Frackin script kiddies!!
Matthew Gillen
me-5yx05kfkO/aqeI1yJSURBw at public.gmane.org
Mon Aug 2 22:48:02 EDT 2010
On 08/02/2010 10:20 PM, Dan Ritter wrote:
> On Mon, Aug 02, 2010 at 08:49:43PM -0400, David Kramer wrote:
>> Long story short, the MythTV mailing list folks pointed out that
>> AutoExpire could not have done this, and it was more likely my MythWeb
>> interface was left unprotected, and some script kiddie had some fun
>> deleting it all. And they were right. After some update my .htaccess
>> file disappeared, and I never noticed I didn't need a password anymore.
>
> I don't have an .htaccess file.
>
> That's because my MythTV isn't listening to any ports from the
> outside world. If I want to jigger it remotely, I have to SSH in
> to my main machine, then tunnel over to the MythTV.
>
> If you can afford to have a gateway machine on all the time --
> and a $99 SheevaPlug only sips about 12W -- I do recommend this
> approach.
More and more, I believe hiding behind ssh tunnels is the only way to stay
sane. Precisely because David is probably a much better sys-admin than me
(daily snapshots!), and problems like he described are so hard to predict:
unless you know to look for it, why would you set up cron jobs to watch for
disappearing .htaccess files?.
Matt
More information about the Discuss
mailing list