Can confirm this is a real issue - I ignored the warnings because I
couldn't find any decent instructions on how to set up a VPN tunnel (and
not knowledgeable about the difference between a commercial VPN
provider, such as www.privateinternetaccess.com, which was the only type
of VPN I knew
Thank you for the information
jensavage's Profile: http://forums.slimdevices.com/member.php?userid=69579
View this thread: http://forums.slimdevices.com/showthread.php?t=107165
That's what I was doing so far, damn! Got it, will change now.
Jonas54's Profile: http://forums.slimdevices.com/member.php?userid=69278
View this thread: http://forums.slimdevices.com/showthread.php?t=107165
But why is your nas open to internet, use router vpn!
*SqueezeBoxes:* 1x Transporter (Living room) 1x SB2 (shed), 1x Radio
(Kitchen), 1x Boom (Dining room), 1x piCorePlayer (jacuzzi), 1x
piCorePlayer (Garden) 1x OSMC + Squeezelite (Movie room), 1x Touch
(Study 2), few spare unit's
*Server:*
Just a warning to anyone who blocked theses ports in the past. If you
get a new router and and use Synology's automatic router configuration,
pay a little more attention than I did. I had blocked theses ports years
ago on my old router and did not think to tell the server to not open
them back
mherger wrote:
>
>
> And then there's that undocumented pref you can set to disable the check
>
> in such an exceptional case.
>
>
So how to disable this check? I didn't find the answer! I want to
disable it. Where is that pref, what should i do to disable it?
mherger wrote:
> The Gallery plugin was developed for pictures only.
Thanks for sharing your thoughts!!
With the above & the seemingly normal outgoing traffic volumes my router
is showing, I'm trying to semi-comfort my mind that someone had their
fun, looking at family pics or a weekend
dr..mike wrote:
> Assuming, someone 'only' installed the gallery plugin: does this allow
> reading / downloading also PDFs, excels, docs and so on? Or 'only' shows
> pictures it finds?
>
> Am I understanding correctly, that once someone accessed the LMS, the
> user & password had to be set,
I backtracked on that thread (should be working instead...) and I want
to say having a password protecting settings from remote accesses will
be (is?) a great addition.
To those with routed VPNs complaining about the extra password, I say
use a bridged network, it makes player discovery work ;)
what did the clown do?
See the very first posting in this thread.
--
Michael
___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/mailman/listinfo/discuss
Grumpy Bob wrote:
> I gave up on remotely accessing my LMS after I inadvertently left the
> ports open when the vpn no longer worked. I had some clown playing stuff
> on my system. Nowadays I have a backup on a wifi enabled WD Passport
> drive that runs its own copy of LMS. I use that to play
I gave up on remotely accessing my LMS after I inadvertently left the
ports open when the vpn no longer worked. I had some clown playing stuff
on my system. Nowadays I have a backup on a wifi enabled WD Passport
drive that runs its own copy of LMS. I use that to play locally to
mobile devices or
drmatt wrote:
> Personally I would kill the idea of streaming flac to mobile devices and
> just bandwidth limit the client in LMS. 320kb MP3 is undoubtedly good
> enough when out and about. I would guess the limitation is insufficient
> pre buffering, whereas internet video players would be more
Personally I would kill the idea of streaming flac to mobile devices and
just bandwidth limit the client in LMS. 320kb MP3 is undoubtedly good
enough when out and about. I would guess the limitation is insufficient
pre buffering, whereas internet video players would be more aware of the
epoch1970 wrote:
> Right. Past the 3 openvpn options I've described just above, I don't
> know what to do next.
> I suppose the idea could be to increase buffering in the player, but I'm
> not sure how to do that properly with squeezelite (?).
> Also take a look at your LMS settings for players,
Pommes wrote:
> So it must be some kind of issue between squeeze play and open VPN on
> windows which makes the bottleneck.
Right. Past the 3 openvpn options I've described just above, I don't
know what to do next.
I suppose the idea could be to increase buffering in the player, but I'm
not sure
epoch1970 wrote:
> Mhh. FLAC or WAV take a lot of bandwidth, probably the tunnel can't keep
> up.
> I have used bridged OpenVPN tunnels from time to time, everything is
> fine for mp3/AAC/CD-quality stuff but for hi-def or hi-quality I've seen
> issues.
> The server side uses its upload link to
Pommes wrote:
> I edited my ovpn file on windows, squeezeplay still not able to play
> flac without buffering every few seconds.
Mhh. FLAC or WAV take a lot of bandwidth, probably the tunnel can't keep
up.
I have used bridged OpenVPN tunnels from time to time, everything is
fine for
epoch1970 wrote:
> In other words, try to add >
Code:
> > sndbuf 131072
> rcvbuf 131072
> > in the OpenVPN configuration file of the Win7 machine and see if
> squeezelite works better.
I edited my ovpn file on windows, squeezeplay still not able
Pommes wrote:
> I tested again:
> When I connect my iPhone from remote to my LMS at home via openvpn, it
> connects as cellular, both on WiFi and 4g/lte
> When I connect my iPhone from remote to my LMS at home via public ip/
> open ports, it connects as WiFi, both on WiFi and 4g/lte
> Thats
In other words, try to add
Code:
sndbuf 131072
rcvbuf 131072
in the OpenVPN configuration file of the Win7 machine and see if
squeezelite works better.
3 SB 3 Libratone Loop, Zipp Mini iPeng (iPhone + iPad) LMS 7.9
(linux) with plugins:
epoch1970 wrote:
> (I don't understand your connection test report. Anyways.)
>
> Are you using an UDP tunnel or a TCP tunnel for OpenVPN? I would think
> UDP works much better.
> There seems to be a Win7-specific OVPN issue with network buffer sizes:
>
(I don't understand your connection test report. Anyways.)
Pommes wrote:
> When connecting via openvpn, all my iPads,Mac, iPhones work well, but my
> old windows7 squeezeplay laptop buffers every few seconds.
Are you using an UDP tunnel or a TCP tunnel for OpenVPN? I would think
UDP works much
mherger wrote:
> There's no known, major issue yet. But LMS has not been developed with
> security in mind. A lot has been added to lower the risks. But I
> wouldn't be surprised if there were major issues we don't know yet.
Thank you Michael,
I think I will leave the ports open for now. It is
Pommes wrote:
> I have put a user/password into LMS, so do you really think its a huge
> security problem with the open ports???
> Pease let me know what you honestly think of the security risks.
There's no known, major issue yet. But LMS has not been developed with
security in mind. A lot has
> Open VPN only seen as cellular
Even when connected via wifi to a hostspot?
If from within your own (wifi) LAN the iPhone doesn't know how to reach
the public address of your OVPN gateway, I suspect it would send that
traffic to cellular which is an external network.
3 SB 3 Libratone Loop,
Hi,
after opening the ports today I found this thread.
Now I set up OpenVPN and it works fine, only one issue:
In iPeng I set the Audio Bitrate for cellular to 192kbit and for WiFi to
unlimited .
Unfortunately this doesnt work with open vpn. All music is transcoded
to 192 when connected to
mherger wrote:
> >
> I think if you're using VPN to access your LMS at home, then you're on
> the safe side. Nothing to log or investigate.
>
> --
>
> Michael
Thanks Michael.
*Music Store: *Synology DS215J NAS*
Home Server/Player:* LMS 7.9.1 on Pi 3B piCorePlayer v3.22
Server/IQAudio
I have been following, but not fully understanding this thread, for
quite a while and thought I'd better ask the question.
I think if you're using VPN to access your LMS at home, then you're on
the safe side. Nothing to log or investigate.
--
Michael
I have been using my Synology NAS, which sits behind my cable TV router,
as a VPN Server for connections to my LAN from remote locations.
The only use I have for this is for using LMS/Player combinations,
usually but not exclusively on my Android Phone, on the rare occasions
that I am away from
DJanGo wrote:
> @Tim:
> The "clever" People are the People that causes Michael to open this
> Thread and thinks about a "solution" or minimize the worst case
> szenario.
>
> AFAIK Michael wants a solution that the settings from LMS (even when the
> LMS Server IP & Ports are forwarded to the
d6jg wrote:
> No issues Michael. I use site to site IPSEC and SSL client VPNs via
> Draytek Vigor router that is also a VPN server.
> I was simply saying that router & vpn on the same device may be a little
> more common than you might think.
>
>
> Sent from my iPhone using Tapatalk
Yes my
mherger wrote:
> > My gateway is also my VPN server. It may be more common than you
> think.
>
> Are you saying you're facing any issue due to these recent changes?
>
> I said it wasn't common because I doubt there are many LMS users using a
>
> VPN. That simple. And in a VPN situation you
Jeff07971 wrote:
> I don't think d6jg will have a problem, I think he uses the same system
> as I.
> I tried accessing via both IPSEC and SSL (To iPhone with iPeng ) and had
> no problems playing etc though I have not tried "settings"
> I could not work out how to see the accessing IP in the log
Paul Webster wrote:
> Turn on the http logging that mherger referred to. I saw it in there
> earlier today.
Thanks for that, Yes I can confirm that the accessing IP address is that
assigned by the VPN to the remote device (In my case this is NATted to a
fixed IP)
*Players:*
Jeff07971 wrote:
>
> I could not work out how to see the accessing IP in the log ( I tried
> Plugin:cli @ info level logging ) though.
>
> Jeff
Turn on the http logging that mherger referred to. I saw it in there
earlier today.
Paul Webster
http://dabdig.blogspot.com
mherger wrote:
> > My gateway is also my VPN server. It may be more common than you
> think.
>
> Are you saying you're facing any issue due to these recent changes?
>
> I said it wasn't common because I doubt there are many LMS users using a
>
> VPN. That simple. And in a VPN situation you
PasTim wrote:
> I'm not trying to be clever or better, just trying to understand my
> options. I'm the only (valid) user. Why would I need to change a
> setting on an update?
>
> I don't really understand what or who you mean about the "clever" guys
> (and presumably gals) and Michael
My gateway is also my VPN server. It may be more common than you think.
Are you saying you're facing any issue due to these recent changes?
I said it wasn't common because I doubt there are many LMS users using a
VPN. That simple. And in a VPN situation you would dial in to the
router, but
mherger wrote:
> > This unfortunately might be a very common problem as a VPN server is
> > often the GW (Mine is both, IPSEC and SSL)
>
> I doubt it'll be anywhere near "common". Please let me know if it causes
>
> you a problem.
>
> --
>
> Michael
My gateway is also my VPN server. It may
DJanGo wrote:
> Hi,
>
> sounds like a "clever" idea but
>
> 1)
> Who should change that setting?
>
> The Installer/updater on a clean install -> yes
> The Installer/updater on a update install ->
> The Installer/updater on a update install where -allowedHosts: 127.*,-
> not in the
PasTim wrote:
> Notwithstanding the recent LMS security improvements, I assume that
> explicitly specifying each of the local IP addresses that might use LMS
> in the 'Allowed' list, and not including the router, will achieve much
> the same effect, so I don't need to use the CLI password. If an
Notwithstanding the recent LMS security improvements, I assume that
explicitly specifying each of the local IP addresses that might use LMS
in the 'Allowed' list, and not including the router, will achieve much
the same effect, so I don't need to use the CLI password. If an SSH or
VPN server is
I have not updated my LMS yet but I thought I'd try connecting via a VPN
to see what happens.
I installed OpenVPN on a Pi (not the one running LMS) and used port
forwarding on intermediate routers to get the traffic from an iOS device
using iPeng through the VPN server to the LMS server ... and
mea culpa i just forget the NAT/Routing Mode from some devices
There is the transparent Mode and the NAT/Routing Mode thats the one
Michael is using. That Mode really translates the external IP from
sender/receiver to the router.
Both modes now should be covered.
--
Michael
mherger wrote:
> > I therefore surmise that the SSH server is sending from the music
> > server's own IP address to the same address.
>
> Hmm... it depends on how your tool is setting up the tunnel. But when I
>
> ssh into my box and forward requests to the internal IP of the LMS
> machine,
I therefore surmise that the SSH server is sending from the music
server's own IP address to the same address.
Hmm... it depends on how your tool is setting up the tunnel. But when I
ssh into my box and forward requests to the internal IP of the LMS
machine, then LMS does see the IP address
mea culpa i just forget the NAT/Routing Mode from some devices
There is the transparent Mode and the NAT/Routing Mode thats the one
Michael is using. That Mode really translates the external IP from
sender/receiver to the router.
Oh, good point. Thanks for the hint. I did have a check
DJanGo wrote:
> And thats exactly how it works.
>
> own PC -> private IP Adress -> Router ISP official IP Adress ->
> {Internet} <- Router external IP <- foreign private IP.
>
> Its the MAC Adress thats changed to the router not the IP.
mea culpa i just forget the NAT/Routing Mode from some
paul- wrote:
> Not that I do this, but I opened up the ports to do some testing. On my
> netgear router, when it lets the traffic in, the connection at the
> server is shown as whatever the external device address.
And thats exactly how it works.
own PC -> private IP Adress -> Router ISP
mherger wrote:
> >
> I guess that most systems which currently are systematically attacked
> simply forward port 900x on their router to LMS. In this case the
> incoming IP address would be the gateway's.
>
Not that I do this, but I opened up the ports to do some testing. On my
netgear
mherger wrote:
> > I go no report at all with the plugin.cli info settings.
>
> plugin.cli is only used by the CLI itself. But network.http=info would
> be more helpful.
>
> > So a local port 9000 is set up in ConnectBot to route to my
> > home-server-ip-address:9000.
>
> That's a use case I
However, the gateway is only a hop point. Even in a DNAT network, if
you allow an external device through the firewall, it will not have the
gateways address.
I guess that most systems which currently are systematically attacked
simply forward port 900x on their router to LMS. In this case
I go no report at all with the plugin.cli info settings.
plugin.cli is only used by the CLI itself. But network.http=info would
be more helpful.
So a local port 9000 is set up in ConnectBot to route to my
home-server-ip-address:9000.
That's a use case I haven't tested yet. Will do. Could
PasTim wrote:
> I don't know how the ip_is_gateway works, but since the IP I see for ssh
> is certainly not for my gateway maybe that's why it doesn't get trapped
> on my system (which has no password set).
He is simply using the lms servers routing table to find the gateway
address.
If I
Paul Webster wrote:
> Try increasing the log level for the module I referred to above.
> I think it will log both success and failure with the IP address.
I go no report at all with the plugin.cli info settings.
Maybe I have misunderstood something (wouldn't be the first time!), so I
had better
PasTim wrote:
> Yes, I have that code. In my server.prefs 'protectSettings' is set to
> 1. I don't know how the ip_is_gateway works, but since the IP I see for
> ssh is certainly not for my gateway maybe that's why it doesn't get
> trapped on my system (which has no password set).
Try
Paul Webster wrote:
> Correction - I see it was merged into 7.9 branch 5 days ago.
> https://github.com/Logitech/slimserver/tree/public/7.9/Slim/Plugin/CLI
>
> Try turning on Info level logging in "(plugin.cli) - Command Line
> Interface (CLI)"
>
> If you have access to the source code then
Paul Webster wrote:
> I noticed the changes in the secureSettings branch in github.
> I don't think it is in the daily build yet.
Correction - I see it was merged into 7.9 branch 5 days ago.
https://github.com/Logitech/slimserver/tree/public/7.9/Slim/Plugin/CLI
Try turning on Info level
Ok, I see it. Thanks.
JJZolx's Profile: http://forums.slimdevices.com/member.php?userid=10
View this thread: http://forums.slimdevices.com/showthread.php?t=107165
___
discuss
JJZolx wrote:
> How do you determine that the connection is coming from "outside"? If
> someone is doing port forwarding in order to make the LMS server
> available to the internet, wouldn't the connection appear to come from
> the router on the same subnet?I think you answered your own
mherger wrote:
> > As I understand it from some of the previous discussion, something
> has
> > been added to a recent LMS to require a password to change settings
> if
> > coming from the router/gateway address. Is that right? If so, which
> > password is that?
>
> I tried to explain this
Paul Webster wrote:
> I noticed the changes in the secureSettings branch in github.
> I don't think it is in the daily build yet.
I see. I think I misunderstood 'stable release' to mean beyond the 9.1
beta daily updates, rather than just in github.
LMS 7.9.1 on VortexBox Midi box, Xubuntu
PasTim wrote:
> I'm running Logitech Media Server Version: 7.9.1 - 1515659378 @ Thu Jan
> 11 09:26:58 UTC 2018
I noticed the changes in the secureSettings branch in github.
I don't think it is in the daily build yet.
Paul Webster
http://dabdig.blogspot.com
Paul Webster wrote:
> What does your LMS system see as your IP address when you connect in via
> that route?
> I don't remember if LMS logs it ... but you could SSH to the LMS server
> and type
> set | grep -i ssh
> on a pCP server (and I suspect other Linux platforms) you will see the
> IP
PasTim wrote:
> I managed to get my remote access working again (a while since I had
> used it and some bits and bobs have changed). Using SSH (port 22) and
> public key. With Squeeze Commander I could still change the audio
> settings of players, even though I have no CLI password set. Is
mherger wrote:
> > As I understand it from some of the previous discussion, something
> has
> > been added to a recent LMS to require a password to change settings
> if
> > coming from the router/gateway address. Is that right? If so, which
> > password is that?
>
> I tried to explain this
mherger wrote:
> > Ok, figured it might be something like that. Not an easy problem to
> > solve. In this circumstance it would be better to receive a page back
> > that says *why* the request was blocked and where to look to allow it
> > rather than a 403. Anonymise the hell out of the response
mherger wrote:
> > This unfortunately might be a very common problem as a VPN server is
> > often the GW (Mine is both, IPSEC and SSL)
>
> I doubt it'll be anywhere near "common". Please let me know if it causes
>
> you a problem.
>
> --
>
> Michael
Hi Michael
No I don't think it'll be a
Ok, figured it might be something like that. Not an easy problem to
solve. In this circumstance it would be better to receive a page back
that says *why* the request was blocked and where to look to allow it
rather than a 403. Anonymise the hell out of the response of course so
people can't
As I understand it from some of the previous discussion, something has
been added to a recent LMS to require a password to change settings if
coming from the router/gateway address. Is that right? If so, which
password is that?
I tried to explain this before... If you have a password set,
This unfortunately might be a very common problem as a VPN server is
often the GW (Mine is both, IPSEC and SSL)
I doubt it'll be anywhere near "common". Please let me know if it causes
you a problem.
--
Michael
___
discuss mailing list
mherger wrote:
> >
> > Interested to see how the code can distinguish an external request
> from
> > internal though.[/color]
>
> It's not very sophisticated, and not even fully correct: when a request
> is coming from the network's default gateway, I'm assuming it's coming
> from the outside.
I'm not sure whether I'm an 'average joe' or not. However, having spent
a working lifetime in IT (albeit nothing much to do with security) I
suspect not quite (judging by most of my friends). Nonetheless I have
found it pretty hard to work out how to do stuff like use ssh, ddns (my
IP address
mherger wrote:
> > Clearly, computers should be licensed only to those who can pass a
> > test... (and device developers should be forced to use the products
> they
> > produce...)
>
> Ahm... well, at least for the SB I can assure you, I do use it. But
> there clearly are products I've been
Clearly, computers should be licensed only to those who can pass a
test... (and device developers should be forced to use the products they
produce...)
Ahm... well, at least for the SB I can assure you, I do use it. But
there clearly are products I've been working on I hardly ever (or never)
whatever Joe uses it must be somewhere up2date. And needs some minimal
security.
Fully agreed. Up to date and well configured. Then the difference in
terms of ssh vs. VPN aren't what you think.
Using VPN or not is a big difference.
As is ssh. But again: only if well configured etc. You
Clearly, computers should be licensed only to those who can pass a
test... (and device developers should be forced to use the products they
produce...)
Interested to see how the code can distinguish an external request from
internal though.
-Transcoded from Matt's brain by Tapatalk-
--
slartibartfast wrote:
> That does target devices with the default password though. -You- would
> normally change it.
Is -You- Average Joe ?
How many additional lines are needed no sending the std. passwort but
prase from a dictionary?
The Answer is: one additional line of source code.
DJanGo wrote:
> since michael didnt see edits.
>
> just a not so old example
> http://www.zdnet.com/article/linux-malware-enslaves-raspberry-pi-to-mine-cryptocurrency/That
> does target devices with the default password though. You would
normally change it.
Sent from my SM-G900F using
since michael didnt see edits.
just a not so old example
http://www.zdnet.com/article/linux-malware-enslaves-raspberry-pi-to-mine-cryptocurrency/
DJanGo's Profile: http://forums.slimdevices.com/member.php?userid=1516
mherger wrote:
> But then, please tell Joe Average what safe method there is to access
> his network from the outside.
> If ssh isn't, then don't even start to type the other three letters
> starting
> with "V".
>
> --
>
> Michael
Hi,
whatever Joe uses it must be somewhere up2date. And
Since i am in charge for the computer stuff in my company and should
know some tricks and basics - i cant say ssh from outside is somewhere
near safe.
We all appreciate your knowledge. But then, please tell Joe Average what
safe method there is to access his network from the outside. If ssh
mherger wrote:
> > Is opening those ports in this way likely to expose me to much risk?
>
> SSH should be fine if it's well configured and maintained.
>
> --
>
> Michael
mea culpa Michael,
but thats a little bit tooo short
Remember under a actual version of Raspbian ssh isnt activated
How do you require a password if one hasn't been set in the options?
You can't. In order to get access to the settings from the outside you'd
have to set a password. Otherwise you'd simply get blocked (http status
403 - "forbidden"), no questions asked.
--
Michael
How do you require a password if one hasn't been set in the options?
JJZolx's Profile: http://forums.slimdevices.com/member.php?userid=10
View this thread: http://forums.slimdevices.com/showthread.php?t=107165
I see some LMS changes being made to try to improve this (password
needed to get to settings from outside).
Of course, it will need people to update their LMS to do it but a good
first step.
That's correct. I was fighting over this myself. But looking at open
systems there obviously are quite
I see some LMS changes being made to try to improve this (password
needed to get to settings from outside).
Of course, it will need people to update their LMS to do it but a good
first step.
Paul Webster
http://dabdig.blogspot.com
mherger wrote:
> > Is opening those ports in this way likely to expose me to much risk?
>
> SSH should be fine if it's well configured and maintained.
>
> --
>
> Michael
Thanks.
LMS 7.9.1 on VortexBox Midi box, Xubuntu 17.10, FLACs 16->24 bit,
44.1->192kbps. Touch & EDO. 2nd Touch
Is opening those ports in this way likely to expose me to much risk?
SSH should be fine if it's well configured and maintained.
--
Michael
___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/mailman/listinfo/discuss
I have tested (and occasionally used) LMS remotely on my mobile using an
SSH login with a public/private key arrangement, from mobile and DDNS
(since my IP changes regularly). To enable this I opened port 9 (for
Wake on Wan) and 22 for SSH to my LMS server. I closed the ports after
the test.
Is
Yes did that.
Had to do it on a new virtual instance of linux server install. Openvpn.
Everything works out fine.
Gave up on dd-wrt and openvpn server install there. Made it work but the
router became unstable (100%cpu).
Actually a better solution than exposing LMS direct to internett IMO.
bambadoo wrote:
> Another victim here. Couldn't figure out what happened. Crashed
> occasionally. High cpu spikes and gallery plugin was installed. Disabled
> it and it kept coming back..
> This was on a Netgear NAS and it scanned through everything.
> Also additional repos was configured.
>
Another victim here. Couldn't figure out what happened. Crashed
occasionally. High cpu spikes and gallery plugin was installed. Disabled
it and it kept coming back..
This was on a Netgear NAS and it scanned through everything.
Also additional repos was configured.
Music library is around
After your warning (this post), I'm quite sure I've properly closed the
open ports and also disable the port forwarding on the internet. But
issue/ hack stills happen (Actually, I can see this happen because I've
got huge CPU load during many hours as it was scanning hard drive).
The huge CPU
If you're still being hacked after genuinely disabling the port from
internet access that means the hackers are already inside your
network... Suggest you look at intrusion detection software.
-Transcoded from Matt's brain by Tapatalk-
--
Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP
tom6475 wrote:
> Hello
>
> After your warning (this post), I'm quite sure I've properly closed the
> open ports and also disable the port forwarding on the internet. But
> issue/ hack stills happen (Actually, I can see this happen because I've
> got huge CPU load during many hours as it was
Hello
After your warning (this post), I'm quite sure I've properly closed the
open ports and also disable the port forwarding on the internet. But
issue/ hack stills happen (Actually, I can see this happen because I've
got huge CPU load during many hours as it was scanning hard drive).
Is there
Nonreality wrote:
> So am I understanding that I should not have auto updates turned on in
> LMS?
>
No. The logic was that if an update was made to close the hole in LMS
then those with updates enabled would get it.
However, the world is not that simple.
Paul Webster
Paul Webster wrote:
> You could change LMS to require a password if the IP address is not
> local and have a maximum number of password attempts before suspending
> such access for X hours - and a setting to disable all of this for
> someone who really insists on taking the risk.
> At least
1 - 100 of 144 matches
Mail list logo
