Jump to content


Photo

Openpli 4.0 backdoor?

Started by damtom85, 08 Mar 2016 17:18

  • Please log in to reply
26 replies to this topic

Re: Openpli 4.0 backdoor? #21 MiLo

  • PLi® Core member
  • 14,055 posts

+298
Excellent

Posted 10 March 2016 - 13:24

Or just remove samba (opkg remove samba).
You can't use what isn't there :)
Real musicians never die - they just decompose

Re: Openpli 4.0 backdoor? #22 damtom85

  • Senior Member
  • 64 posts

0
Neutral

Posted 10 March 2016 - 14:46

I need samba because it is nice to watch recordings on phone or desktop. So I will just edit and delete root folder.

But I will flash first fresh image.

What about remote controller? Box is in living room and other housemates watching TV also, can't really hide remote controller each time I'm out from house. Can parental control access to plugins in menu and software management because if I understand well even I change password for root he could delete it to default one?

And shh what's the command to change password? Is it 'passwd'

Re: Openpli 4.0 backdoor? #23 WanWizard

  • PLi® Core member
  • 71,173 posts

+1,842
Excellent

Posted 10 March 2016 - 14:58

If you remove the root entry, people can still connect to your recordings share without credentials and delete your recordings.

 

You change the password with 'passwd', like any other linux system.

 

Using the remote, you can delete everything, so if you don't hide that, don't bother with anything else. And if you do, and they are really evil, they buy a new remote for a few bobs, and you have solved nothing.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.

Re: Openpli 4.0 backdoor? #24 MiLo

  • PLi® Core member
  • 14,055 posts

+298
Excellent

Posted 10 March 2016 - 18:29

Maybe you should just talk to your housemates. Sort of an "I won't steal your peanutbutter if you don't delete my recordings" kind of talk.
Real musicians never die - they just decompose

Re: Openpli 4.0 backdoor? #25 Erik Slagter

  • PLi® Core member
  • 46,969 posts

+542
Excellent

Posted 11 March 2016 - 13:01

And if that doesn't work, put your receiver in a closet with a lock on it and remove the network cable.


* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.

Re: Openpli 4.0 backdoor? #26 peti

  • Senior Member
  • 115 posts

+1
Neutral

Posted 11 March 2016 - 15:34

totally agree with Erik. This is a satellite receiver, not router/firewall where we need extended security. The majority of users need passwordless access on their home networks. And it's Linux, so if you do not like it, you can change it. But using the "backdoor" word here is really strong. 


T90 | 28.2E-23.5E-19.2E-13E-9E-4.8E-0.8W-4W

Zgemma H7S | OpenPLI develop branch

Re: Openpli 4.0 backdoor? #27 damtom85

  • Senior Member
  • 64 posts

0
Neutral

Posted 13 March 2016 - 14:57

By Backdoor, I didn't mean anything offensive.

Anyway thanks for all suggestion, so far, I blocked root, ftp, shh, samba edited and for remote I set parental control with PIN code to block access to plugins and configuration(this feature is working well) , and box is locked in cabinet.

So far it has been 4 days without issues, thank you all for help and advice.
Back to [EN] Enduser support

3 user(s) are reading this topic

0 members, 3 guests, 0 anonymous users

  1. Forums
  2. PLi® Support
  3. [EN] Enduser support