But If I had to guess, this person is going to see this thread you started. I bet the admins could look at the forum logs and see what forum user belongs to this IP and warn them with a PM to play nice, but its not their job to do that and they probably wont get involved. I say that because they have an Linux emby server of their own called "sexymedia". By the looks of it this person is just a forum user, or someone you know, who probably got your server IP from logs you shared on the forum and guessed at your password. I can tell you this is not a "hacker" lol They didn't cover their tracks AT ALL, which opens them up for a return attack. How can I lock things down so this cannot ever happen again?Ĭurrently I only have one user for myself. Someone got into the server from IP 98.122.185.132, created a user called RandomHacker and started watching some of my content. Sent from my iPhone using Tapatalk Edited by Tur0k Begin blocking communication to and from subnets by world region. Add a basic IDS (intrusion detection systems) tool that would allow you to block specific public Internet IP addresses you know are trying to hack you.Ģ. Change all passwords to all user accounts using the above rules.Īdditionally, track and monitor source IP addresses for all logon attempts.ġ. There are a few posts about the method to do this.ħ. You could pickup a domain name and signed SSL certificate on the cheap and get it imported into your Emby server and have the https configuration working the intended way. This means that your credentials could be captured in transit.Ī. Are you using HTTPS on all connections from the public Internet? If not when you enter your username and password it isn't encrypted during communication with your Emby environment. Use a different username and password to administer the Emby server than you use to actually play videos from day to day.ĥ. Changing your externally facing passwords at regular interval.Ĥ. Using total characters in password to be greater than any multiple of 8, as brute force attacking tools are carried out with normal 8-64 bit processing.ģ. Using character sets that include all 4 types of charactersī. Sufficiently complex password should be enforced.Ī. Check the box next to "hide user from login screens" under /manage server/users/open each user account.Ģ. From a security standpoint this is poor practice as it negates half of the complexity of a user's credentials. So, I think many people leave their usernames listed in the logon screen. Second, When you come back online and have everything put back together secure it:ġ. Make sure that your modem/firewall/router is not using default username and passwords. There is the potential that you have a Emby client device that has a key logger that captured your key clicks and thus acquired your credentials.Ħ. Run anti malware scans on all systems that you or your other users have used to logon to your Emby server from. Depending on what was accessible, check your event logs and see if they were able to get to terminal/start and install software remotely.ĥ. Run through the local password reset on your Emby server system.Ĥ. Remove remote access to the Emby server from the Internet by disabling any pass through a you had on your firewall.Ģ.
0 Comments
Leave a Reply. |