[mythtv-users] Please tell me if I'm losing my mind: [FIXED?]
Mark Kundinger
mkundinger at yahoo.com
Mon Oct 17 06:36:36 UTC 2005
--- "Michael T. Dean" <mtdean at thirdcontact.com> wrote:
> [Mess of top-/bottom-posts re-formatted so this actually makes
> sense...]
>
> Mark Kundinger wrote:
>
> >--- Jeff Simpson <llcooljeff at gmail.com> wrote:
> >
> >>On 10/6/05, Tj <htpc at treblid.dyndns.org> wrote:
> >>
> >>
> >>>Do you have mythweb running? Is it protected from the Internet?
> >>>
> >>>Maybe some body has found your site on google and decide what you
> can see, and what you can't.. :p
> >>>
> >>>
> >>Or more likely, something is spidering mythweb and thus clicking on
> >>every delete link in the process
> >>
> >Okay, I can fairly simply test that by just turning httpd off (or
> >blocking port 80) for a week or so and see if that really is the
> >problem.
> >
> >
> Sure--if you prefer indirect evidence. Or, for direct evidence, you
> can
> simply check your mythweb access logs for lines like:
>
> XXX.XXX.XXX.XXX - bobsmyth [25/Sep/2005:07:36:16 -0400] "GET
>
/myth/recorded_programs.php?delete=yes&file=%2Fvideo%2Fmythtv%2F1024_20050919230000.mpg
>
> HTTP/1.1" 302 27
>
> (although, without authentication, you shouldn't have a
> username--bobsmyth--in there.)
>
> >Is there a more "correct" way to protect my MythWeb from hackers
> and/or
> >spiders?
> >
> robots.txt (
> http://www.searchengineworld.com/robots/robots_tutorial.htm
> ) can be used to tell robots how to index a site, but you shouldn't
> be
> allowing them access in the first place...
Well, I was too ignorant and lazy to try to determine for reals what
was going on with my web server, but I did disable access to my mythbox
from the outside Internet. And I've now gone a whopping 9 days without
any curious file deletions or schedule changes.
So, my next project will be to secure Apache a little bit. :)
More information about the mythtv-users
mailing list