Emby Blog

Just pulled the Asustor  .12*.apk from Github and while it installs, it doesn't start.   No process running even after reboot.  

Edited May 25, 2023 by BrianJFox

I noticed there are some quite inexperienced users of Emby who have posted here.

I would suggest for the major versions of Emby (Windows, Linux, etc) you walkthrough how to disinfect systems.  A video on YouTube would be even better.

 

40 minutes ago, BrianJFox said:

Just pulled the Asustor  .12*.apk from Github and while it installs, it doesn't start.   No process running even after reboot.  

HI, what Asustor model? And was the previous version starting? If you're affected by this, did you go through the instructions that are linked to in the red banner at the top of the forum?

Do we know if Jellyfin is vulnerable to the same cause (Proxy headers able to identify as local IP addresses and a setting allowing passwordless access from local IP addresses)?

If so, were their devs given a heads up or are they going to be scrambling?

1 hour ago, AP123 said:

How can I get back into my server so I can change all the passwords if I can't get by this page? I'm happy to provide whatever information is necessary to help, but please be patient as I am very very new to all of this.

Did your server load back up after giving it a bit of time to restart? If not, check the embyserver.log file which is in the log directory under the Emby Server installation path.

15 minutes ago, Luke said:

HI, what Asustor model? And was the previous version starting? If you're affected by this, did you go through the instructions that are linked to in the red banner at the top of the forum?

AS6604T.   I completed Actions to Take, and then deleted the entire emby folder on my NAS via putty.   Never did any of the 'Starting Emby' tasks.    Doing a full rebuild. 

5 minutes ago, Carlo said:

Did your server load back up after giving it a bit of time to restart? If not, check the embyserver.log file which is in the log directory under the Emby Server installation path.

I gave it about 10m and I was never able to get back past the "emby is loading" page. I don't know how to find the emby server log, again I'm very very new to all of this. It was installed for me on a ras pi 4 via yacht, OMV, and portainer. if you can tell me how to find the log I'd be happy to go try and do that.

6 minutes ago, BrianJFox said:

AS6604T.   I completed Actions to Take, and then deleted the entire emby folder on my NAS via putty.   Never did any of the 'Starting Emby' tasks.    Doing a full rebuild. 

OK. The server was intentionally not starting. You could have either completed the steps or done a full rebuild.

What are suggested next steps? 

This is what helped me, a Linux newby to get to the directory from where to delete the DLLs and also where to delete the two other files in the configuration directory. First off you have to stop Emby server and then use Putty to do the navigation. Never used so many times the cd (Chang Directory) command plus the ls (List) command to find what I want. Finally the rm (Remove) command to delete files.

Follow the navigation by PenkethBoy

Finally the editing of the hosts file. In the Putty window type vi /etc/hosts

that starts the editor now press the i button and enter this line after the last entry:

127.0.0.1  emmm.spxaebjhxtmddsri.xyz

Press the ESC button and type a colon followed by wq and hit enter.

Watch the YouTube video on how to edit the hosts file and save it.

https://www.google.com/search?client=firefox-b-1-d&q=editing+a+host+file+in+qnap#fpstate=ive&vld=cid:23ebf603,vid:Kl6Kwvc-EYs,st:47

After finishing start the Emby server and it should work. I had no problem following the instructions here and get the server back running

Edited May 25, 2023 by One2Go

57 minutes ago, BrianJFox said:

Just pulled the Asustor  .12*.apk from Github and while it installs, it doesn't start.   No process running even after reboot.  

Can you update us on your status?

15 minutes ago, KMBanana said:

Do we know if Jellyfin is vulnerable to the same cause (Proxy headers able to identify as local IP addresses and a setting allowing passwordless access from local IP addresses)?

If so, were their devs given a heads up or are they going to be scrambling?

To be honest, I doubt any Emby dev or team member has given Jellyfin a thought as we work with the original and modern Emby server version. It's got about 4+ years of different code added to the version of Emby they started with. That makes for plenty enough changes or differences that we really have no idea. You would really want to ask the Jellyfin peeps about their vulnerabilities.

26 minutes ago, BrianJFox said:

What are suggested next steps? 

If you're already in process of a fresh install then it sounds like that's the only step, right? Did you delete the server's data folder? If you want to do a full rebuild then I would delete the server data folder and proceed with that. If you want to recover your existing installation, then I would follow the steps in the article.

29 minutes ago, One2Go said:

This is what helped me, a Linux newby to get to the directory from where to delete the DLLs and also where to delete the two other files in the configuration directory. First off you have to stop Emby server and then use Putty to do the navigation. Never used so many times the cd (Chang Directory) command plus the ls (List) command to find what I want. Finally the rm (Remove) command to delete files.

Follow the navigation by PenkethBoy

Finally the editing of the hosts file. In the Putty window type vi /etc/hosts

that starts the editor now press the i button and enter this line after the last entry:

127.0.0.1  emmm.spxaebjhxtmddsri.xyz

Press the ESC button and type a colon followed by wq and hit enter.

Watch the YouTube video on how to edit the hosts file and save it.

https://www.google.com/search?client=firefox-b-1-d&q=editing+a+host+file+in+qnap#fpstate=ive&vld=cid:23ebf603,vid:Kl6Kwvc-EYs,st:47

After finishing start the Emby server and it should work. I had no problem following the instructions here and get the server back running

I appreciate you posting this, but I have no idea how you followed any of this, as it's barely a step by step guide. I launched putty, connected, and when I type the directory posted by Penkethboy it says "no such file directory." So while I appreciate the help, this doesn't seem to be a blanket solution and I still can't get myself up and running again.

5 minutes ago, Luke said:

If you're already in process of a fresh install then it sounds like that's the only step, right? Did you delete the server's data folder? If you want to do a full rebuild then I would delete the server data folder and proceed with that. If you want to recover your existing installation, then I would follow the steps in the article.

I did delete the servers data folder, but a fresh install still doesn't work.   Guessing I need to deleted the files ReadyState.xml and EmbyScripterX.xml.    What would be helpful is more detailed instructions on locating and deleting those files on an Asustor.

1 minute ago, BrianJFox said:

I did delete the servers data folder, but a fresh install still doesn't work.   Guessing I need to deleted the files ReadyState.xml and EmbyScripterX.xml.    What would be helpful is more detailed instructions on locating and deleting those files on an Asustor.

What exactly did you delete?

3 minutes ago, Luke said:

What exactly did you delete?

the emby directory on my data volume.   I'm guessing the config lives elsewhere.   Again, more detailed steps on per-NAS install recovery steps would be appreciated.

2 minutes ago, BrianJFox said:

the emby directory on my data volume.   I'm guessing the config lives elsewhere.   Again, more detailed steps on per-NAS install recovery steps would be appreciated.

I agree. I appreciate that people are responding to help us all, but many of us are complete novices and receiving small bits and pieces on how to do something is only leading to more and more frustration. I have been working at this on my own for hours and have not been able to successfully resolve anything.

1 minute ago, BrianJFox said:

the emby directory on my data volume.   I'm guessing the config lives elsewhere.   Again, more detailed steps on per-NAS install recovery steps would be appreciated.

What was the folder path? I'm trying to determine if you deleted the application files or data files. I'm guessing you deleted the application files.

The data on Asustor is typically under /home/emby

I haven't been effected by this and like to think I have a reasonable level of security for an internet-facing system, but this is a pretty damaging situation for emby.  I think the red banner needs to be reworded as the word 'potential' is somewhat disingenuous given it has been exploited on some system.  It is a vulnerability, not a potential one 

5 minutes ago, Luke said:

What was the folder path? I'm trying to determine if you deleted the application files or data files. I'm guessing you deleted the application files.

The data on Asustor is typically under /home/emby

My storage volume (RAID array) is /volume1/.   I removed /volume1/home/emby.  

Yeah, I mean, the whole "How we took down a BotNet" is more like "How we actually helped create a BotNet and had to scramble to fix our own mistakes because of a huge vulnerability that was exploited on our paid software".  

I am running Emby on docker, did not find any of those two files, passwords were deactivated on the local network BUT all the users had passwords.  Will be changing passwords anyway just in case anyway. Oh, also, might have something to do that I'm using a reverse proxy (npm) to access Emby.

EDIT 2 because I don't mean to spam: How is it possible that an e-mail has not been sent to all registered users and everyone on the emby db either community, paid user, etc.  I found out only because I was about to update my server and wanted to see what were the new features.  Everyone should be notified ASAP.

Edited May 25, 2023 by Ikario

I noticed in the announcement in the red banner it mention this exploit ("Proxy Header Vulnerability") was fixed in a previous beta release. I am currently running beta version 4.8.0.21, anyone know if this one includes the fix? I am not running into any of the problems or issues with Emby that were mention in the red announcement. Of course I am upgrading to the latest beta right now in case.

39 minutes ago, AP123 said:

I appreciate you posting this, but I have no idea how you followed any of this, as it's barely a step by step guide. I launched putty, connected, and when I type the directory posted by Penkethboy it says "no such file directory." So while I appreciate the help, this doesn't seem to be a blanket solution and I still can't get myself up and running again.

You have installed Putty excellent. To go up the directory tree is the command cd ..

once you go to the top level then type cd /share
Then type ls and it lists the directory.
to go to the next level you type cd CACHEDEV1_DATA
now remember unlike in Windows all the commands and file and directory names are CASE SENSITIVE.
to make it easier to navigate type cd then the first few characters of the directory and press the TAB key it will complete the name or beep because it can't be found.

try again to navigate to the plugin directory one directory at a time.

the full path to the plugin directory is
/share/CACHEDEV1_DATA/.qpkg/EmbyServer/programdata/plugins/

Edited May 25, 2023 by One2Go

20 minutes ago, One2Go said:

You have installed Putty excellent. To go up the directory tree is the command cd ..

once you go to the top level then type cd /share
Then type ls and it lists the directory.
to go to the next level you type cd CACHEDEV1_DATA
now remember unlike in Windows all the commands and file and directory names are CASE SENSITIVE.
to make it easier to navigate type cd then the first few characters of the directory and press the TAB key it will complete the name or beep because it can't be found.

try again to navigate to the plugin directory one directory at a time.

the full path to the plugin directory is
/share/CACHEDEV1_DATA/.qpkg/EmbyServer/programdata/plugins/

thank you for your reply. this does not work. "no such directory" and cd does not launch anything in Putty for me. Again, I appreciate the help, but there does not seem to be one blanket solution for everyone.

33 minutes ago, BrianJFox said:

My storage volume (RAID array) is /volume1/.   I removed /volume1/home/emby.  

Luke - don't spend any more time on me.   Focus on the things you can do for the greatest number of folks.   I'm Backing everything up and gives me a chance to rebuild my NAS having learned a bit.