Abandon Domoticz login screen based on country

Post Reply
zicht
Posts: 210
Joined: Sunday 11 May 2014 11:09
Target OS: Windows
Domoticz version: 3.8xxx
Location: NL
Contact:

Abandon Domoticz login screen based on country

Post by zicht » Tuesday 16 May 2017 15:35

Hi

Important edit :
-- DO NOT USE THE BELOW CODE on Login.HTML -->> IT CREATES A SECURITY RISK !!! --
(better use similar in index.html, tested and no security risk so far discovered)

I suffer from some annoying people and bots that try to login to domoticz from all over the world. Mostly Azia, America, Africa)
Luckey they did not succeed and i have set up allready a VPN service to avoid it

Never the less i was thinking of a nice "improvement"/adjustment to avoid this and i wanted to share for anyone that can benefit from it.
The code i have implemented in login.html just after </style> :

Code: Select all

<script>
function mijnding(){
<!-- Detect local or not -->
	$.get("https://ipinfo.io", function(response) {
	console.log(response.ip);
	document.getElementById("IP").innerHTML = response.ip;
	document.getElementById("Country").innerHTML = response.country;
	if (response.country != 'NL' ) {$(location).attr('href', 'http://hmpg.net/') }
	}, "jsonp");
}
mijnding()
</script>
And after the last</Div>

Code: Select all

<center>
<Div id="IP" style="font-size:70%"></Div>
<Div id="Country" style="font-size:70%"></Div>
</center>
So now all outside of NL are redirected to the end of internet :) Whoehoe :P

(edit : corrected typo)
Last edited by zicht on Saturday 24 June 2017 21:44, edited 1 time in total.
Rpi & Win x64. Using : cam's,Nest,RFXCom,Kaku,LaCrosse,RFY,IsAlive,Dummy,Wether Underground, standard Lua, Curl on windows,Domoticz Android App & Tasker,

"The only source of knowledge is experience (A.Einstein)"

User avatar
Egregius
Posts: 2715
Joined: Thursday 09 April 2015 12:19
Target OS: Linux
Domoticz version: Beta
Location: Beitem, BE
Contact:

Re: Abandon Domoticz login screen based on country

Post by Egregius » Tuesday 16 May 2017 15:59

Why not just run fail2ban and ban any ip that does a failed login attempt? 1 fail = 10 minutes blocked, 2 fails = 1 week blocked.

zicht
Posts: 210
Joined: Sunday 11 May 2014 11:09
Target OS: Windows
Domoticz version: 3.8xxx
Location: NL
Contact:

Re: Abandon Domoticz login screen based on country

Post by zicht » Tuesday 16 May 2017 21:15

If you tell me how to run fail2ban on windows ?

(could not get the rPi family proof unfortunately,
and had allready a windows laptop running 24/7, so combined it,
yeah i know I am lazy :P)
Rpi & Win x64. Using : cam's,Nest,RFXCom,Kaku,LaCrosse,RFY,IsAlive,Dummy,Wether Underground, standard Lua, Curl on windows,Domoticz Android App & Tasker,

"The only source of knowledge is experience (A.Einstein)"

User avatar
Egregius
Posts: 2715
Joined: Thursday 09 April 2015 12:19
Target OS: Linux
Domoticz version: Beta
Location: Beitem, BE
Contact:

Re: Abandon Domoticz login screen based on country

Post by Egregius » Tuesday 16 May 2017 23:00

Oh, in that case...
Maybe use scopes in your firewall so only subnets from The Netherlands have access?

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest