I normally have a password on it...and it was only unsecured for a couple days...but
I know better...considering I am a programmer, and have to think of security in every app I write.
| LinHES Forums http://forum.linhes.org/ |
|
| What happens when you don't secure your MythWeb http://forum.linhes.org/viewtopic.php?f=6&t=12879 |
Page 1 of 1 |
| Author: | Gibble [ Thu Dec 07, 2006 10:05 am ] |
| Post subject: | What happens when you don't secure your MythWeb |
Well, I got MythTV all installed the other day, my backend is actually based on Ubuntu not Knoppmyth, but I'll be using Knoppmyth for front ends. Unfortunately, I didn't have mythweb secured, and didn't think much of it... yeah, within two days, I've already had a couple recordings go missing, and someone completely messed up my schedules. I removed all the "do not record this showing" and a bunch of other junk and fixed my schedules, but now, when I look at upcoming recordings, I have a bunch of shows not recording because myth thinks they have already been recorded. Is there a quick way (even if I have to go into the db) to clear myths memory of ALL previous recordings? |
|
| Author: | Gibble [ Thu Dec 07, 2006 10:09 am ] |
| Post subject: | |
Never mind, I just clicked "forget old" on everything and got it cleaned up. |
|
| Author: | evdogg [ Thu Dec 07, 2006 9:25 pm ] |
| Post subject: | |
Wow, that sucks that someone messed up everything. I'm not surprised that someone got in though, since it was unsecured. The other day I was Googling for something, and I used keywords like mythtv and commflag, and a few others. The second link that came back was someone's Mythweb page! |
|
| Author: | Gibble [ Thu Dec 07, 2006 11:09 pm ] |
| Post subject: | |
I normally have a password on it...and it was only unsecured for a couple days...but
I know better...considering I am a programmer, and have to think of security in every app I write. |
|
| Author: | ed.gatzke [ Fri Dec 08, 2006 11:15 am ] |
| Post subject: | Get a router, reject all incoming |
If possible, you could reject all incoming traffic. You could only be able to access your box from inside your hous LAN. I think this breaks some apps, but NAT routers let you specify who you allow and what ports you allow and where the connections go. Even securing a system is not enough. You have to keep everything on the LAN up to date or you are in trouble. I assume (hope) a hardware firewall will be pretty secure... |
|
| Author: | Gibble [ Fri Dec 08, 2006 11:37 am ] |
| Post subject: | |
I want to be able to get at my myth box from outside, and normally I'm more diligent in securing things, but it was a crazy week...no excuse, but hey, no real harm done. |
|
| Author: | aaronb [ Fri Dec 08, 2006 1:21 pm ] |
| Post subject: | |
Be happy that's all that happened, people on the mailing list have reported that the Googlebot indexed their unsecured MythWeb, which entails following every link on the page, which includes the "Delete" link next to every show. |
|
| Author: | Gibble [ Fri Dec 08, 2006 2:06 pm ] |
| Post subject: | |
You know...that's what *may* have happened...I just caught it in time! It would make sense since it happened to soon after I had installed. |
|
| Author: | Atamido [ Sun Dec 10, 2006 10:14 am ] |
| Post subject: | |
Perhaps adding a robots.txt in the default install would be a good idea? |
|
| Author: | Liv2Cod [ Sun Dec 10, 2006 10:39 am ] |
| Post subject: | |
An easy first step is to change or map the address to some port other than 80. You can always get into it yourself by appending the port number to the address: http://my.mythbox.address:9980 This will prevent Googlebots as well, I believe. I have this mapping done in my hardware firewall, but it's easy enough to change Apache on the box itself. |
|
| Author: | Speed_D [ Thu Dec 14, 2006 5:46 pm ] |
| Post subject: | |
I passworded mine but then I also decided to keep it on my LAN for better security. Here's something really simple you can do if your myth box is behind a router: - don't forward to the mythweb http port. - do forward ssh to the myth box (or to another server on your internal network). Then, from the outside: ssh -N -D 8888 yourname@yourhost.com That sets up a SOCKS proxy on port 8888. So in your webbrowser's network settings, add a proxy for SOCKS v4, localhost:8888, and you'll be effectively on the web from your LAN. Then just http to the internal address of your mythweb server. |
|
| Author: | nermander [ Fri Dec 15, 2006 4:31 am ] |
| Post subject: | |
I use a similar approach to reach my mythweb from work, I set up an ssh tunnel and then use http://locahost:81/mythweb/ to reach mythweb. Since I have putty.exe in a private folder on my web server I can run putty from almost any Windows machine. |
|
| Page 1 of 1 | All times are UTC - 6 hours |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|