features to make it more difficult to gain acces.
1. I think that being able to disable or remove the user "admin" would be nice.
At this time you can't even edit the priviliges of that account. You can deny the admin-account access to your music-folders, but if someone would be able to log in as admin that can be altered to full acces on all folders. ( I now have given the admin-account a password of 150 characters, which should be relatively safe, but I'd rather have no user "admin".)
2. A lock-out feature.
If someone fails to log in, in their 3th attempt they get locked out for an hour or so.
3. Ip-ban.
The possibility to block ip-addresses from logging in to Subsonic completely.
4. It would also be nice if all logins were recorded in the logfiles and not just only the failed logins.
toolman
 
Posts: 537
Joined: Fri Dec 11, 2009 4:18 pm
Location: Netherlands

Re: Add some security features

Postby ericvonnine » Mon Nov 21, 2016 6:58 pm

2 and 3 can be covered by fail2ban until the Subsonic maintainer, or someone else, decides to add it.
ericvonnine
 
Posts: 16
Joined: Wed Jan 28, 2015 5:59 pm

Re: Add some security features

Postby toolman » Mon Nov 21, 2016 11:03 pm

Thanks for your suggestion. Since I'm running Subsonic on Windows server I just block complete ip-ranges in my firewall whenever there are attempts to log in to my server originating from China.
But I would feel much safer if Subsonic would have a ( configurable) lock-out function.
I'm thinking of a function where you could set : if ip-address so and so failed to log in 3 times I want that adress to be blocked for XXXXX hours.
I will study Fail2ban, but as far as I've read it's not for Windows.
toolman
 
Posts: 537
Joined: Fri Dec 11, 2009 4:18 pm
Location: Netherlands

Re: Add some security features

Postby ericvonnine » Tue Nov 29, 2016 2:07 pm

You are correct, it is a *nix tool.
ericvonnine
 
Posts: 16
Joined: Wed Jan 28, 2015 5:59 pm


Return to Feature Requests

Who is online

Users browsing this forum: No registered users and 9 guests