hi ,
is it important to change the default password on your duo ,cause read somewhere if you leave it as the default password people can hack into your box ,and get your info
is this true ,
do you have to download the plugin password changer and change it from there or ,how to change it
thanks

yes it is very true. i know personally of one guy who had his Dreambox hacked and he lost his CCcam.cfg file along with the details it contained.

it is always wise to change from the default login details.

you can change it via telnet from windows

Is it same as DM Telnet?
Passwd
dreambox
then new password?

pretty much yes

thanks changed via telnet

To be honest, you can leave your password as the default with no problems... As long as you don't forward the ports of ftp etc to your router of the box, then you will be fine. There's always that chance of course, that your wifi could be hacked, but as long as you use wpa/wpa2, then you should be ok...

It's only when people start to get access to your box, that you need to worry...

Is it only over ftp other people can temper with my files, such as cccam.cfg? Maybe one should change other passwords as well? If so, which ones, and how?

Is it only over ftp other people can temper with my files, such as cccam.cfg? Maybe one should change other passwords as well? If so, which ones, and how?

No, you'd need to change at least telnet and samba passwords too. However if you are behind a NAT router, there is no access to the box(without forwarding ports) from the internet, other than through another computer on your network that is hackable.

No, you'd need to change at least telnet and samba passwords too. However if you are behind a NAT router, there is no access to the box(without forwarding ports) from the internet, other than through another computer on your network that is hackable.

Any idea on how I can do this? I manage one of my friends boxes, and in order to avoid unwanted visitors, we need to set all the passwords.

It looks like the ftp password is just the root password, so all you need to do for ssh/telnet/ftp is type 'passwd' in telnet/ssh

For samba, you need to disable it or setup a password not too sure howto, but /etc/samba/smb.conf would be a good start

Also for added security you can use the /etc/hosts.allow and /etc/hosts.deny to limit access to certain ip's/ranges(google)

To be honest, you can leave your password as the default with no problems... As long as you don't forward the ports of ftp etc to your router of the box, then you will be fine. There's always that chance of course, that your wifi could be hacked, but as long as you use wpa/wpa2, then you should be ok...

It's only when people start to get access to your box, that you need to worry...

Sorry, I don't agree - WPA is a wireless security and we are talking about wired access.
I do agree somewhat that you are safe(r) if you are not acting as a server (ie. don't have port forwarding enabled in your router) but for me, if I am connected to the internet, I want a different password.

You may be talking wired, my box for one is connected wirelessly, and no one else actually specifys.

And I agree having passwords cannot hurt, even tho there may be no direct connection to the box from the internet, there could be other vulnerabilities in a network allowing access.

All depends how paranoid you are really, root access should probably be disabled, and you could setup iptables on the box also.

You may be talking wired, my box for one is connected wirelessly, and no one else actually specifys.



WPA security is internal, that was my point, which went right over your head by the look of things.
It doesn't matter how tight your WPA security is if you leave the box with the default password and open port-forwarding.
HTH
+er