Home of the Squeezebox™ & Transporter® network music players.
Page 14 of 14 FirstFirst ... 4121314
Results 131 to 136 of 136
  1. #131
    Babelfish's Best Boy mherger's Avatar
    Join Date
    Apr 2005
    Location
    Switzerland
    Posts
    20,323
    Quote Originally Posted by dr..mike View Post
    Assuming, someone 'only' installed the gallery plugin: does this allow reading / downloading also PDFs, excels, docs and so on? Or 'only' shows pictures it finds?

    Am I understanding correctly, that once someone accessed the LMS, the user & password had to be set, i.e. max one person can go inside as it's locked afterwards?
    The Gallery plugin was developed for pictures only. That said I know that some of the attackers did install modified versions of the plugin. They could potentially do anything they want. They could as well just write their own to download all those files, yes. But then I'm not aware of an attack at that level.

    The password can be used by anyone knowing it. Most likely this is only being set to annoy the users, and potentially have a bit more time to explore whatever content they got access to.
    Michael

    http://www.herger.net/slim-plugins - Spotty, MusicArtistInfo

  2. #132
    Junior Member dr..mike's Avatar
    Join Date
    Nov 2018
    Posts
    4
    Quote Originally Posted by mherger View Post
    The Gallery plugin was developed for pictures only.
    Thanks for sharing your thoughts!!

    With the above & the seemingly normal outgoing traffic volumes my router is showing, I'm trying to semi-comfort my mind that someone had their fun, looking at family pics or a weekend outing... and browsing the names of my directory structure, leaving the trace of a saved random folder in the settings...

    Fingers crossed, but I suppose nothing to actively do to find out if things may have been stolen and where they may have ended up.

    Gesendet von meinem HTC U Ultra mit Tapatalk

  3. #133
    Quote Originally Posted by mherger View Post

    And then there's that undocumented pref you can set to disable the check
    in such an exceptional case.
    So how to disable this check? I didn't find the answer! I want to disable it. Where is that pref, what should i do to disable it?

  4. #134
    Junior Member
    Join Date
    Jul 2019
    Posts
    4

    Synology router configuration

    Just a warning to anyone who blocked theses ports in the past. If you get a new router and and use Synology's automatic router configuration, pay a little more attention than I did. I had blocked theses ports years ago on my old router and did not think to tell the server to not open them back up. Of course someone with too much time on there hands found them and locked me out of my LMS.

    Of note, I informed Synology that they should not allow the automatic router configuration tool to do this as it is a known exploit. They basically told me it was my fault for using their software . Fair enough, but it is the first time I've had a response from Synology that annoyed me in the 9 years I've been using there servers.

  5. #135
    Senior Member
    Join Date
    May 2017
    Posts
    588
    But why is your nas open to internet, use router vpn!
    SqueezeBoxes: 1x Transporter (Living room) 1x SB2 (shed), 1x Radio (Kitchen), 1x Boom (Dining room), 1x piCorePlayer (jacuzzi), 1x piCorePlayer (Garden) 1x OSMC + Squeezelite (Movie room), 1x Touch (Study 2), few spare unit's
    Server: LMS on Pi3 7.9.1. on PcP 3.21
    Network: AVM Fritzbox, Netgear Smart Switch 24p, 3x Ubiquity

  6. #136
    Junior Member
    Join Date
    Nov 2019
    Posts
    6

    Thank you

    Thanks for the info.

    Regards

    Quote Originally Posted by judojimmie View Post
    Just a warning to anyone who blocked theses ports in the past. If you get a new router and and use Synology's automatic router configuration, pay a little more attention than I did. I had blocked theses ports years ago on my old router and did not think to tell the server to not open them back up. Of course someone with too much time on there hands found them and locked me out of my LMS.

    Of note, I informed Synology that they should not allow the automatic router configuration tool to do this as it is a known exploit. They basically told me it was my fault for using their software . Fair enough, but it is the first time I've had a response from Synology that annoyed me in the 9 years I've been using there servers.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •