Kedi wrote: ↑Wednesday 14 August 2024 14:19
janpep wrote: ↑Tuesday 13 August 2024 17:25
I have installed the geoip in my test environment and tested via VPN from abroad
I think that a hacker that uses his/her own 'home' IP-address is stupid an not capable of hacking an other system.
Are you using DMZ or portforwarding?
1. At my websites I saw frequently connections to e.g.
https://domain.com/?author=1 from one IP address, directly followed with
https://domain.com/?author=2 from another IP address and so on. Must be the same guy
. So apparently it is possible to spoof IP addresses, or work from multiple (hacked?) locations.
So you may be able to work around blocked country or Fail2ban, but all together I think the measures reduce the chance of trouble.
2. To do a quick test from another country, I created a VPN connection to a friend abroad and accessed my system from that route. So it looked as if I connected from another country and I could see whether or not I was blocked when I replaced the iptables rule for the configured source-counties.
3. My setup is now as follows:
- Domoticz and Zwave-js-ui are running with my custom portnumbers under Ubuntu virtual machine on my Synology.
- Domain SSL certificate installed for both applications.
- Portforwarding for these ports from my router for ipv4 and ipv6.
- Strict firewall rules in iptables are set for ipv4 and ipv6.
- Now completed with the additional installation of geoip on the virtual machine. Not difficult to set up.
- Remaining ports allowed only from home country, which rule is automatically replaced when my 'Vakantiemode' goes ON or OFF.
- Fail2ban is running on the virtual machine to monitor the failed login attempt and sends me a notification when a ban is activated.
- When you pass this, you still have to try and guess the very strong passwords.
- When you pass this, you still need to have the 2FA.
- Additionally: When you are denied by Domoticz with false login attempts, my already existing script on the Synology sees the log and adds your IP address to the blockinglist (included in apache) for my websites, to prevent further visits from you. Same when you do an illegal action on my website. And in addition to extensive rules in .htaccess my home made wordpress plug-in blocks you when you are known in the
abuseIPDB. Logging in to the websites (for maintanance) is only possible from the IP address that I transmit from my notebook or telephone and that is processed via a script.
- The Synology itself also has its own firewall, geoIP, auto blocking and 2FA.
I guess for a private system this seems like a pretty good start to security.
- When I am away from home, for other more risky activities like SSH or VNC, I first make a VPN connection to my home. These connections are also monitored and can be seen (from which device the connection is made) in Domoticz when they are online and give me a notification.
Domoticz in Ubuntu virtual machine on Synology DS718+ behind FRITZ!Box.
Using: EvoHome; MELCloud; P1 meter; Z-Stick GEN5; Z-Wave-js-ui; MQTT; Greenwave powernodes 1+6; Fibaro switch, plugs, smoke; FRITZ!DECT 200. Scripts listed in profile interests.