Hello. I've noticed the last two evenings that one of the tuner indicators was lit when in standby. There was nothing recording. On switching the box on, a second tuner lit. I've tried clean flashing the box and it was fine all day. Something is happening in the small hours. I have got auto bouquets set up to refresh each night and the epg to refresh too. Auto bouquets uses tuner D and (I believe) epg is refreshed online.
Not sure if this is pointing at a hardware fault or if anyone can help.
Thanks in advance.
Gary

Are you sure the tuner isn't actually in use? e.g. by someone trying to stream (to a mobile device or a PC)?
You can disconnect the Ethernet cable to be absolutely sure about that.
But also Cross or ABM might be running.

Having said that: it happens to my Ultimo as well (although very rarely). No stream, no recordings, and still Enigma thinks that one tuner is being used. That means that a tuner hasn't been properly released when it should have been: not much you can do about it. It fixes itself after some time, but you can also restart E2.

Hi Rob. Thanks for that; very useful. I'm not aware of any remote connections but will disable the functionality to be sure and see how that works out.
Gary

Having said that: it happens to my Ultimo as well (although very rarely). No stream, no recordings, and still Enigma thinks that one tuner is being used. That means that a tuner hasn't been properly released when it should have been: not much you can do about it. It fixes itself after some time, but you can also restart E2.

Now you mention that, I have noticed the same. But, it's only really the usb dvb-t2 tuner that's cause the problem. Internal tuners haven't show this iirc...

There was a similar issue reported on the forum last night
http://www.world-of-satellite.com/showthread.php?35247-Weird-Tuner-and-OpenWebif-issue&p=266513#post266513

Could they all be connected? In my case I didn't check to see if both tuners were in use but it is possible and would explain all the data usage.

I have no USB-tuners.

Hi mate,

http://www.world-of-satellite.com/showthread.php?35247-Weird-Tuner-and-OpenWebif-issue&p=266513#post266513


Yep that's my post, I think someone has been viewing my box. However when I took the Ethernet out the box it was still displaying that someone was using a tuner. Again no recordings. At the moment I've totally turned off my dyndns account and port forwarding to see if it occurs again. At the moment it seems to be ok.

Out if interest is there a way to track the person who was watching it? Because I've also changed my password on the box but somehow 24 hours later they got access again.

It depends on the router that you have. On mine I can login and go to system logs/connections and that displays all ip's that are connected. You can then use
whois.net to get some info on the ip.

You could also use cmd in windows to get any ip address connected to your network.

It depends on the router that you have. On mine I can login and go to system logs/connections and that displays all ip's that are connected. You can then use
whois.net to get some info on the ip.

I can see the IP addresses inside my house and what they are connecting to but not the other way round. I can't see what is accessing me. I have an asus rt-n66u router. I'll have to research on that or use cmd like you said. Thanks

The telnet command 'netstat' will tell you who is connected.

It's a worry isn't it. I've locked my system down with new passwords and keys galore on the box and router to see if this happens again.
Gary

It's a worry isn't it. I've locked my system down with new passwords and keys galore on the box and router to see if this happens again.
Gary

It is mate. I was in panic when I realised that someone was watching MY tv. I've been port forwarding my cctv and nas for years without any problems and im really surprised that this has occurred TWICE IN TWO DAYS. Ive just turned everything off from the router. At the moment everything seems fine.

It's quite easy to do a google search for OpenWebif interace. If you've opened it to external networks, even on a non standard port without password protecting it, you can expect these issues.

Just did a google search, first page shows me two boxes I can fully take control of.

So far no worries: this is about a tuner in (apparent) use. As disconnecting the Ethernet cable apparently doesn't help, and no outcome of 'netstat' has been posted, it looks like the issue I mentioned: sometimes the tuner is simply not being released.

I defo got hacked the other day... Just done a box for someone ...and did not change password immediately. I noticed the rec. Came on and noticed my motorised dish was moving to porn channel. I turned the channel over and the other person turned it back. Had a bit of a game to ensure it was not software error.......pulled out cat5 cable and all ok.
Changed my ip with my isp and changed box password and ok up till now.

Seems like mass search on port 8002...???? With default box passwords.

The outcome of netstat has not been posted as I've turned off my port forwarding and dyndns account so no one can access anything. So far I've had no problems with the tuner. Just tuner A shows as it should. So someone was watching my box. But how did they manage to get my new password?

I've had the exact same thing happen to me over the weekend. The wife was having trouble recording a program and watching another as it said the other tuner was in use. I thought and still do it was the tuner not releasing after I had been streaming to my phone from work. I restarted the box and as soon as picture on the TV came back on the record symbol appeared again right away giving us the same problem recording. SO yesterday morning I reflashed the box and changed the password and all is ok now. Thing that gets me is I've had the box passworded and it is quite a strong password with upper/lower case and numeric so I can't see how someone could just guess that ?

There seems to be a lot of this going on lately. Is there a tutorial on the site for changing the default password?

I've had the exact same thing happen to me over the weekend. The wife was having trouble recording a program and watching another as it said the other tuner was in use. I thought and still do it was the tuner not releasing after I had been streaming to my phone from work. I restarted the box and as soon as picture on the TV came back on the record symbol appeared again right away giving us the same problem recording. SO yesterday morning I reflashed the box and changed the password and all is ok now. Thing that gets me is I've had the box passworded and it is quite a strong password with upper/lower case and numeric so I can't see how someone could just guess that ?

Are you sure your password changed? When I changed mine I used cmd on windows and it confirmed that the password was changed but when I used flashfxp to connect to the box which had been setup previously with the default password it connected.

Are you sure your password changed? When I changed mine I used cmd on windows and it confirmed that the password was changed but when I used flashfxp to connect to the box which had been setup previously with the default password it connected.

No sorry what I meant was I couldn't believe someone could of guessed my original password because I thought it was quite a strong one to begin with. When I reflashed the receiver yesterday morning I changed the password again using Putty like I always do after a reflash.

I would never allow HTTP access (i.e. portforwarding); a password provides no security.

I've had the exact same thing happen to me over the weekend. The wife was having trouble recording a program and watching another as it said the other tuner was in use. I thought and still do it was the tuner not releasing after I had been streaming to my phone from work. I restarted the box and as soon as picture on the TV came back on the record symbol appeared again right away giving us the same problem recording. SO yesterday morning I reflashed the box and changed the password and all is ok now. Thing that gets me is I've had the box passworded and it is quite a strong password with upper/lower case and numeric so I can't see how someone could just guess that ?

Did you restore your settings after reflash or manually enter them in?

I have also changed my password to alphanumeric with lower and uppercase letters but somehow they still got in the next day.

No sorry what I meant was I couldn't believe someone could of guessed my original password because I thought it was quite a strong one to begin with. When I reflashed the receiver yesterday morning I changed the password again using Putty like I always do after a reflash.

Try to connect to your box using the default password on the image and see if you can get access.

There seems to be a lot of this going on lately. Is there a tutorial on the site for changing the default password?

Just as you said. I used telnet and used ' passwd' command which changed the password however I have not tried to ftp it. I may have to try that.

Did you restore your settings after reflash or manually enter them in?

I have also changed my password to alphanumeric with lower and uppercase letters but somehow they still got in the next day.

I entered everything back in manually.

Try to connect to your box using the default password on the image and see if you can get access.

Bloody hell I can still log in with my old password and with the new one, how's that possible ?

See what I realised is that my router was showing that it was uploading large amounts of data on a wired connection and at that time I only had my duo connected via wire.

Is there a security hole in these boxes?

I think we should do as Rob says and not allow HTTP access until we figure out what is going on.

See what I realised is that my router was showing that it was uploading large amounts of data on a wired connection and at that time I only had my duo connected via wire.

Well the good thing so far is I haven't had any 'tuner is use' problems since changing the password, so before getting all paranoid I'm just going to monitor what's going on over the next few days and keep a close eye on this thread.

Well the good thing so far is I haven't had any 'tuner is use' problems since changing the password, so before getting all paranoid I'm just going to monitor what's going on over the next few days and keep a close eye on this thread.

But the funny thing is I've changed my password but they still got access. Btw, I've just checked flashxp and used my old password and it didn't allow access. Used my new one and it allowed me access.

I think we should do as Rob says and not allow HTTP access until we figure out what is going on.

I actually agree with you. But what I'm thinking of doing is re-enabling it again, see if someone accesses it and then try and track the f***ers. If it happens again then I'll definitely disable it for good.

But the funny thing is I've changed my password but they still got access. Btw, I've just checked flashxp and used my old password and it didn't allow access. Used my new one and it allowed me access.

Did you try it with the default password?

There is no default password.

Did you try it with the default password?

What is that?

Rob said there isn't a default one?

There is no default password.

Every box I've ever owned has come with a default password ie dreambox password is dreambox. Its this password that is giving me access via ftp even tho my password has been changed.

Not in VIX , we dont have a default password.

Sent from my GT-I9305 using Tapatalk

What I'm saying is that the box will come with a password before it is flashed. If I try to access my box with gigablue which was the original password or the password I have changed to then I get access but if I try an incorrect one the connection is rejected as you would expected.

Surely I shouldn't be gaining access with both and if I can that means someone else can too.

What I'm saying is that the box will come with a password before it is flashed. If I try to access my box with gigablue which was the original password or the password I have changed to then I get access but if I try an incorrect one the connection is rejected as you would expected.

Surely I shouldn't be gaining access with both and if I can that means someone else can too.

Stanman is right there is no password by default only the username which is "root", you have to manually change a password using Putty or something similar using the passwd command. What you are saying is the original formware with the GB did have one but as soon as you flash it with ViX then what Stanman is saying is correct.

Then it shouldn't be possible for me to access the box using the password from the original firmware but for some reason I can and I can also access it with the one that I have changed too. :confused:

Can anyone else try this on a gigablue and confirm if they can get access with two different passwords?

I'm seeing problems accessing my own box via openwebif. I can telnet into the box using the root password I've set but openwebif is saying the password is incorrect. I thought the root password was used in openwebif too?
Is anyone else seeing this?
Gary

Gary I'm not seeing that. The default password doesn't allow me access to openwebif, so basically it works as it should on my end. Only the new password works on openwebif and flashxp as it should. So it works but how did they get my new password then?

Keylogger on your pc maybe?

A simple password provides no security at all. Especially HTTP-ports are under constant 'surveillance'.
And remember: once in a box, they're in your complete network.
You have any info on your lappy/PC/NAS/whatever you don't want strangers to have a look at (a bank account maybe :) ) ?
If so: never forward a port with only HTTP/Password.

A simple password provides no security at all. Especially HTTP-ports are under constant 'surveillance'.
And remember: once in a box, they're in your complete network.
You have any info on your lappy/PC/NAS/whatever you don't want strangers to have a look at (a bank account maybe :) ) ?
If so: never forward a port with only HTTP/Password.

So what your saying Rob is transcoding feature is a security risk? As the plugin uses http port 8002 .
If this is the case is there a secure option

No: transcoding is no risk at all. Forwarding a (any) port to a (any) device in your network is however accepting a severe security risk. Hence I'll never do that.
Although I'm far from an expert in this area, I would only use port-forwarding when using VPN. As far as I know that should be secure. And most mobile devices support that nowadays.
But maybe HttPS is also secure enough?
Anyway: don't ask me how to set it up :p The only thing I know is that I'll never ever use port-forwarding for HTTP/Password.

Hi guys,

I'm no expert either but obviously when you open any ports via http to the net then you are leaving yourself open to an attack, regardless of how obscure your specified port number is. These hackers run a port scan against your IP address to check what ports are opened and access your internal network from there.

If you are unsure what ports etc. you have opened then there are websites that can run a port scan etc. against your IP address to assess how secure your network is. ShieldsUp is one that I used a long time back, I'm sure there are better ones too but it does the job.

But as Rob says, at least go down the https route if you are going to open ports..

Cheers,
mcquaim

Hi guys,

Upgraded to zeus last week and this morning I turned on my duo to find that Tuner A has been occupied. Someone has been watching my tv again.

I ran the netstat command and the ip address I got was: 91.121.218.83:34698.

I then ran an ip-address.com search and found out that ip address is located in Belgium.

Now I think Ill have to go for the vpn server way to stop this happening (as Rob and mcquaim said).

Just thought Id point out that its happened again, so be aware. p.s: I changed my password via telnet shortly after zeus flash.

Hi guys,

Upgraded to zeus last week and this morning I turned on my duo to find that Tuner A has been occupied. Someone has been watching my tv again.

I ran the netstat command and the ip address I got was: 91.121.218.83:34698.

I then ran an ip-address.com search and found out that ip address is located in Belgium.

Now I think Ill have to go for the vpn server way to stop this happening (as Rob and mcquaim said).

Just thought Id point out that its happened again, so be aware. p.s: I changed my password via telnet shortly after zeus flash.

what about your router password etc ?.

once there in, its best to do a full clear out, just changing a password is often not enough.

Hi guys,

Upgraded to zeus last week and this morning I turned on my duo to find that Tuner A has been occupied. Someone has been watching my tv again.

I ran the netstat command and the ip address I got was: 91.121.218.83:34698.

I then ran an ip-address.com search and found out that ip address is located in Belgium.

Now I think Ill have to go for the vpn server way to stop this happening (as Rob and mcquaim said).

Just thought Id point out that its happened again, so be aware. p.s: I changed my password via telnet shortly after zeus flash.

As far as I'm aware, having a strong password will only help prevent people getting into your OpenWebIf interface. So that's port 80 covered. However, ports 8001 & 8002 don't require authentication to watch the stream, so someone from Belgium just needed to figure out a channel ID e.g. the serviceref, and append it to your public ip.

E.g.

http:// yourpublicIP: 8001 / 1:0:19:F17:7F7:2:11A0000:0:0:0:

Did the full netstat command show that the stream was going out on port 8001?

what about your router password etc ?.

once there in, its best to do a full clear out, just changing a password is often not enough.

Yep I changed that again just to be on the safe side.

As far as I'm aware, having a strong password will only help prevent people getting into your OpenWebIf interface. So that's port 80 covered. However, ports 8001 & 8002 don't require authentication to watch the stream, so someone from Belgium just needed to figure out a channel ID e.g. the serviceref, and append it to your public ip.

E.g.

http:// yourpublicIP: 8001 / 1:0:19:F17:7F7:2:11A0000:0:0:0:

Did the full netstat command show that the stream was going out on port 8001?

Ohhh right, that's really interesting actually. I think you might be right because last time it happened the guy was watching the same channel sky action.

Yes the netstat showed the ip under 8001. But then again that's the streaming port, so if anyone streams they're always going to use port 8001.

Exactly.

So my point is that the 'remote viewer' isn't necessarily someone who has hacked into your box or router. Could be just some kid that knows how to construct a URL...

Another question: When in deep standby, Vu+Ultimo also shuts the loop through antenna signal in internal DBV-T and DBV-T/T2 modules. I suppose it does it for the DVB-S signal, too. This can't be correct. Why so?

Another question: When in deep standby, Vu+Ultimo also shuts the loop through antenna signal in internal DBV-T and DBV-T/T2 modules. I suppose it does it for the DVB-S signal, too. This can't be correct. Why so?
Please ask about other issues in an other (your own?) thread.