In the past, I had a broadband connection with a public IP, and my router was frequently targeted by IP scanning attempts, with persistent attempts to guess my password. It was quite annoying to see a long list of failed login attempts in the logs. Although there were no important devices connected to the router and it had never been compromised, it was still frustrating to watch. I had previously found online that there are scripts available to automatically blacklist IPs, but I didn’t delve deeper due to the complicated deployment. Recently, while installing plugins on other routers, I discovered that the WeChatPush plugin, which is used to send device status updates, has a feature to blacklist IPs. I promptly installed it on my troubled old router.
My routers run on the OpenWRT system. Generally, disabling password login for SSH and using key-based login can significantly enhance security. In most cases, public IPs in China have port 80 blocked, so there isn’t much that can be accessed via the web interface from a public IP.
Installing plugins on the OpenWRT system is quite simple; you can easily install them using the built-in package manager. Under “System – Software”, first click “Refresh List” and then search for the package name in the filter to find it.
If there are issues with the software package, you can find the plugin project, download the files, and upload them to the router for installation. This method is also the latest and most reliable. For example, if I need to install a plugin, I can download the corresponding files from the “tty228/luci-app-wechatpush” project on the largest global peer exchange website. Generally, the plugin will have two files: a larger one for the program and a smaller one for the user interface, both need to be installed.
Upload the downloaded files to the router via the OpenWRT backend under “System – File Transfer”.
After uploading, you can see the uploaded plugin in the “Uploaded File List” section. Click the “Install” button on the right to install the plugin; remember to install both files.
Once installed, you will see the “WeChat Push” plugin in the services. Generally, to enable the automatic IP blocking feature, you need to configure the push method in the “Basic Settings”, then set up login alerts and the number of failed login attempts under “Basic Settings – Push Content”, and finally check “Automatically Block Illegal Login Devices” under “Basic Settings – Automatic Blocking”.
Conclusion
The WeChatPush plugin is quite a useful tool on OpenWRT. It is primarily used to monitor device status, including load and temperature monitoring, IP address changes, and device online/offline alerts, which can notify you of any abnormal changes in your devices. The automatic blocking of illegal devices has also resolved my concerns.