Is there a way to block certain ip from WAN?

[chchia]

https://imgur.com/a/4HGBM

above is the link to picture, sorry i dont know how to embed it here.

hi guys, good day.

i have this problem, every few days, some one will attend to login my router from WAN.

i can change the ip, change the ssh port, but few days later, some one with different address will try to log in again. this time this ip address show from Jakarta Indonesia.

is there a way to set in the Merlin firmware, to make it auto ban the ip for few days, after it failed authentication for few times?

longin failed > 5 times;
ban ip address = 3 days;
end;

 

[JDB]

Disable WAN GUI access and set up a VPN so you can get in


Sent from my iPhone using Tapatalk

 

[chchia]

Disable WAN GUI access and set up a VPN so you can get in


Sent from my iPhone using Tapatalk

is not about web ui, but ssh login attempt.

i dont feel like to disable ssh access, in case vpn is not working at least i still have chance to open by ssh and reboot the router.

 

[ColinTaylor]

Changing the port number for SSH will significantly reduce the number of login attempts.

I believe that the Skynet script will automatically ban login attempts, although I've never used it myself.

But as JDB alluded to, it's best not to expose HTTP and SSH to the internet as these are by far the most frequently attacked.

 

[Odkrys]

Reference document is here.
https://github.com/RMerl/asuswrt-merlin/wiki/Sending-Email

I changed it to SSH port.
I think someone can make this scripts more elegant.
Set cru and make running this script automatically everyday.
Then your SSH port will be changed randomly.

#!/bin/sh

killall dropbear
sleep 2
nvram set sshd_port=$(awk 'BEGIN{srand();print int(rand()*(63000-2000))+2000 }')
dropbear -p $(nvram get sshd_port) -j -k

FROM="your-gmail-address"
AUTH="your-gmail-username"
PASS="your-gmail-password"
FROMNAME="Your Router"
TO="your-email-address"

ntpclient -h pool.ntp.org -s &> /dev/null
sleep 5

echo "Subject: SSH Port state notification" >/tmp/mail.txt
echo "From: \\"$FROMNAME\\"<$FROM>" >>/tmp/mail.txt
echo "Date: `date -R`" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "My SSH Port is: `nvram get sshd_port`" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "---- " >>/tmp/mail.txt
echo "Your friendly router." >>/tmp/mail.txt
echo "" >>/tmp/mail.txt

cat /tmp/mail.txt | sendmail -H"exec openssl s_client -quiet \
-CAfile /jffs/configs/Equifax_Secure_Certificate_Authority.pem \
-connect smtp.gmail.com:587 -tls1 -starttls smtp" \
-f"$FROM" \
-au"$AUTH" -ap"$PASS" $TO

rm /tmp/mail.txt

 

[chchia]

Changing the port number for SSH will significantly reduce the number of login attempts.

I believe that the Skynet script will automatically ban login attempts, although I've never used it myself.

But as JDB alluded to, it's best not to expose HTTP and SSH to the internet as these are by far the most frequently attacked.

thanks for sharing this nice tools, i will try if it will auto ban unsuccessful login attempt.

 

[Builder71]

You didn't tell us which router you use.
Depending on the model some scripts will not work.

Check the wiki to see what will run on your router.

 

[chchia]

You didn't tell us which router you use.
Depending on the model some scripts will not work.

Check the wiki to see what will run on your router.

R7000 with ipset 6.

 

[Jack Yaz]

R7000 with ipset 6.

Unsupported. Ask xvortex forums for help.