Frank Lynch wrote:
Hi Folks,
I'm really starting to like my MythTV box, this is a great project!
In case its relevant I'm running myth 18.1 on Fedora Core 4.
I'd like to be able to access mythweb from the public Internet (so
that I can schedule recordings when I'm not at home etc..). With this
in mind I cretaed an account with dyndns.org, and configured port
forwarding on my router.
I'm guessing that my next step should be to harden my Apache
configuration? should I enable https? are there any other precautions
that I should be taking? The last thing I want is some dirty hacker
having their evil-way with my mythbox!
If this covered in a howto or some other doc I'd appreciate a pointer.
I searched, but I couldn't find anything that covers this specific
topic... I saw the article on tunnelling through ssh[1], but I'd
rather have a solution that my wife could use (she can certainly use a
https site with a user name/password, but its a bit much to ask her to
tunnel over ssh).
thanks,
--Frank
I use just standard apache2 - no https... but the password is apparently
random chars, so no script kid is gonna get to it without really trying
hard.
You can change the port apache runs on, but then that might make
accessing it from work a problem (depending on your workplace's
proxy/firewall etc).
I get the occasional hack attempt, but so far the worst that has
happenned is a DoS (ping of death?) attack which crashed my router.
I'm sure there will be people who'll say what I'm doing isn't secure
enough, and I agree it's not the most secure way to do things - but it
works for me, and has done for a long time. I know the risks...
I look in the logs every week, and from what I've seen in there the
majority of accesses from random IP addresses seem to just be
botnets/kids looking for easy exploits.
It'll be interesting to see what everyone else does though ;-)
Justin.
_______________________________________________
mythtv-users mailing list
[email protected]
http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
