[mythtv-users] safely exposing mythweb to the net.

[Justin Hornsby]

Frank Lynch wrote:
> Hi Folks,
> I'm really starting to like my MythTV box, this is a great project!
> In case its relevant I'm running myth 18.1 on Fedora Core 4.
> 
> I'd like to be able to access mythweb from the public Internet (so
> that I can schedule recordings when I'm not at home etc..). With this
> in mind I cretaed an account with dyndns.org, and configured port
> forwarding on my router.
> 
> I'm guessing that my next step should be to harden my Apache
> configuration? should I enable https? are there any other precautions
> that I should be taking? The last thing I want is some dirty hacker
> having their evil-way with my mythbox!
> 
> If this covered in a howto or some other doc I'd appreciate a pointer.
> I searched, but I couldn't find anything that covers this specific
> topic... I saw the article on tunnelling through ssh[1], but I'd
> rather have a solution that my wife could use (she can certainly use a
> https site with a user name/password, but its a bit much to ask her to
> tunnel over ssh).
> 
> thanks, 
> --Frank

I use just standard apache2 - no https... but the password is apparently 
random chars, so no script kid is gonna get to it without really trying 
hard.

You can change the port apache runs on, but then that might make 
accessing it from work a problem (depending on your workplace's 
proxy/firewall etc).

I get the occasional hack attempt, but so far the worst that has 
happenned is a DoS (ping of death?) attack which crashed my router.

I'm sure there will be people who'll say what I'm doing isn't secure 
enough, and I agree it's not the most secure way to do things - but it 
works for me, and has done for a long time.  I know the risks...

I look in the logs every week, and from what I've seen in there the 
majority of accesses from random IP addresses seem to just be 
botnets/kids looking for easy exploits.

It'll be interesting to see what everyone else does though ;-)

Justin.