Hello Guest, if you are reading this it means you have not registered yet. Please take a second, Click here to register, and in a few simple steps you will be able to enjoy our community and use our OpenViX support section.
Results 1 to 14 of 14

Thread: Someone hacking my VU

  1. #1

    Title
    Junior Member
    Join Date
    Aug 2016
    Posts
    24
    Thanks
    5
    Thanked 3 Times in 3 Posts

    Someone hacking my VU

    Hi Guys

    Someone is remotely accessing my VU

    from

    ppp109-252-72-225.pppoe.ru

    I've blocked the ports on my WAN but can some tell me how they found me?

  2. #2
    ccs's Avatar
    Title
    ViX Beta Tester
    Join Date
    Sep 2014
    Posts
    5,836
    Thanks
    554
    Thanked 1,276 Times in 1,089 Posts
    They just scan all ports until they find what they're looking for. Everyone who leaves ports open is vulnerable.

    Every WAN IP address will be targeted at some time.
    Last edited by ccs; 14-03-18 at 23:30.

  3. #3

    Title
    Junior Member
    Join Date
    Aug 2016
    Posts
    24
    Thanks
    5
    Thanked 3 Times in 3 Posts
    Can we set the streaming ports to using an encrypted port eg. https?

  4. #4
    ccs's Avatar
    Title
    ViX Beta Tester
    Join Date
    Sep 2014
    Posts
    5,836
    Thanks
    554
    Thanked 1,276 Times in 1,089 Posts
    You need to set up a VPN.

  5. #5

    Title
    Junior Member
    Join Date
    Aug 2016
    Posts
    24
    Thanks
    5
    Thanked 3 Times in 3 Posts
    i'm gonna flash my receiver from scratch just in case they have setup any f*** up cron job.

  6. #6
    birdman's Avatar
    Title
    Moderator
    Join Date
    Sep 2014
    Location
    Hitchin, UK
    Posts
    7,771
    Thanks
    235
    Thanked 1,656 Times in 1,305 Posts
    Quote Originally Posted by amarjit_dhillon View Post
    i'm gonna flash my receiver from scratch just in case they have setup any f*** up cron job.
    If they are accessing your box then it is more likely your router which needs to be reconfigured.
    One person on here apparently discovered that their box was, somehow, in the DMZ.
    MiracleBox Prem Twin HD - 2@DVB-T2 + Xtrend et8000 - 5(incl. 2 different USBs)@DVB-T2[terrestrial - UK Freeview HD, Sandy Heath] - LAN/USB-stick/HDD

  7. #7
    birdman's Avatar
    Title
    Moderator
    Join Date
    Sep 2014
    Location
    Hitchin, UK
    Posts
    7,771
    Thanks
    235
    Thanked 1,656 Times in 1,305 Posts
    Quote Originally Posted by amarjit_dhillon View Post
    Can we set the streaming ports to using an encrypted port eg. https?
    That wouldn't stop anything. They'd just accept the certificate and keep streaming....
    MiracleBox Prem Twin HD - 2@DVB-T2 + Xtrend et8000 - 5(incl. 2 different USBs)@DVB-T2[terrestrial - UK Freeview HD, Sandy Heath] - LAN/USB-stick/HDD

  8. #8

    Title
    Junior Member
    Join Date
    Aug 2016
    Posts
    24
    Thanks
    5
    Thanked 3 Times in 3 Posts
    this box was not in the DMZ but i did open the ports, my fault completely.

    Lesson learnt i suppose, still in the process of flashing box, lol

  9. #9

    Title
    Member
    Join Date
    Apr 2016
    Location
    Helsinki
    Posts
    98
    Thanks
    25
    Thanked 18 Times in 15 Posts
    Quote Originally Posted by amarjit_dhillon View Post
    Can we set the streaming ports to using an encrypted port eg. https?
    I would be more worried of some hacker messing up my configuration or otherwise damaging the system (and possibly using it for some distributed attacks) than just somebody being able to stream some content from tv or recordings..

  10. #10

    Title
    Forum Supporter
    Donated Member
    Join Date
    Jun 2013
    Posts
    1,255
    Thanks
    38
    Thanked 98 Times in 91 Posts
    But i still do not understand how someone can hack you if you have your ports open. Now, when you open your ports you have to set credentials and (username nad password). So even if someone scans your ports or whatever, how would they guess the username or password?

  11. #11

    Title
    Junior Member
    Join Date
    Aug 2016
    Posts
    24
    Thanks
    5
    Thanked 3 Times in 3 Posts
    In OPENWEBIF, there is a setting to enable "HTTP AUTHENTICATION FOR STREAMING" and that was switched off so even though the guy could not access port 80, he could access port 8001-8002 without any username or password.

    If you enable "HTTP AUTHENTICATION FOR STREAMING" for streaming, the CLIENT MODE feature on my vu zeros stopped working.

  12. #12

    Title
    Senior Member
    Join Date
    Mar 2011
    Location
    Hornchurch
    Posts
    178
    Thanks
    9
    Thanked 10 Times in 9 Posts
    close your ports, I set up for remote access to my receiver in the past year and was hacked in no time. Recordings on both my VU receivers were wiped by the hacker, going back several years, you can imagine how pissed I was

  13. #13

    Title
    Senior Member
    Join Date
    Sep 2013
    Posts
    622
    Thanks
    202
    Thanked 65 Times in 54 Posts
    Amazing how many boxed show up with a quick google search.....

    Its hardly a hack it you leave the door wide open.

  14. #14

    Title
    Senior Member
    Join Date
    Mar 2011
    Location
    Hornchurch
    Posts
    178
    Thanks
    9
    Thanked 10 Times in 9 Posts
    Quote Originally Posted by imish View Post
    Amazing how many boxed show up with a quick google search.....

    Its hardly a hack it you leave the door wide open.
    what exactly do you write in google to see these?

  15. The Following User Says Thank You to jassie For This Useful Post:

    Ford1 (13-06-18)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
This website uses cookies
We use cookies to store session information to facilitate remembering your login information, to allow you to save website preferences, to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners.