My Vu Duo 2 Box seemed to have menus accessed remotely this morning. Details are vague as it was my wife relaying the information but the Menu moved on screen by itself. Anyone else seen this? Apparently it rebooted, the on screen headed to Transponder settings and rebooted again. Not sure if anything else was accessed as I say my wife gave me the details.

The box is on the network with a public IP to access recordings and such remotely. I find it strange that if someone was trying to tinker with my settings remotely they wouldn't just use WEBIF and change the settings there.

Anyone seen this before?

The box is on the network with a public IP to access recordings and such remotely.
Well, that's the reason then. And you're not the first one who experiences this.
But let's be honest: do you also leave your kitchen door open day and night? And if you do, would you really be surprised to find a stranger in your home?
So in this case would you be surprised to find your device being part of an IPTV-network? Or worse: a stranger logging into the shell of your box and entering all your network-devices? And using the banking-account services of your PC for his personal benefit?

We've warned against this over and over again: never open any device to the outside world. At least not without using SSH or VPN.

Thanks for the reply. I do understand that perils of opening a device up to the world but I do have VPN set up but I've found that it doesn't always reconnect at after coming out of standby or after a reboot even though the setting to restart is on. This must be the case this time.

You are lucky the hacker didn't delete all your recordings.
Also when you have mounted devices (like a NAS) , they also can delete files on the mounted devices.

I asked the wife to turn it off and I'll have to take a look when I'm at home. Is there any way to force VPN to run on start up other than the menu option as it seems unreliable.

Is there anyway to implement basic auth on the webif interface? Having to implement VPN/proxy server solution is overkill for me as everything else on my network (NAS, router, web apps on my NAS, etc) can be accessed through basic auth or in-app auth.

I've often wondered that about WEBIF. Just type the address and then BOOM. Full access.

Nope. Bear in mind that E2 has never been designed with safety in mind. A proper safety implementation would require E2 to be build from scratch.
But as long as you don't open any ports, and use either VPN or SSH you'll be fine.

Thanks for the reply. I do understand that perils of opening a device up to the world but I do have VPN set up but I've found that it doesn't always reconnect at after coming out of standby or after a reboot even though the setting to restart is on. This must be the case this time.
Do you mean you have VPN setup on the STB? If so, you see the result; VPN should really be active on your router.

Yes. I have it set up on the box. I don't have a VPN compatible router at the moment. This episode has made me look for one.

Try to find one that's Open-VPN compatible. Or one that can run alternative firmware.

Yes. I'm looking at the DD-WRT firmware as we speak. Have to find a router suitable now. Thank you for your advice.

I've actually stumbled across a way to secure WEBIF when browsing this forum...

See this link http://www.world-of-satellite.com/showthread.php?16793-Webif-authentication-username-amp-password-help

That thread is over 3 years old. And using user/pass for the WEB_IF isn't going to help you.

That thread is over 3 years old. And using user/pass for the WEB_IF isn't going to help you.

I appreciate your replies but could you tell me why the thread being 3 years old is a problem and why adding a user name and password to WEBIF won't help? I'm not being awkward, just want to know more.

Because since then we've learned that user/pass gives no (or hardly any) added value. And also since then a second 'security' has been added (authenticate HTTP-streams).

Only VPN or SSH will give you security.

I don't see how adding a password would not give any added value? Yes its not the most secure but I would have thought any scanners would be checking/testing for any systems that either had no password set or used the default password?

I would say the vast majority of users have not changed their passwords or even set one up. I would also think that the percentage of users who have even tried to setup a VPN is less than 0.001% Yes that small!

So I can't imagine that hackers are even going to bother trying to hack a box that does have a password setup?

It's completely up to you.

Maybe this helps

http://www.world-of-satellite.com/showthread.php?46802-Guide-Setting-up-SSH-with-public-private-keys

It's completely up to you.
I mean: believe what you want to believe: it's your box, your network, your security and your bank account. If you're happy sleeper with the door ajar, it's fine with me.
But never say you haven't been warned about the risk of a break in.

But also remeber that your STB is a Linux PC, with root-access rights to every one who comes in. And from there your whole network can be reached.

I mean: believe what you want to believe: it's your box, your network, your security and your bank account. If you're happy sleeper with the door ajar, it's fine with me.
But never say you haven't been warned about the risk of a break in.

But also remeber that your STB is a Linux PC, with root-access rights to every one who comes in. And from there your whole network can be reached.

That's not answered my question? You can apply your answer to any point of entry to your network not just a satellite box. There's a million different ways a hacker can try to access your system, there's millions of unsecured systems out there.

Your advice seems to be don't bother with a password because??? I'd like to know if you can answer my question?

Simply put Enigma2 was never designed with any meaningful security measure in mind and the ports that these "hackers" (and I use that term very loosely) are scanning for are not even secured by the default security measures aka the username and password you set to secure things like the OpenWebIF, Telnet and FTP.

You can set a password and username and we indeed recomend you do this but if you decide to open ports or setup port forwarding for such things as streaming your channels over the internet you can expect to be hacked sooner or later (likely sooner) unless you secure your network / receiver with SSH and VPN at a minimum.

So I can't imagine that hackers are even going to bother trying to hack a box that does have a password setup?

They dont have to hack past the password, the password provides almost no added security over not having one, although I still recomend setting one. as has been stated numerous times. E2 was designed at a time when security was not a real consideration and to add such security now would require E2 to be pretty much re-written from the ground up and that's simply never going to happen.

If you connect your receiver to the internet and open ports to stream channels remotely or leave it so you can remotely access the receiver for maintenance purposes you must setup adequate security above and beyond the default username and password, because any one who is looking to get into your receiver can and will just walk strait past those default security measures.

Believe me its not hard to bypass a default username and password on a E2 based receiver and there have been dozens of users post on this forum alone after their box has been hacked in this exactly this way.

There have been plenty of reports showing that breaking into a (password protected or not) STB happens quite a lot. The (possible) target seems to be interesting enough, as I tried to explain.

Very interesting, anyway rather than coming back next week to say "I think my box is being accessed remotely" I'll set up a VPN on my router :D

Thanks Larry-G and Rob Van Der Does for the explanation.

Very interesting, anyway rather than coming back next week to say "I think my box is being accessed remotely" I'll set up a VPN on my router :D

Thanks Larry-G and Rob Van Der Does for the explanation.

Happy to help.

I cant stress enough how important it is to secure your receiver properly if you intend to access it remotely. No scaremongering here but your receiver will be a active target for others to gain access and it is happening more and more frequently these days as hundreds and thousands of new users to E2, lazily setup boxes so they can watch channels remotely with no knowledge or consideration for the security implications.

Hi guys so im with VM with my superhub for my Broadband now this does not support VPN so how would/could i go about adding this

Shame on them!
Any chance for using your own router, or to install alternative firmware on theirs?
Sometimes an ISP-provided modem/router can be set in bridge mode (using only the modem functionality) so you can use a good private router.

Hi guys so im with VM with my superhub for my Broadband now this does not support VPN so how would/could i go about adding this

Set your superhub to modem only mode and invest in a router that is VPN compatible.

Shame on them!
Any chance for using your own router, or to install alternative firmware on theirs?
Sometimes an ISP-provided modem/router can be set in bridge mode (using only the modem functionality) so you can use a good private router.


Set your superhub to modem only mode and invest in a router that is VPN compatible.


Thanks guys have now purchased and setup a router which supports VPN and just had to connect it to the VM superhub2 and switch that to modem mode like you stated

And no more spooky behaviour of the STB I presume?

Reading this has got me all scared!

I would be screwed if someone deleted the data on my Synology NAS.

I am using a Netgear router for BT Fibre and have my Synology NAS, Vu+ and other devices connected.
My Vu+ is not open to the outside world (I think). I have done the following to secure my network:-

1) Synology NAS - Disabled admin & guest users
2) Netgear Router -Disabled WPS & Enabled Mac address filtering for Wifi devices

what more can I do ...... especially on the NAS side...

Thanks

As far as I know both NAS and STB (and any other device for that matter) will be safe unless you forward a port to them. This is assuming the device(s) is/are connected to a router, and not directly to the modem (internet).
The only safe ways to reach a device from the internet is via a VPN or ssh tunnel.

Why not just telnet your receiver and add or change the Password, The same thing happened to me about a year ago (no password) t£at deleted films and some photos which were on the hdd.

telnet your box and type
passwd -press enter
enter the required password -and press enter again
confirm the password -and press enter.
now its changed.

Why not just telnet your receiver and add or change the Password, The same thing happened to me about a year ago (no password) t£at deleted films and some photos which were on the hdd.

telnet your box and type
passwd -press enter
enter the required password -and press enter again
confirm the password -and press enter.
now its changed.

You've clearly not read all this thread!

Reading this has got me all scared!

I would be screwed if someone deleted the data on my Synology NAS.

I am using a Netgear router for BT Fibre and have my Synology NAS, Vu+ and other devices connected.
My Vu+ is not open to the outside world (I think). I have done the following to secure my network:-

1) Synology NAS - Disabled admin & guest users
2) Netgear Router -Disabled WPS & Enabled Mac address filtering for Wifi devices

what more can I do ...... especially on the NAS side...

Thanks

Why not use the VPN capability of your Synology to access your network remotely? Would give you simple and secure access to your Synology and VU+ if ever required. It's what I do.