[mythtv-users] Securing mythweb
Mache Creeger
mache at creeger.com
Thu Feb 11 00:47:30 UTC 2010
At 04:42 PM 2/10/2010, Jay Foster wrote:
>On 2/10/2010 12:48 PM, mythtv-users-request at mythtv.org wrote:
>>In article<3d82ce5f1002091220k6154d53alcd4ee1b1ca1f257a at mail.gmail.com>,
>>Kenneth Emerson wrote:
>>> > Once you open up port 22 on your mythtv box to the internet,
>>> it will be hit
>>> > by computers trying to hack into it (check out logwatch to find out).
>>I use my broadband router to map a different port, only have one user allowed
>>to SSH in, and the password is 12+ characters with a mix of cases, numeric
>>and punctuation. No problems yet!
>>
>>Ian
>
>I have done the same thing. However, I noticed that the netbots
>would find my machine on port 22 and start banging away on it. They
>never succeeded in gaining access, but I didn't like all the extra
>activity on my machine. This extra activity would also look to my
>ISP provider as either SPAM or me running a server, so my ISP would
>reset my DSL resulting in a new public IP address. This was
>annoying and made accessing the Myth system from outside more
>difficult when my public IP address would keep changing frequently.
>
>To stop that, I also turned on the firewall on my Myth system to
>only allow access from the local networks and 1 public network (my
>work network). This stopped the netbots in their tracks. I could
>have done the same with my firewall/router, but it doesn't have that
>functionality (only does port forwarding/blocking).
>
>Jay
I use Dynamic DNS from a free supplier (http://www.no-ip.com) to keep
my server accessible regardless of ISP public IP address changes. You
just run a small client on the server and it guarantees that the
domain will always resolve back home.
-- Mache
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mythtv.org/pipermail/mythtv-users/attachments/20100210/2517cd22/attachment.htm>
More information about the mythtv-users
mailing list