Home of the Squeezebox™ & Transporter® network music players.
Page 5 of 6 FirstFirst ... 3456 LastLast
Results 41 to 50 of 56
  1. #41
    Junior Member
    Join Date
    Jun 2016
    Posts
    11
    OK - so now that I am completely locked out of LMS, can any one tell a non-techie how to get into it so that I can disable the password? I am running LMS on a Synology Diskstation, with a SBTouch/iPeng/Macbook as my player. I have closed the relevant ports on my router, but I still get the password screen when I try to log in via a my Mac.
    Last edited by Hip-Priest; 2017-07-17 at 03:52.

  2. #42
    Babelfish's Best Boy mherger's Avatar
    Join Date
    Apr 2005
    Location
    Switzerland
    Posts
    19,800

    IMPORTANT: Stop forwarding your LMS ports to theinternet!

    > OK - so now that I am completely locked out of LMS, can any one tell a
    > non-techie how to get into it so that I can disable the password? I am
    > running LMS on a Synology Diskstation, with a SBTouch as my player. I
    > have closed the ports on my router, but I still get the password screen
    > when I try to log in via a Mac or iPeng on an iPhone.


    You'll have to shut down LMS, and edit its server.prefs file. Where
    exactly that file is stored you better ask in a Synology specific
    thread. There are prefs for authorize and username. Remove those lines
    and restart LMS.

    --

    Michael

  3. #43
    Senior Member jimzak's Avatar
    Join Date
    May 2008
    Location
    Austin TX
    Posts
    640

    Other server options for external access of music.

    Quick somewhat OT question.

    Are other music serves such as Younity, Subsonic, Plex also as easily susceptible to attack?

    I currently have SB for internal use and Plex for external use.
    http://zzzone.net
    http://have-a-nice-day.org
    http://www.last.fm/user/zzzoneDOTnet
    http://somethingsomethingsomething.net

    SBS 7.9 - i7 nuc - Win 10 64bit
    5 Booms, 2 Radio, 3 Touch, 1 Duet, 5 piCorePlayers including 3 touchscreen, 1 Avy
    2 controllers, various tablets/phones
    Apps including iPeng, Squeeze Ctrl etc.
    Library: 385,000+ FLAC/MP3 files - 12 TB HD

  4. #44
    Senior Member
    Join Date
    Feb 2011
    Location
    Cheshire, UK
    Posts
    2,891
    Anything that is open to the internet must be considered a risk.
    You need to check the forums for Plex etc as general advice won't be good enough. My understanding of subsonic is that it was designed for remote streaming but I'd still check.
    The best solution is a VPN (not pptp) with solid credentials.
    Pi3 pCp/LMS storage QNAP TS419p (NFS)
    Living Room - Joggler & SB3 -> Onkyo TS606 -> Celestion F20s
    Office - Pi3+Sreen -> Sony TAFE320 -> Celestion F10s / Pi2+DAC & SB3 -> Onkyo CRN755 -> Wharfedale Modus Cubes
    Dining Room -> SB Boom
    Kitchen -> UE Radio (upgraded to SB Radio)
    Bedroom (Bedside) - Pi2+DAC ->ToppingTP21 ->AKG Headphones
    Bedroom (TV) - SB Touch ->Sherwood AVR ->Mordaunt Short M10s
    Everything controlled by iPeng

  5. #45
    Senior Member Nonreality's Avatar
    Join Date
    Feb 2008
    Location
    Clarkston, Wa USA
    Posts
    2,031
    Quote Originally Posted by Paul Webster View Post
    You could change LMS to require a password if the IP address is not local and have a maximum number of password attempts before suspending such access for X hours - and a setting to disable all of this for someone who really insists on taking the risk.
    At least those users who have auto-update enabled would have a bit better protection.
    So am I understanding that I should not have auto updates turned on in LMS?

    Sent from my SM-G955U using Tapatalk
    If the rule you followed brought you to this, of what use is the rule.

    HTTP://www.last.fm/user/nonreality

  6. #46
    Senior Member
    Join Date
    Apr 2005
    Location
    UK/London
    Posts
    755
    Quote Originally Posted by Nonreality View Post
    So am I understanding that I should not have auto updates turned on in LMS?
    No. The logic was that if an update was made to close the hole in LMS then those with updates enabled would get it.
    However, the world is not that simple.

  7. #47
    Junior Member
    Join Date
    Mar 2014
    Posts
    3

    No way to find open ports, but the hack seems to continue

    Hello

    After your warning (this post), I'm quite sure I've properly closed the open ports and also disable the port forwarding on the internet. But issue/ hack stills happen (Actually, I can see this happen because I've got huge CPU load during many hours as it was scanning hard drive).

    Is there any log where we could see the hack happens, what's the source IP, and also the used ports ?

    Thanks

    Thomas

  8. #48
    Senior Member Jeff07971's Avatar
    Join Date
    Aug 2011
    Location
    London, England
    Posts
    877
    Quote Originally Posted by tom6475 View Post
    Hello

    After your warning (this post), I'm quite sure I've properly closed the open ports and also disable the port forwarding on the internet. But issue/ hack stills happen (Actually, I can see this happen because I've got huge CPU load during many hours as it was scanning hard drive).

    Is there any log where we could see the hack happens, what's the source IP, and also the used ports ?

    Thanks

    Thomas
    You could turn "INFO" (Or higher) level logging on for HTTPD under Settings>Advanced>Logging you'll end up with big logs to grep through.
    Alternatively go to "THAT" website and see if your IP address appears.
    Players: SliMP3,Squeezebox3 x3,Receiver,SqueezeLiteX,PiCorePlayer x3,Wandboard
    Server: LMS Version: Latest Nightly on Centos 7 VM on ESXi 6.5.0U1 on Dell T320
    Plugins: AutoRescan/BBCiPlayer/PowerSave/PowerSwitchIII/Squeezecloud/Spotty
    Remotes: iPeng9/Orangesqueeze/PC/Jivelite/SqueezeLiteX
    Music: 383GB,1346 albums with 18894 songs by 4501 artists mostly FLACs

    Want a webapp ? See http://forums.slimdevices.com/showth...Webapp-for-LMS

  9. #49
    Senior Member
    Join Date
    Apr 2013
    Location
    UK
    Posts
    1,032
    If you're still being hacked after genuinely disabling the port from internet access that means the hackers are already inside your network... Suggest you look at intrusion detection software.


    Transcoded from Matt's brain by Tapatalk
    --
    Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0
    Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k albums..

  10. #50
    Babelfish's Best Boy mherger's Avatar
    Join Date
    Apr 2005
    Location
    Switzerland
    Posts
    19,800

    IMPORTANT: Stop forwarding your LMS ports to theinternet!

    > After your warning (this post), I'm quite sure I've properly closed the
    > open ports and also disable the port forwarding on the internet. But
    > issue/ hack stills happen (Actually, I can see this happen because I've
    > got huge CPU load during many hours as it was scanning hard drive).


    The huge CPU load and potential crashes often were caused by the Picture
    Gallery plugin being installed by the intruders. Make sure you remove it
    or at least review its settings if you've been using it. It often was
    set up to scan all filesystems - causing the high load and crashes.


    --

    Michael

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •