i noticed mythweb was saying that 'data directory is not writable by www-data'. then i went to mythtv to view recordings. i got the master backend server down message. so i ssh'd in as mythtv user. su'd to give the 'shutdown -r now' command. it said that i couldn't do it cause only the root user could. i've never had a problem like that before. so i hit the button to do a hard reboot. that was it. it would not reboot. i got error message after error message.

any ideas on what could cause this? i'm not too confident in my hardware as it is an old pc and the fans sound pretty bad at times. but, i'm also concerned that someone is gaining access to my mythbox and compromising it. i just installed it 2 weeks ago from scratch, and it has completely crashed.

i'm looking for some ideas. reinstalling every 2 weeks is not an option. i need to find the cause of the problem before my next install.

Is your box behind a firewall blocking ssh from the internet? If not and it is possible to ssh into your box from the internet, that is a very common way for people to break in to a unix box. Even if all the account passwords have been set securely, "dictionary" attacks are surprisingly efficient.

It is too early to say if your box has been compromised. However, you mention that you su'ed to root, but didn't appear to have root permissions. This may indicate that the "su" command has been replaced (another common hacker tactic). You can do a "which su" to find the command. Is it in the correct location? What does the timestamp indicate? Is it a text script file instead of a binary file? If you su to root and touch a new file (ex. "touch /tmp/test.file"), is the newly created file owned by root?

These are just a few of the things you can check. If you find out someone has been on and messing around, your only option is to re-install from scratch. Make sure your box is behind a firewall/NAT that does not allow incoming connections (ex. ssh, http, etc.) unless you know what you are doing and have secured them.

Then again, maybe you are lucky and this was simply a really weird crash. It sounds suspicious, so it really needs to be checked though.

Good Luck,

Allen

_________________
ASUS AT3N7A-I (Atom 330)
TBS 8922 PCI (DVB-S2)

i am behind a firewall. however, i opened port 80 so that i could access mythweb from outside the network. i was using a .htaccess file. i think i will reinstall and block port 80. i don't often use mythweb outside the home anyway.

i'd like to check some of the stuff you mentioned, but i can't even get it to boot now. i get to a debian login line that says "(none) user:". when i put in the users that should work, it doesn't work. i have been using an alphanumeric password that could not be found in a dictionary. i have a feeling that they still got in though.

The kind of damage I was describing is unlikely through port 80 (although other damage can be done). It usually occurs through port 22 (ssh). If port 22 is blocked, I would say the probability is that this is not a hacker, but some type of disk/file corruption. I say "probably" as I've seen some pretty nasty attacks and would never rule out anything easily.

BTW: "Dictionary attack" is actually a pretty poor term. What is used as a "dictionary" bares little resemblance to a real dictionary. Do a google search on "MUD persona file passwords crack" for an interesting story.

Mixed case plus non-alphanumeric characters is usually enough to stop it though. What usually happens is that one of the standard accounts is left with default passwds and login permissions (mysql, mythtv, oracle, etc.).

_________________
ASUS AT3N7A-I (Atom 330)
TBS 8922 PCI (DVB-S2)

I have been having this issue for a long time. I have been trying, with no luck, on finding the cause. All I know is that my filesystem for some reason gets corrupted, the mounted filesystem becomes "read-only".. and the ONLY way to reboot the machine is manually holding the power button. Usually when this happens my machine will not boot.. and I have to run a filesytem check (fsck) to fix the filesystem then it will boot. Everything this has happened though.. it seems the files affected are mythweb php files.. or lost+found. I am running R5C7.. on a very old machine... so I am thinking that the issue is that my box is running out of memory since I only have 128 megs available.. at which point my box does whatever it is doing. I wish I could find the cause. It is also worthy to note after the fsck.. the machien will work properly again for a while.. then go bad again after a few weeks.

Hi,

R5C7 is a very stable system however to attain long term there is one tweak that must be done. It has to do with log roll over and because there was one extra script added, it made that rollover fail. What then occurs is slowly the mysql log (if I recall correctly) grows and eventually / runs out of space.

A search for that fix should be quite easy to find, if not I will look it up tonight.

Be very carefull about any external access to your myth box as Cecil did not intend it to be security tight against the world. He gave us a hot pvr instead! A couple of things you could do is shutdown services that are not needed, lock out ssh for root and mythtv user . The user you added at build time, give it a real password, typically upper & lower case letters + symbols and numbers 8 ~ 10 charactors minimum. Do the same for your web access password. Also as a final step move it off of port 80! go for 80xx or some other non standard so it doesn't show up in a scan. There are sadly, people out on the web that have great fun at others expense.

If you can spare the extra, I would suggest moving to 256 mem as the performance will be greatly improved as it will reduce the need to use swap for the extra memory requirement.

Mike

I can certainly vouch for R5C7 as bulletproof (with the log rollover fix in...)
Mine sits in the corner running, and I haven't messed with it for weeks at a time (Last was the DSL date fix..)
It's at the mercy of my (AOL computer competency level ) family all the time...

The logrollover i have fixed.. did that when i did a fresh install back a few months ago. The issue is not the size of my log files.

I have considered upgrading my memory.. but I want to determine if that is the cause without spending the money.

Krem1120, that seems like the problem that i had. although, i can't seem to get to a command line after a hard reboot. i get a debian tty login prompt that i can't seem to get past. any ideas?

also, i am running R5E50. should i revert back to R5C7? is that more stable? i have 384mb of memory, so that should not be the issue. i am using one PVR-150.

i'll certainly be using more difficult passwords and blocking all access to the unit from outside the network. are any of you running the GuardDog firewall on your mythboxes? i had it running on an earlier box i built. just wondered if that would be a good idea or not. thanks.

If you cant get to a log in prompt.. you got two options. Try using your knoppix cd to get to a terminal.. i think if you start a install configuration then cancel out of it.. it takes you to one if i remember right. Secondly, you might be far enough in the boot up process to where you can ssh into the box from another computer and get a prompt that way.

With me, I tried R5E50 but my box got the same error, only WAY more frequently.. like a matter of 24 hours or less... so I reverted back to C7. R5D1 I never tried.. i didnt want to deal with getting my pvr350 to work at the time since it is more involved that what it normally is.

beanstalk - Hardware details please! If you're using an Athlon or Athlon XP with a Nforce2 or Via chipset there are some known issues. The Nforce2 ones are ammenable to BIOS setting fixes, the Via ones are tougher.

i am using a P3 1Ghz 384Mb ram backend with an xbox as my frontend. i have a single PVR-150 tuner.

i wonder if it is something with the P3's.. I have a Pentium 3 800.. only 128 megs of ram though...

That's really kind of underpowered for this application. Recycling old hardware is great but at some point you've got to realize that it's past the point of diminishing returns.

Back when I set up my first MythTV box one of the first things I did to prepare was spend a fair amount of time browsing the old MythTV hardware database (now defunct). It was clear from even casual inspection that the user satisfaction and quality of user experience ratings had a strong correlation to the quality of the hardware in terms of both CPU power and amount of RAM. For the CPUs this flatten out around 2Ghz and for RAM it was between 256Mb and 512Mb. There also appeared to be some motherboard chipsets which gave people a lot of giref, as well as some capture cards that were easier to set up than others. With this in mind I gave myself $500-600 budget and set out to do my shopping.

Three and a half years later those hardware specs still hold for SDTV. Sure you can get KnoopMyth working on lower spec hardware, but at what cost in time and effort? The folks around here who've done it tend towards the hardcore hardware hobbyist. Not to mention that the same box (minus the capture card) could now probably be picked up on e-bay for all of $75 or gotten free from an acquaintance who was upgrading and looking to avoid hassling with disposal. Even working at McDs or some other joe job you can probably earn double that in a weekend. If the spend saves you 2-3 weeks of hair tearing frustration the ROI is amazing.

A wise young co-worker (thanks Eric) taught me a very important lesson - "Sometimes it's amazing how throwing a relatively small amount of money at a problem will make it go away."

Hi,

Nicely put tjc.

There are bare minimums and then there are lower limits. With 128 meg of mem, some stuff will work if your swap file is big enough but it will take all day. Even at 256 meg of memory your box will be into the swap file and that slows performance to a crawl. What happens when you skimp is the ram gets used up, then if you don't have a large enough swap is the cpu usage goes to 0.0 and the wait goes through the roof as it tries to figure out where to put one more data word.

To make an old sow ear took like a silk something is fine and educational but it is still a pig.

Mike