Well, I got MythTV all installed the other day, my backend is actually based on Ubuntu not Knoppmyth, but I'll be using Knoppmyth for front ends.

Unfortunately, I didn't have mythweb secured, and didn't think much of it...

yeah, within two days, I've already had a couple recordings go missing, and someone completely messed up my schedules. I removed all the "do not record this showing" and a bunch of other junk and fixed my schedules, but now, when I look at upcoming recordings, I have a bunch of shows not recording because myth thinks they have already been recorded.

Is there a quick way (even if I have to go into the db) to clear myths memory of ALL previous recordings?

_________________
"The amount of time needed to solve a problem is inversely proportionate to the complexity of the solution" -- Me

KM: R5.5
CPU: Athlon 3800+
Vid: nvidia 7300GT
Snd: Chaintech av-710
Tuner: PVR150
HD: 1000gb sata + 750gb sata + 500gb usb

Never mind, I just clicked "forget old" on everything and got it cleaned up.

_________________
"The amount of time needed to solve a problem is inversely proportionate to the complexity of the solution" -- Me

KM: R5.5
CPU: Athlon 3800+
Vid: nvidia 7300GT
Snd: Chaintech av-710
Tuner: PVR150
HD: 1000gb sata + 750gb sata + 500gb usb

Wow, that sucks that someone messed up everything. I'm not surprised that someone got in though, since it was unsecured. The other day I was Googling for something, and I used keywords like mythtv and commflag, and a few others. The second link that came back was someone's Mythweb page!

I normally have a password on it...and it was only unsecured for a couple days...but

I know better...considering I am a programmer, and have to think of security in every app I write.

_________________
"The amount of time needed to solve a problem is inversely proportionate to the complexity of the solution" -- Me

KM: R5.5
CPU: Athlon 3800+
Vid: nvidia 7300GT
Snd: Chaintech av-710
Tuner: PVR150
HD: 1000gb sata + 750gb sata + 500gb usb

If possible, you could reject all incoming traffic. You could only be able to access your box from inside your hous LAN.

I think this breaks some apps, but NAT routers let you specify who you allow and what ports you allow and where the connections go.

Even securing a system is not enough. You have to keep everything on the LAN up to date or you are in trouble. I assume (hope) a hardware firewall will be pretty secure...

I want to be able to get at my myth box from outside, and normally I'm more diligent in securing things, but it was a crazy week...no excuse, but hey, no real harm done.

_________________
"The amount of time needed to solve a problem is inversely proportionate to the complexity of the solution" -- Me

KM: R5.5
CPU: Athlon 3800+
Vid: nvidia 7300GT
Snd: Chaintech av-710
Tuner: PVR150
HD: 1000gb sata + 750gb sata + 500gb usb

Be happy that's all that happened, people on the mailing list have reported that the Googlebot indexed their unsecured MythWeb, which entails following every link on the page, which includes the "Delete" link next to every show.

You know...that's what *may* have happened...I just caught it in time!

It would make sense since it happened to soon after I had installed.

_________________
"The amount of time needed to solve a problem is inversely proportionate to the complexity of the solution" -- Me

KM: R5.5
CPU: Athlon 3800+
Vid: nvidia 7300GT
Snd: Chaintech av-710
Tuner: PVR150
HD: 1000gb sata + 750gb sata + 500gb usb

Perhaps adding a robots.txt in the default install would be a good idea?

An easy first step is to change or map the address to some port other than 80. You can always get into it yourself by appending the port number to the address: http://my.mythbox.address:9980 This will prevent Googlebots as well, I believe. I have this mapping done in my hardware firewall, but it's easy enough to change Apache on the box itself.

_________________
Do you code to live, or live to code?
Search LinHES forum through Google

I passworded mine but then I also decided to keep it on my LAN for better security. Here's something really simple you can do if your myth box is behind a router:

- don't forward to the mythweb http port.
- do forward ssh to the myth box (or to another server on your internal network).

Then, from the outside:

ssh -N -D 8888 yourname@yourhost.com

That sets up a SOCKS proxy on port 8888. So in your webbrowser's network settings, add a proxy for SOCKS v4, localhost:8888, and you'll be effectively on the web from your LAN.

Then just http to the internal address of your mythweb server.

I use a similar approach to reach my mythweb from work, I set up an ssh tunnel and then use http://locahost:81/mythweb/ to reach mythweb.

Since I have putty.exe in a private folder on my web server I can run putty from almost any Windows machine.