[mythtv-users] Please tell me if I'm losing my mind: [FIXED?]

Mark Kundinger mkundinger at yahoo.com
Mon Oct 17 06:36:36 UTC 2005


--- "Michael T. Dean" <mtdean at thirdcontact.com> wrote:

> [Mess of  top-/bottom-posts re-formatted so this actually makes
> sense...]
> 
> Mark Kundinger wrote:
> 
> >--- Jeff Simpson <llcooljeff at gmail.com> wrote:
> >
> >>On 10/6/05, Tj <htpc at treblid.dyndns.org> wrote:
> >>    
> >>
> >>>Do you have mythweb running? Is it protected from the Internet?
> >>>
> >>>Maybe some body has found your site on google and decide what you
> can see, and what you can't.. :p
> >>>      
> >>>
> >>Or more likely, something is spidering mythweb and thus clicking on
> >>every delete link in the process
> >>
> >Okay, I can fairly simply test that by just turning httpd off (or
> >blocking port 80) for a week or so and see if that really is the
> >problem.
> >  
> >
> Sure--if you prefer indirect evidence.  Or, for direct evidence, you
> can 
> simply check your mythweb access logs for lines like:
> 
> XXX.XXX.XXX.XXX - bobsmyth [25/Sep/2005:07:36:16 -0400] "GET 
>
/myth/recorded_programs.php?delete=yes&file=%2Fvideo%2Fmythtv%2F1024_20050919230000.mpg
> 
> HTTP/1.1" 302 27
> 
> (although, without authentication, you shouldn't have a 
> username--bobsmyth--in there.)
> 
> >Is there a more "correct" way to protect my MythWeb from hackers
> and/or
> >spiders?
> >
> robots.txt (
> http://www.searchengineworld.com/robots/robots_tutorial.htm 
> ) can be used to tell robots how to index a site, but you shouldn't
> be 
> allowing them access in the first place...


Well, I was too ignorant and lazy to try to determine for reals what
was going on with my web server, but I did disable access to my mythbox
from the outside Internet.  And I've now gone a whopping 9 days without
any curious file deletions or schedule changes.

So, my next project will be to secure Apache a little bit. :)


More information about the mythtv-users mailing list