10 replies to this topic

[linuxgeek]

I found a rouge user and server in my sbox config today 

I know I was not there last week as checked it before going on a weeks holiday 

 

the scum bag has even put a line in the crontab to update their server of any ip changes to 

 guess they did not know my dns details or did not want to loose the connection if I changed it

 

I also found that my root pass would not change even though passwd said it had 

have not re flashed and set a new pass and dns / port to be sure 

 

 

thing is I have no idea how they got in / found me as I know the 5 people who connect to my sbox personally to its not like Im touting on the big CS sites 

 

 

 

is it possible that the attact has come in via TSmedia as I installed this and only started to use it a week ago made no other changes to the system 

[WanWizard]

What else do you have open to the internet? ssh? ftp? webif? something else? No password on the webif? Used a standard or guessable password?

[linuxgeek]

did not use standard passwords or ports

 

passwords were no not standard containing numbers and letters 

 

did have a port open for webif but was not port 80 

 

is the web interface considered insecure ?

Edited by linuxgeek, 21 October 2013 - 21:23.

[WanWizard]

I don't know, it's a 3rd party application, but I find it unlikely that files are edited via the webif.

[betacentauri]

Only webif and not ftp, ssh, telnet,... port?

[linuxgeek]

only web and a port of sbox nothing else there is no way I would open ftp of telnet 

[Sjaaky]

I don't consider the webif save to open up to the internet. I don't know about any concrete exploits. But given the amount of exploits in software which was designed with security in mind, I would be surprised if the webif is free of exploits.

[theparasol]

Just use vpn to connect to your lan and dont use portforwarding wan->lan

[mge]

check your router, there is a botnet out. it makes a portforwarding from yor router to your stb. from there it looks for interesting data. Read the article:

 

http://www.heise.de/...er-1960334.html

Edited by mge, 23 October 2013 - 17:38.

[Pr2]

This is not a botnet or whatever issue, he says that he create a port forwarding himself.

This is a very bad idea to openup any webif STB, softcam or whatever but people don't understand what they do and the risk they take, they think that by using non standard port they are protected...

[MiLo]

I always tell the same: SSH is safe. The rest is not.

 

Then usually people go "but this but that but ...", thinking they know better because their second cousin has a friend who had been married to the sister of a guy who worked for the NSA and he said it was safe. Then there's nothing more to say but "Well it's your gun, it's your foot, go ahead."

 

You should not forward ports from the internet to your box to any port but 22 (ssh). For the same reason you should not take a shotgun, point it at your left foot, and pull the trigger. It hurts. That's why.