It can be worrisome that someone might have entered your network. Would
you consider to install a device on your network to track and see who is
doing what?
There are many recipes, here's an example:
https://www.instructables.com/id/Raspberry-Pi-Firewall-and-Intrusion-Detection-Syst/
...
> If the security vulnerabilities that allow LMS to be relatively easily
> hacked are simply limited to messing around with the LMS installation
> and services itself, I'm not too worried.
Even this is a problem: loud music starting randomly in the middle of
the night...
You might want to check if the user running LMS has write permissions on
the NAS share mounted on your odroid.
If yes, there's the possibility to put malicious files on it to attack
other devices accessing those files,
Rather unlikely unless the hacker is really competent and motivated, but
d6jg wrote:
> You will never be able to connect via VPN from your internal network -
> that is by design.But a little confusing when you are testing if it works or
> not [emoji3]
Sent from my Pixel 3a using Tapatalk
slartibartfast wrote:
> For what it's worth, when I recently set up OpenVPN on my router I could
> not connect over the VPN from inside my home network. From outside my
> network it worked properly.
>
> Sent from my Pixel 3a using Tapatalk
You will never be able to connect via VPN from your
echable wrote:
> Thank you all for your quick, high-quality replies :)
>
> Nothing seems to have been done with the plugins or anything else, the
> only thing was that the music started by itself.
>
> I have already set up an OpenVPN setup through which I can from e.g. my
> mobile phone
Fro your VPN questions it is probably best for you to move over to a
relatively recent VPN thread.
https://forums.slimdevices.com/showthread.php?111207-Guide-for-setting-up-VPN-remote-access-to-LMS
Paul Webster
http://dabdig.blogspot.com
Author Radio France (FIP etc) plugin
Thank you all for your quick, high-quality replies :)
Nothing seems to have been done with the plugins or anything else, the
only thing was that the music started by itself.
I have already set up an OpenVPN setup through which I can from e.g. my
mobile phone access LMS through its home network
What Paul said.
Really check the 3rd party plugin. I know that some install my
ImageViewer top basically expose all your file system through LMS,
giving "visitors" access to all your photos etc. Check all installed 3rd
party plugins and make sure you really enabled them. Ask here if in doubt.
LMS runs as a normal program - Perl is an interpreted language which
means code can be changed dynamically so very hard to protect once
accessed.
As Paul has mentioned custom plugins are one way but there are many
other ways (e.g. "play" an OPML URL with a custom parser) depending on
the skill
I think that so far no-one has reported anything happening outside of
LMS.
However, if someone was being really malicious they could install a
custom plug in and then that plug in could do anything.
This is why there is a big warning telling people not to do port
forwarding to LMS.
Paul
5am last night my LMS on an Odroid XU4 started playback, I assume it was
because a hacker through port forwarding hacking has accessed my LMS.
The LMS's music source is an NFS mounted drive on a Synology NAS.
No files appear to have been deleted or anything on the NAS. I have shut
down and not
12 matches
Mail list logo
