Home of the Squeezebox™ & Transporter® network music players.
Page 2 of 14 FirstFirst 123412 ... LastLast
Results 11 to 20 of 137
  1. #11
    Senior Member Mnyb's Avatar
    Join Date
    Feb 2006
    Location
    Vństerňs Sweden
    Posts
    16,528
    Quote Originally Posted by mherger View Post
    > Is it possible to limit LMS to the local subnet via programming , but
    > have it working via a correctly setup VPN ?


    If using a VPN you should be fine already. If you feel like tinkering,
    check out Settings/Advanced/Security.

    > Wonder why some hacker finds this funny ?


    Never picked up the phone book to call a random number as a kid?

    > More risks someone can actively listen with your accounts on Spotify and
    > your other services.
    > Ads his players to your mysb.com account via LMS it does that
    > automatically .
    > Mess up your stats and scrobbling.


    Or implement the plugin which will wipe your system. Or encrypt your data.

    --

    Michael
    Oh on open VPN already , just an idea to not make so easy to just open the ports like apearently >5000 people are doing already ?
    If the next upgrade jts blocks this and they have search for info ....

    Ransom ware as an lms plugin

    My LMS machine is only that , another safety measure . Its not running on my daily use computer no other personal info on than the LMS settings , no documents no mail .
    So I can just delete that VM and reinstall.

    And the NAS that keeps the music files is another VM from the NAS that has my personal backup . So i can deleta that one to , but the music share its mounted read only and no executing of files to the LMS machine..
    Music is backed up on USB drives .
    --------------------------------------------------------------------
    Main hifi: Rasbery PI digi+ MeridianG68J MeridianHD621 MeridianG98DH 2 x MeridianDSP5200 MeridianDSP5200HC 2 xMeridianDSP3100 +Rel Stadium 3 sub.
    Bedroom/Office: Boom
    Loggia: Raspi hifiberry dac + Adams
    Bathroom : Radio (with battery)
    iPad with iPengHD & SqueezePad
    (spares Touch, SB3, reciever ,controller )
    server Intel NUC Esxi VM Linux mint 18 LMS 7.9.2

    http://people.xiph.org/~xiphmont/demo/neil-young.html

  2. #12
    Senior Member
    Join Date
    Jan 2008
    Posts
    306
    Done. Thanks for the heads-up, Michael.

    Interestingly, over the past few months LMS has randomly stopped, with no info in the logs and only "possible software conflict" in the diagnostics tray.

    Been running and playing on DSTM for three days now without a stoppage. Could this be related?

    Jason

  3. #13
    Senior Member sfraser's Avatar
    Join Date
    Oct 2005
    Posts
    258
    Their are some real A-holes out there. I work for a router vendor, and we have a non firewalled internet access in our lab. From time to time we turn it up for deep packet inspection testing, within 30 seconds of turning it up we get pounded with attacks.
    Home Office
    SB2->Benchmark DAC-1-> Bryston P-25, preamp -> Carver M1.0t Amp->PMC TB2
    Home Theater System#1
    SB2-> Emotiva PrePro->Bryston 9B ST -> PSB Stratus Goldi
    /Home Theater System #2/ LazyEye Bar
    Pi3 w/7" screen/HiFiBerry DAC>Outlaw 976-> Bryston 3B ->Klipsch La Scala's, 2x Bryston 4B (mono) EV 18" subwoofers
    Bedroom System
    SB2-> Sony BoomBox
    Rear Deck/Patio
    Pi4 --> Yamaha Receiver-> PSB Mini's,
    Kitchen
    Pi4 --> Yamaha Receiver -> Polk Ceiling Speakers
    Ensuite
    Squeeze Radio

  4. #14
    Senior Member
    Join Date
    Aug 2008
    Location
    Norway
    Posts
    381
    At least - if you really wish to have remote access to LMS, add a strong password to log on. This is probably not extremely difficult to hack for someone that knows how. I guess LMS logon exchange user name+password in clear text?
    Nevertheless, it's better than nothing.
    The downside is that there are several client apps out there that don't support password logon....
    QNAP TS-453Be 4x3TB RAID5 QNAP TS-251 2x3TB RAID0 QNAP HS-251 2x2TB RAID0 QNAP TS-453Mini 2x1TB Raid 10
    LMS running in Docker Madsonic running in Docker Guacamole QPGK R&D and Test server
    Home Assistant running in Docker Node-Red running in Docker RainLoop QPKG
    Pi-Hole running in Docker Bastillion running in Docker DeConz running in Docker w/ConBee II
    Mosquitto MQTT running in Docker

  5. #15
    Senior Member Mnyb's Avatar
    Join Date
    Feb 2006
    Location
    Vństerňs Sweden
    Posts
    16,528
    Quote Originally Posted by oyvindo View Post
    At least - if you really wish to have remote access to LMS, add a strong password to log on. This is probably not extremely difficult to hack for someone that knows how. I guess LMS logon exchange user name+password in clear text?
    Nevertheless, it's better than nothing.
    The downside is that there are several client apps out there that don't support password logon....
    Yes clear text and not hard to hack .

    But social engineering is also a thing , people reuse passwords even if you should not it's very very likely that someone uses the same passwords as they always do .
    --------------------------------------------------------------------
    Main hifi: Rasbery PI digi+ MeridianG68J MeridianHD621 MeridianG98DH 2 x MeridianDSP5200 MeridianDSP5200HC 2 xMeridianDSP3100 +Rel Stadium 3 sub.
    Bedroom/Office: Boom
    Loggia: Raspi hifiberry dac + Adams
    Bathroom : Radio (with battery)
    iPad with iPengHD & SqueezePad
    (spares Touch, SB3, reciever ,controller )
    server Intel NUC Esxi VM Linux mint 18 LMS 7.9.2

    http://people.xiph.org/~xiphmont/demo/neil-young.html

  6. #16
    Senior Member pippin's Avatar
    Join Date
    Oct 2007
    Location
    Berlin
    Posts
    14,788
    And that's an especially bad idea in this case because it's so easy to log the clear-text username and password from LMS...
    ---
    learn more about iPeng, the iPhone and iPad remote for the Squeezebox and
    Logitech UE Smart Radio as well as iPeng Party, the free Party-App,
    at penguinlovesmusic.com
    New: iPeng 9, the Universal App for iPhone, iPad and Apple Watch

  7. #17
    I had that problem, where my music player suddenly went whild in the middle of the night, I had forwarded my LMS ports to the internet. Now I use VPN and no problems at all anymore.
    Shame, it was practical to use LMS on the road that way, but simply to unsafe.

    Absolutely block those ports, this sort of thing does happen!
    LMS 7.9.0 - 1470391720 on Pi2 (Max2play)
    Synology DS-414 NAS
    Squeezebox Touch, Squeezebox Boom, Squeezebox Radio, HifiBerry PicorePlayer
    Schiit - BIFROST AKM 4490 Dac
    Spotify Premium

  8. #18
    Senior Member
    Join Date
    Apr 2013
    Location
    UK
    Posts
    1,323
    I wonder if anyone has searched the darkwebs for LMS attacks..? There are probably "slurp all the music and set some annoying alarms" scripts out there.
    --
    Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0
    Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k albums..

  9. #19
    Senior Member
    Join Date
    Aug 2008
    Location
    Norway
    Posts
    381
    You don't need a script for that. All you need is the IP.
    QNAP TS-453Be 4x3TB RAID5 QNAP TS-251 2x3TB RAID0 QNAP HS-251 2x2TB RAID0 QNAP TS-453Mini 2x1TB Raid 10
    LMS running in Docker Madsonic running in Docker Guacamole QPGK R&D and Test server
    Home Assistant running in Docker Node-Red running in Docker RainLoop QPKG
    Pi-Hole running in Docker Bastillion running in Docker DeConz running in Docker w/ConBee II
    Mosquitto MQTT running in Docker

  10. #20
    Senior Member
    Join Date
    Apr 2013
    Location
    UK
    Posts
    1,323
    You do, you know the control protocol. The script kiddies know nothing, they just run scripts.
    --
    Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0
    Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k albums..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •