[mythtv-users] safely exposing mythweb to the net.
justin.hornsby2 at ntlworld.com
Thu Sep 1 18:14:58 UTC 2005
Frank Lynch wrote:
> Hi Folks,
> I'm really starting to like my MythTV box, this is a great project!
> In case its relevant I'm running myth 18.1 on Fedora Core 4.
> I'd like to be able to access mythweb from the public Internet (so
> that I can schedule recordings when I'm not at home etc..). With this
> in mind I cretaed an account with dyndns.org, and configured port
> forwarding on my router.
> I'm guessing that my next step should be to harden my Apache
> configuration? should I enable https? are there any other precautions
> that I should be taking? The last thing I want is some dirty hacker
> having their evil-way with my mythbox!
> If this covered in a howto or some other doc I'd appreciate a pointer.
> I searched, but I couldn't find anything that covers this specific
> topic... I saw the article on tunnelling through ssh, but I'd
> rather have a solution that my wife could use (she can certainly use a
> https site with a user name/password, but its a bit much to ask her to
> tunnel over ssh).
I use just standard apache2 - no https... but the password is apparently
random chars, so no script kid is gonna get to it without really trying
You can change the port apache runs on, but then that might make
accessing it from work a problem (depending on your workplace's
I get the occasional hack attempt, but so far the worst that has
happenned is a DoS (ping of death?) attack which crashed my router.
I'm sure there will be people who'll say what I'm doing isn't secure
enough, and I agree it's not the most secure way to do things - but it
works for me, and has done for a long time. I know the risks...
I look in the logs every week, and from what I've seen in there the
majority of accesses from random IP addresses seem to just be
botnets/kids looking for easy exploits.
It'll be interesting to see what everyone else does though ;-)
More information about the mythtv-users