About 2 weeks ago I setup my VU+ Duo2 (OpenViX 4.2.029) so that I could stream to outside my home network.

I setup a no-ip ddns account, I opened port 80 & 8001 on my router, I actually changed port 80 to something else but we can just call it port 80 for the discussion. I gave my VU+ a password because by default it did not have one.

It seemed to work fine I was testing it with 2 android apps on my phone,"Vu+ Player HD" and "dream Player".

Then this evening I noticed while changing channels on my VU that there was a yellow circle illuminated beside the "REC" symbol on the info bar. I thought this was strange as Ive never seen this before. I then thought that maybe someone had connected to my box from the outside internet. So I put the box into standby to see if any of the tuners were still in use ( by someone else !) . But there was no tuner in use indicator showing on the front LCD. So then I went to Menu > Information > Streaming clients info. And there was an address listed. The entry was : T sa501.saturn.fastwebserver.de (And I live nowhere near Germany!)

I then closed the 2 ports on my router and disabled DDNS on my router and changed my IP address. And changed the VU port back to 80.

What does the "T" mean before the web address that was displayed under the Streaming clients info ?
Was my VU attacked? Could someone have gotten through my VU+ password ? Should I be worried?

Can anyone shed some light on what happened with my VU today?

Thanks

Yes - you were hacked. Passwords on enigma boxes are useless. The only way to safely forward ports is via a VPN setup. There are plenty of warning notices on the forum about this.

Thanks fat-tony. How / why did they pick my IP address and know I had a Vu+ ? I did not disclose my IP address to anyone. The only thing I can think of is that when I opened the 2 ports , I used a website to check if the ports were opened. I would have entered my IP address and the ports I wanted to check. Could this have been my mistake?

They just scan pretty much every ip address, and if it let's them in, they're in.

Using the streaming of your box is the least problem you can have when someone gets access to your box.
Depending on how other machines are configured, one could take over your whole network through this backdoor.

People, please stop thinking about your E2 box as "just a receiver" or "it's not the Bank of England".
It's a powerful enough Linux machine and
1. once I have access to the Webif, I can install my own evil VPN (Phoning home to a botnet VPN server),
2. in consequence I can access the box as if I were located in your LAN
and
3. as the next consequence I have the same access to the rest of your LAN as the box has.

And as some teams, I won't mention names, still propagate the ancient NFS(v3) protocol for network file sharing, chances are that there are other machines on the LAN with security entirely disabled (NFS is all about rendering security useless, once you use such a silly configured machine as an E2 box as a client).

So those who just switch channels or stream from your box are the nice guys ...

exactly - been covered many times here and yet plenty ignore the advice...

I apologize for being so silly.