[mythtvnz] Open MythWeb access
Hadley Rich
hads at nice.net.nz
Fri Nov 2 13:55:00 GMT 2007
On Friday 02 November 2007 19:26:49 Sam Hadley-Jones wrote:
> Could've been my box but I'm sure I secured it last week. Was it
> samborambo.homelinux.net?
No, you're safe, it was Kenneth's I believe. I did reply to him but I think it
went offlist sorry.
> I browsed through my /var/log/auth.log and, to my horror, noticed a
> successful ssh probe / brute force attack from some overseas IP. They
> guessed the I have a mythtv user account and logged in for 3 seconds - I
> had the password set to 'mythtv' and admin rights, doh!
Oops :)
> Lesson learned - with seemingly no damage done.
Make sure you're sure.
> I wasn't to worried
> about security while building the mythbox behind a firewall but I didn't
> close all the loopholes before DMZing the box.
>
> A good idea would be to stop ssh access for the mythtv user altogether.
A safer solution would be to only allow the users that need ssh access access.
hads
--
http://nicegear.co.nz
New Zealand's VoIP supplier
More information about the mythtvnz
mailing list