What's new

Is there a way to block certain ip from WAN?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

chchia

Occasional Visitor
https://imgur.com/a/4HGBM

4HGBM


above is the link to picture, sorry i dont know how to embed it here.

hi guys, good day.

i have this problem, every few days, some one will attend to login my router from WAN.

i can change the ip, change the ssh port, but few days later, some one with different address will try to log in again. this time this ip address show from Jakarta Indonesia.

is there a way to set in the Merlin firmware, to make it auto ban the ip for few days, after it failed authentication for few times?

longin failed > 5 times;
ban ip address = 3 days;
end;
 
Disable WAN GUI access and set up a VPN so you can get in


Sent from my iPhone using Tapatalk
 
Disable WAN GUI access and set up a VPN so you can get in


Sent from my iPhone using Tapatalk

is not about web ui, but ssh login attempt.

i dont feel like to disable ssh access, in case vpn is not working at least i still have chance to open by ssh and reboot the router.
 
Changing the port number for SSH will significantly reduce the number of login attempts.

I believe that the Skynet script will automatically ban login attempts, although I've never used it myself.

But as JDB alluded to, it's best not to expose HTTP and SSH to the internet as these are by far the most frequently attacked.
 
Reference document is here.
https://github.com/RMerl/asuswrt-merlin/wiki/Sending-Email

I changed it to SSH port.
I think someone can make this scripts more elegant.
Set cru and make running this script automatically everyday.
Then your SSH port will be changed randomly.

#!/bin/sh

killall dropbear
sleep 2
nvram set sshd_port=$(awk 'BEGIN{srand();print int(rand()*(63000-2000))+2000 }')
dropbear -p $(nvram get sshd_port) -j -k

FROM="your-gmail-address"
AUTH="your-gmail-username"
PASS="your-gmail-password"
FROMNAME="Your Router"
TO="your-email-address"

ntpclient -h pool.ntp.org -s &> /dev/null
sleep 5

echo "Subject: SSH Port state notification" >/tmp/mail.txt
echo "From: \\"$FROMNAME\\"<$FROM>" >>/tmp/mail.txt
echo "Date: `date -R`" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "My SSH Port is: `nvram get sshd_port`" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "---- " >>/tmp/mail.txt
echo "Your friendly router." >>/tmp/mail.txt
echo "" >>/tmp/mail.txt

cat /tmp/mail.txt | sendmail -H"exec openssl s_client -quiet \
-CAfile /jffs/configs/Equifax_Secure_Certificate_Authority.pem \
-connect smtp.gmail.com:587 -tls1 -starttls smtp" \
-f"$FROM" \
-au"$AUTH" -ap"$PASS" $TO

rm /tmp/mail.txt
 
Changing the port number for SSH will significantly reduce the number of login attempts.

I believe that the Skynet script will automatically ban login attempts, although I've never used it myself.

But as JDB alluded to, it's best not to expose HTTP and SSH to the internet as these are by far the most frequently attacked.

thanks for sharing this nice tools, i will try if it will auto ban unsuccessful login attempt.
 
You didn't tell us which router you use.
Depending on the model some scripts will not work.

Check the wiki to see what will run on your router.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top