[mythtv-users] safely exposing mythweb to the net.
Frank Lynch
frank.lynch at gmail.com
Thu Sep 1 18:22:42 UTC 2005
On 9/1/05, Justin Hornsby <justin.hornsby2 at ntlworld.com> wrote:
> Frank Lynch wrote:
> > Hi Folks,
> > I'm really starting to like my MythTV box, this is a great project!
> > In case its relevant I'm running myth 18.1 on Fedora Core 4.
> >
> > I'd like to be able to access mythweb from the public Internet (so
> > that I can schedule recordings when I'm not at home etc..). With this
> > in mind I cretaed an account with dyndns.org, and configured port
> > forwarding on my router.
> >
> > I'm guessing that my next step should be to harden my Apache
> > configuration? should I enable https? are there any other precautions
> > that I should be taking? The last thing I want is some dirty hacker
> > having their evil-way with my mythbox!
> >
> > If this covered in a howto or some other doc I'd appreciate a pointer.
> > I searched, but I couldn't find anything that covers this specific
> > topic... I saw the article on tunnelling through ssh[1], but I'd
> > rather have a solution that my wife could use (she can certainly use a
> > https site with a user name/password, but its a bit much to ask her to
> > tunnel over ssh).
> >
> > thanks,
> > --Frank
>
> I use just standard apache2 - no https... but the password is apparently
> random chars, so no script kid is gonna get to it without really trying
> hard.
>
> You can change the port apache runs on, but then that might make
> accessing it from work a problem (depending on your workplace's
> proxy/firewall etc).
>
> I get the occasional hack attempt, but so far the worst that has
> happenned is a DoS (ping of death?) attack which crashed my router.
>
> I'm sure there will be people who'll say what I'm doing isn't secure
> enough, and I agree it's not the most secure way to do things - but it
> works for me, and has done for a long time. I know the risks...
>
> I look in the logs every week, and from what I've seen in there the
> majority of accesses from random IP addresses seem to just be
> botnets/kids looking for easy exploits.
>
> It'll be interesting to see what everyone else does though ;-)
>
> Justin.
Thanks Justin, I just found a howto on this:
http://www.mythtv.info/moin.cgi/SecuringMythWebHowTo?action=highlight&value=CategoryHowTo
It sounds like a very similar approach to yours... I think I'll give
this a try tonight.
cheers,
--Frank
More information about the mythtv-users
mailing list