Hi there, I had some ports which were open on my router which I'd opened a few months ago for streaming. My wife noticed that the VU Solo 2 started automatically changing channels and going through various menus i.e. TS Media file structure. Upon returning home I was able to close down these open ports.

All seems OK now. But I was wondering if the hack may have left any files/viruses which could possibility cause issues. What action do you suggest I take; is there any formatting plugging I can run or do you advise a clean format the entire receiver before putting OpenVix back on? If so how do I go about this?

Thanks in advance...

It's very unlikely that any thing would have been left behind by the hacker but I would advise you at the very least close off all those ports and perform a full fresh flash. also consider changing any passwords you have set on your router or receiver.

sadly it is becoming more common place for people to be actively looking for vulnerable enigma2 receivers on the internet so their channels can be stolen and streamed over the internet.

What about Antivirus plugins ?

What about Antivirus plugins ?
Makes little to no difference.
If someone had access to the OPs Solo2, they also potentially had access to every other device on the same network: router, tablets, PCs, laptops, phones, anything internet enabled...
Chances are they didn't but who knows except for the 'hacker'

Shutdown external ports, reflash the box, change all passwords on all devices...

It's a linux based OS so there is little need for antivirus plus if you were to run antivirus on a STB it would probably run like a slug.

Definitely reflash . Before reconecting the box to the internet change the default password.
http://www.world-of-satellite.com/showthread.php?9834-how-do-i-change-my-password-on-vix&p=72556&viewfull=1#post72556

In Openwebif configuration enable http authentication and enable autientication for streaming and save

Reflashed my Solo2 and changed password.

Thanks for your advice guys!

Hi,
just for information. Since a few years there seems to exist malware for E2 receiver. If you are a victim you might see the behavior which was described here but it could be worse. I know some cases were a server was started and wget remove, to make it impossible to install updates. If you connect to the box via telnet and enter wget and you get an error reflash at once.

ciao

Don't know how many times I've said this, but don't just map ports through your router, it's a massive security hole.
I wouldn't even do this with the auth turned on...

You're better off either

1) Using a VPN to get to your network (and therefore the e2 box). You could set this up on the e2 box, but it's not easy, and the most simple way is to buy a router that has this functionality built in, or can be flashed with one of the open source router distributions such as open-wrt, dd-wrt, tomato.

2) Failing that, you could set up SSH (possibly on the e2 box) using public/private certs, map this to a port throuhg the router externally and use port tunnelling through SSH to access the e2 box. Avoid using the standard SSH port externally to avoid constant hassle from script kiddies who will try to brute force the user/password even though they need the cert as the scripts used often miss this. You could even use denyhosts or similar just to block annoying script kiddies after a few failed attempts.