Page 1 of 1
"Hacked" sabnzbd?
Posted: September 27th, 2011, 3:44 pm
by braveheart1980
I had an older version of sabnzbd (0.52).
I have set up https (with certificate signed by me uing openssl) and also set up user/pass for accessing the webinterface of sabnzbd
BUT when I returned I saw sabnzbd was downloading some files that I didn't know, as if someone "hacked" sabnzbd !
Any logical explanation?
PS I now upgraded to 0.6.9 with same setup and diferent API key
Re: "Hacked" sabnzbd?
Posted: September 27th, 2011, 3:52 pm
by shypike
Do you have an RSS feed set up?
Do you always know what's inside any NZB you use?
Re: "Hacked" sabnzbd?
Posted: September 27th, 2011, 4:08 pm
by braveheart1980
shypike wrote:Do you have an RSS feed set up?
Do you always know what's inside any NZB you use?
For some completely unknown reason to me, yes I had rss feeds, which I deleted
Re: "Hacked" sabnzbd?
Posted: September 27th, 2011, 4:14 pm
by shypike
The apikey is there to protect against a (mostly) theoretical threat.
Namely an external website that sets up a hidden iframe that manipulates your SABnzbd at localhost.
It would be a hack that's rather desperate and not very effective.
That such a hack would succeed in creating an RSS feed on your installation is not impossible,
but also not very likely.
Nevertheless, should you have more information: I'm interested.
Re: "Hacked" sabnzbd?
Posted: September 27th, 2011, 4:29 pm
by braveheart1980
shypike wrote:The apikey is there to protect against a (mostly) theoretical threat.
Namely an external website that sets up a hidden iframe that manipulates your SABnzbd at localhost.
It would be a hack that's rather desperate and not very effective.
That such a hack would succeed in creating an RSS feed on your installation is not impossible,
but also not very likely.
Nevertheless, should you have more information: I'm interested.
First of all let me thank you for your answers!
Secondly, I'll see what happens and post again
Are there any log file u r interested in?
Re: "Hacked" sabnzbd?
Posted: September 27th, 2011, 4:34 pm
by shypike
Not really, the log file won't tell you where the requests came from.
BTW: do you expose SABnzbd to the internet?
So access from outside your LAN?
Or outside your own system? In the latter case any other system on your LAN might get access.
Re: "Hacked" sabnzbd?
Posted: September 27th, 2011, 4:51 pm
by braveheart1980
shypike wrote:Not really, the log file won't tell you where the requests came from.
BTW: do you expose SABnzbd to the internet?
So access from outside your LAN?
Or outside your own system? In the latter case any other system on your LAN might get access.
I do expose sabnzbd to the internet and to the local lan too. I tried finding something useful in the logs too, but no luck
Re: "Hacked" sabnzbd?
Posted: September 28th, 2011, 2:35 am
by shypike
braveheart1980 wrote:
I do expose sabnzbd to the internet and to the local lan too. I tried finding something useful in the logs too, but no luck
Then all bets are off.
I assume you do use a username and password in SABnzbd?
Re: "Hacked" sabnzbd?
Posted: September 28th, 2011, 4:26 am
by braveheart1980
shypike wrote:braveheart1980 wrote:
I do expose sabnzbd to the internet and to the local lan too. I tried finding something useful in the logs too, but no luck
Then all bets are off.
I assume you do use a username and password in SABnzbd?
Of course I do. I even changed that, just in case
Re: "Hacked" sabnzbd?
Posted: September 28th, 2011, 4:53 am
by shypike
Very good.
But we're no security experts so how good the username/password protection is, I don't know.
It is the standard popup-style browser dialog, so it should be OK.
Personally, I don't take this risk and communicate from outside to my home only through a VPN tunnel.
But then, I am rather paranoid.