[mythtv-users] Securing mythweb

Mache Creeger mache at creeger.com
Thu Feb 11 00:47:30 UTC 2010


At 04:42 PM 2/10/2010, Jay Foster wrote:
>On 2/10/2010 12:48 PM, mythtv-users-request at mythtv.org wrote:
>>In article<3d82ce5f1002091220k6154d53alcd4ee1b1ca1f257a at mail.gmail.com>,
>>Kenneth Emerson wrote:
>>> >  Once you open up port 22 on your mythtv box to the internet, 
>>> it will be hit
>>> >  by computers trying to hack into it (check out logwatch to find out).
>>I use my broadband router to map a different port, only have one user allowed
>>to SSH in, and the password is 12+ characters with a mix of cases, numeric
>>and punctuation. No problems yet!
>>
>>Ian
>
>I have done the same thing.  However, I noticed that the netbots 
>would find my machine on port 22 and start banging away on it.  They 
>never succeeded in gaining access, but I didn't like all the extra 
>activity on my machine.  This extra activity would also look to my 
>ISP provider as either SPAM or me running a server, so my ISP would 
>reset my DSL resulting in a new public IP address.  This was 
>annoying and made accessing the Myth system from outside more 
>difficult when my public IP address would keep changing frequently.
>
>To stop that, I also turned on the firewall on my Myth system to 
>only allow access from the local networks and 1 public network (my 
>work network).  This stopped the netbots in their tracks.  I could 
>have done the same with my firewall/router, but it doesn't have that 
>functionality (only does port forwarding/blocking).
>
>Jay

I use Dynamic DNS from a free supplier (http://www.no-ip.com) to keep 
my server accessible regardless of ISP public IP address changes. You 
just run a small client on the server and it guarantees that the 
domain will always resolve back home.

-- Mache 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mythtv.org/pipermail/mythtv-users/attachments/20100210/2517cd22/attachment.htm>


More information about the mythtv-users mailing list