Emby Blog

I do not understand what I have to do to repair and restore my Windows Emby server.

Pages on the Emby website that I have been referred to by clicking on "read this" icons or hyperlinks take me to instructions that are totally unintelligible to me.  I have no script writing skills and do not understand generic "command line" syntax.

My attempt to download and manually install the security patch 4.7.12 was interrupted and the following message appeared:

"Could not move system directory to backup.

System.IO.IOException

The process cannot access the file because it is being used by another process"

I have absolutely no idea what I can do to overcome this very frustrating issue

Help!

JN

 

PS Can I simply uninstall then reinstall the server software on my Windows computer? Then sign back in with my registered details (log-on name and password).

JN

 

Edited May 29, 2023 by jackthedoc

Luke, just wanted to express my appreciation for the quick action concerning the hack.

@jackthedocjust to be sure, did you shut down Emby before trying to install the update?   You might even need to reboot where Emby is not automatically started with the reboot.  Something has a lock on one of the files that needs to be updated, is what the error indicates.

I suppose you have automatic updates turned off, or else you would probably have the update installed already.

If your server were compromised, go to C:\Users{user}\AppData\Roaming\Emby-Server and delete the files mentioned in https://emby.media/support/articles/advisory-23-05.html#starting-emby-server (or use a good search app to find the files).

For editing the hosts file, run Notepad as administrator, open "C:\Windows\System32\drivers\etc\hosts", then add a line with: 127.0.0.1 emmm.spxaebjhxtmddsri.xyz and save it.

I must say, after reading the instructions again, they are very lacking and even incorrect.

Edited May 30, 2023 by justinrh

Thanks, justinrh

I can't access any settings in my Emby server setup, as the program won't start... But I don't believe I have ever switched the auto-update option off, and I seem to have had all the previous updates auto-installed.

Pretend that you are telling a 10-year-old child what he/she should do to re-establish the server's functionality, because that's what I seem to be when reading through the formal instructions given elsewhere on this website!

When I click on the "show hidden icons" in my Windows 11 computer, the Emby Server icon is no longer displayed... At one stage I right-clicked the icon and selected "close" and I haven't rebooted my computer since then, so I presume, at the moment, the server is still "off".

In order to achieve what you referred to above, would you kindly instruct me in what I must do? Step by 10-year-old Step?

I'm getting rather hysterical as I cannot find a "for Dummies" style explanation as to what I should do.

Thanks in anticipation

John Norris

Okay, I missed the obvious that your machine was shutdown by Emby and you are in a bad state now.  Sorry for being dunce there.  The update is not installed.

First, let me say that many have suggested an hacked user should reinstall their OS (a 'refresh' on Windows would probably be sufficient, but can't know for sure).  I think Emby shutdown your server if you were hacked or even just configured so that the hack could happen.

The first thing their advisory says to do is add a line into your Windows hosts file, and how to do that here.  I gave the text to put in the file in the prev post.

Next, use Windows Explorer to browse to C:\Users\{your Windows user name}\AppData\Roaming\Emby-Server/plugins/configurations, look for a file called "ReadyState.xml" (or just "ReadyState" if you don't show file extensions) and delete it.  Also delete "EmbyScripterX.xml", which I think is expected to be in the same folder.

Next, browse up one level to the plugins folder and delete files "helper.dll" and/or "EmbyHelper.dll".

At this point you should be able to start Emby.  Follow the rest of the recommendations in the advisory for configuring Emby.

Last, the advisory says you should soon be notified of the update and install it.

 

 

 

 

23 minutes ago, justinrh said:

C:\Users\{your Windows user name}\AppData\Roaming\Emby-Server/plugins/configurations

On my Windows 11 computer, Emby Server has 2 subdirectories: Programdata and System.  Each has a Plugins subdirectory but neither has a file named anything like those you specifically mentioned...

I successfully modified the Hosts file using Notepad and the script you provided

Thanks for your ongoing support...

Dear justinrh,

I rebooted my computer, after editing and saving the "hosts" file as instructed, and the update to the "secure" version of Emby server was successful.

My Emby Server auto-started and I was presented with the usual log-on screen. I am offered 3 choices. The Auto log-in icon, The Manual Login icon and Forgot Password icon.

I have followed the instructions, had a .txt file written to my hard drive containing a PIN that when applied just cycles me through the series of new URL, enter PIN then a failure when I don't provide a password even though I am instructed not to insert one.

Is there any way around this?

Help. I am desperate.

John Norris

 

12 hours ago, jackthedoc said:

Dear justinrh,

I rebooted my computer, after editing and saving the "hosts" file as instructed, and the update to the "secure" version of Emby server was successful.

My Emby Server auto-started and I was presented with the usual log-on screen. I am offered 3 choices. The Auto log-in icon, The Manual Login icon and Forgot Password icon.

I have followed the instructions, had a .txt file written to my hard drive containing a PIN that when applied just cycles me through the series of new URL, enter PIN then a failure when I don't provide a password even though I am instructed not to insert one.

Is there any way around this?

Help. I am desperate.

John Norris

 

HI, can you please describe what you mean in more detail? Thanks.

Thanks, Luke

I left the system overnight and reattempted to log in today...  Totally successful.  I am, presumably, now passwordless.  Should I re-register with a new password, etc?

6 minutes ago, jackthedoc said:

Thanks, Luke

I left the system overnight and reattempted to log in today...  Totally successful.  I am, presumably, now passwordless.  Should I re-register with a new password, etc?

That would be ideal, yes.

1 hour ago, Luke said:

That would be ideal, yes.

Thanks. Done.

Is there going to be a version of this for Synology DSM 6? I still see 4.7.11 on that page.

8 hours ago, flashls82 said:

Is there going to be a version of this for Synology DSM 6? I still see 4.7.11 on that page.

 

On 6/1/2023 at 9:01 AM, Luke said:

 

Since there seems to be no progress on this and it’s radio silent on the GitHub thread, is there any way to manually apply the security fixes from this version in the meantime?

There are no recent builds of Emby Server for Synology 6. Everyone is encouraged to upgrade to DSM 7.x as quickly as possible as it has a new layer of Armor to protect you again malware exploits and other types of exploits.

The security fix stops a remote user appearing to be local.  In order for that exploit to really be useful the hacker needed two additional things.
1. Hacker needed to exploit a "bad" configuration choice that showed the admin account on the quick login screen.

You can fix this by making sure any admin account on your system has these top 2 options turned off.  You can optionally leave the bottom one enabled.
This is from the bottom of the first tab when editing a user account.

NOTE: I personally would make sure every user (not just admins) is setup this way. Never show a username unless the person has used the device before!
 

2. The hacker needed to find an admin account that had no password set or didn't require a password for local LAN use.  The fix for this is also easy.
On the fourth tab of any admin account make sure a password is set as well as making sure the bottom option is set to "Require a password on the local network".

NOTE: Again I personally would require everyone, not just admins to have a password set.  For non-admins you could optionaly use this setting:

Hope that helps,

Carlo

@CarloThanks but that wasn't really my question. I'll just ask again on the thread that's directly about the Synology issue.