Hi All This happened to myself 2 days ago for the first time. Realised why and is now sorted, however I received the email below today.
I have two questions: 1. What plugin is affected? (This should really have been included in the mail, if it's legit.) 2. Why and how did I receive this mail shortly after my players had been remotely controlled? (I find this strange to be honest, especially as this issue seems to have arisen for the first time in September 2016.) "Hi there, my name is Michael Herger. I'm the maintainer of Logitech Media Server and author of several plugins for the Squeezebox ecosystem. I recently became aware of a scheme where one of my plugins is being abused to "spy" on open LMS installations. I'm writing to you because your LMS seems to be open to the public: your router is forwarding port 9000 (or whatever LMS is using) to the internet. Many of you might have done this to be able to access their music from the office or the road. others might have done it trying to work around some issue. But overall it's a bad idea. We've observed several abuses in the past weeks and months. Unknown visitors: - set a password on LMS, locking its owner out of his/her own music collection - changed the web skin - blasted music at full volume in the middle of the night. And then again five minutes after the owner turned it off. Repeat. - installed the Gallery plugin and had it scan all folders of all the system's disks, causing a crash sooner or later, or spying on its content(!) - could even install their very own plugin to do _anything_ they wanted on your system Ok, all this just to say: please don't open your LMS to the internet. Edit the router configuration to stop forwarding port 900x (and 9090, 3483 if they're open). Uninstall LMS if you no longer use it (it comes pre-installed with some NAS devices). If you still want to be able to access your music collection from the road, use a VPN connection. See eg. the following how-to, by user pippin (of iPeng fame): http://penguinlovesmusic.de/ipeng-the-iphone-skin-for-squeezecenter/how-to-use-the-ipeng-application/known-issues/coolios-guide-to-remote-playback/ Please feel free to get in touch with me should you have any questions. Kind regards, Michael" ------------------------------------------------------------------------ glen66's Profile: http://forums.slimdevices.com/member.php?userid=4365 View this thread: http://forums.slimdevices.com/showthread.php?t=106153 _______________________________________________ Squeezecenter mailing list [email protected] http://lists.slimdevices.com/mailman/listinfo/squeezecenter
