HKWang 2 Posted May 26, 2023 Posted May 26, 2023 Hello all, I'm not an IT expert and most of what's on Emby Server does not start - Security advisory 2023-05-25 does not make sense to me. I have the Asustor AS5202T and have Emby Server 4.7.11.0 installed on it. I realized last night that my TV wouldn't connect to the server so I restarted my NAS but same thing and discovered the above advisory. Can you post a beginner's step by step guide on how to restart the server on the Asustor? Thank you.
HKWang 2 Posted May 26, 2023 Author Posted May 26, 2023 Quote Add an entry to your server machine etc/hosts file: emmm.spxaebjhxtmddsri.xyz 127.0.0.1 This is the host name of the control server which the malware is communicating with As I mentioned, I am not an IT expert and I really don't know what this means and how it is done. Quote Suspicious user accounts If this is referring to user accounts of the NAS, I checked and there are no suspicious user accounts. If you are referring to Emby user accounts, I cannot open the server so I do not know. Quote Unknown processes Unknown network connections and open ports SSH configuration Firewall rules As I mentioned, I am not an IT expert and I really don't know what this means and how it is done. Quote Change all passwords Yes.
HKWang 2 Posted May 29, 2023 Author Posted May 29, 2023 Will I still have to do all those things if I delete Emby Server from my Asustor AS-5202T and install the beta Emby Server 4.8.0.37?
scb99 211 Posted May 29, 2023 Posted May 29, 2023 9 hours ago, HKWang said: Will I still have to do all those things if I delete Emby Server from my Asustor AS-5202T and install the beta Emby Server 4.8.0.37? Yes you will. Deleting the Emby server from the Asustor doesn't remove its data or plugins. When you reinstall Emby whatever this dll is will just come back. You will ned to ssh in to the Asustor to sort this out. Better wait for a dev to reply to be on the safe side. I just wanted to quickly warn you that delete and reinstall wont help and probably will make the situation worse.
HKWang 2 Posted May 30, 2023 Author Posted May 30, 2023 @scb99Thank you. @LukeI hope we get a resolution soon or at least a “for dummies” version of the guide on how to bypass this.
scb99 211 Posted May 30, 2023 Posted May 30, 2023 (edited) Hi I am typing this from memory but in the absence of an answer from Luke here is an idea 1. On the Asustor server got into Services and enable Terminal Service (ssh) on default port 22 2. From windows pc open a command window and type ssh [ip address of your NAS] -l [logon] for instance ssh 192.168.1.1 -l admin it will ask for your password, type it in Now you are on the NAS and you need to find Emby's plugin directory. I'm not sure from memory where this is but try cd /volume1/home/emby/data then type ls Hopefully you see plugins if you have found plugins, since I'm not sure what this thing is doing I think the safest thing is to just forcefully remove it, and re-add your plugins once you have reinstalled emby. This is probably overkill but better safe than sorry the command should be simply rm -rF plugins if you get an error try sudo rm -rF plugins but I don't think on the Asustor this is necessary Remember for security reasons to disable the terminal service again once you have done this Regarding the hosts file I think this is in /volume1/etc/ but you would need to edit this with vi and I think you will struggle The easiest thing, wherever your asustor is getting its DNS from (maybe your local router?), would be to add an entry there for "emmm.spxaebjhxtmddsri.xyz" and then just any old garbage ip address Having done this you should be able to remove Emby and reinstall the new secured version, then reinstall your desired plugins Hope I have helped Edited May 30, 2023 by scb99
HKWang 2 Posted May 31, 2023 Author Posted May 31, 2023 @scb99 @Luke Thank you again. I was able to access my NAS using command prompt. I found out that the "plugins" folder was at" volume1/home/emby/plugins" and deleted it. Asustor didn't like "rm -rF plugins" but it accepted the command with lower case "f" (rm -rf plugins). After that, I actually decided to delete the entire emby folder. So I moved up the directory and used "rm -rf emby" which (as far as I can tell) deleted the entire Emby folder. I restarted my NAS just in case, and re-installed "emby-server-asustor_4.7.12.0_x86-64.apk". When I tried to run Emby server (connected to my NAS using Chrome), I got the error message "This site can't be reached" again.
Jägs 82 Posted June 1, 2023 Posted June 1, 2023 I'd suggest starting from scratch by removing the Emby folder and user, as I outline in the attached post. Please heed the warning.
scb99 211 Posted June 1, 2023 Posted June 1, 2023 Hi @HKWangSo sorry for the errors in what I wrote, glad you could work your way around them. If you don't want to start from scratch you can try renaming the data directory first, then starting with a new install, and seeing if Emby is working again 1. Deinstall Emby from the Asustor 2. Rename the data directory You can ssh into the Emby like before Find the Emby data directory which I think is /volume1/home/emby/data so cd /volume1/home/emby ls see if data is there if it is mv data data_backup 3. Reinstall Emby and see if it now works If it's now working, the next thing to try would be to stop Emby, move the library.db from the data_backup into data, restart Emby and see if it still works (a) if it works, good (b) if it doesn't work then the problem is with a corrupted db, there is a utility DB Browser which may or may not be able to help with that 1
HKWang 2 Posted June 1, 2023 Author Posted June 1, 2023 @JägsThank you. It seems like I have deleted all emby related folders/files. Still no luck after re-installing Emby Server. Kind of lost here and considering if I should "factory reset" my NAS but I don't want to lose my data.
HKWang 2 Posted June 1, 2023 Author Posted June 1, 2023 How is this done? I'm not sure if not following the below step is preventing my Asustor NAS from running Emby Server. "Add an entry to your server machine etc/hosts file: emmm.spxaebjhxtmddsri.xyz 127.0.0.1"
Jägs 82 Posted June 2, 2023 Posted June 2, 2023 1 hour ago, HKWang said: How is this done? I'm not sure if not following the below step is preventing my Asustor NAS from running Emby Server. "Add an entry to your server machine etc/hosts file: emmm.spxaebjhxtmddsri.xyz 127.0.0.1" First, you'll need to install some sort of command-line text editor. I'd suggest "nano," as it is a simple text editor. You can find it by typing in "nano" into App Central. Next, after ssh'ing into your ASUSTOR, you''ll want to do the following: sudo nano /etc/hosts You'll be prompted for your password. In the editor, copy the "emmm.spxaebjhxtmddsri.xyz 127.0.0.1" and paste it into the editor. Hit CTRL+O to write the file and CTRL+X to exit. Reboot. That should do it.
HKWang 2 Posted June 2, 2023 Author Posted June 2, 2023 13 minutes ago, Jägs said: sudo nano /etc/hosts nano: error while loading shared libraries: libncurses.so.5: cannot open shared object file: No such file or directory This is the message I received from that command.
Jägs 82 Posted June 2, 2023 Posted June 2, 2023 Ugh, yeah, I received that when I tried, too, but hoped it was just my NAS. I'm not sure if there is a default command-line editor for ASUSTOR, so others can chime in if there is; otherwise, the other way to get nano is a bit more involved: from App Central, install Entware on the command line, run opkg install nano Once installed, you should be able to do the rest above... 1
scb99 211 Posted June 3, 2023 Posted June 3, 2023 i think vi is the default editor on asustor but i dont think lack of this entry would stop emby from starting? It‘s just a spoof to stop the malware phoning home?
HKWang 2 Posted June 3, 2023 Author Posted June 3, 2023 I have found and deleted the plugins folder as well as the entire Emby folder. I am not able to get Emby Server to start after re-installing. I've tried Plex last couple days but really like Emby over it. I just hope a new stable version is released soon that don't require all the complicated steps in order to use it.
Luke 39655 Posted June 3, 2023 Posted June 3, 2023 22 minutes ago, HKWang said: I have found and deleted the plugins folder as well as the entire Emby folder. I am not able to get Emby Server to start after re-installing. I've tried Plex last couple days but really like Emby over it. I just hope a new stable version is released soon that don't require all the complicated steps in order to use it. What happens when you try to start?
HKWang 2 Posted June 3, 2023 Author Posted June 3, 2023 2 minutes ago, Luke said: What happens when you try to start? I'm using the Chrome browser. I get into the NAS using my login and when I click on the Emby Server icon, Chrome opens a new tab using this address "http://192.168.68.10:8096" and Chrome returns the "This site can't be reached" error.
Jägs 82 Posted June 3, 2023 Posted June 3, 2023 Just to confirm, on the ASUSTOR, is the numeric IP address (192.168.68.10) the same? For example, the left-most tab in the screenshot above, where it says "HKW-ASUSTOR...," is it something like 192.168.10:8000? Also, in App Central, does it show Emby Server as running?
Gantzed 0 Posted June 3, 2023 Posted June 3, 2023 I am having the same issue. I have deleted everything I could find embed related and reinstalled the latest version. When I start it, Emby pops up in the processes list for a few seconds and the status is listed as Zombie. And then it disappears. I have edited the hosts file as well. For the record, many say to find emby at /volume1/home/emby and I have never found it there. There is still something lurking on the server that is not letting Emby start properly. I can't seem to find any other locations.
scb99 211 Posted June 3, 2023 Posted June 3, 2023 (edited) Well Im at my desk now and can say definitively if you want to wipe Emby completely there are two locations and this time I‘ve got it right data: /volume1/home/emby app: /volume1/.@plugins/AppCentral/emby-server uninstall Emby first then delete these two directories and I‘m pretty sure it‘s gone If if was me I would then do a quick scan of the Asustor‘s ports using your favourite portscanner and make sure nothing else is there before reinstalling Emby Edited June 3, 2023 by scb99
Gantzed 0 Posted June 3, 2023 Posted June 3, 2023 I have, without a doubt, deleted /volume1/.@plugins/AppCentral/emby-server. In fact, it vanished on its own after I uninstalled Emby. I feel like there is a residual file or dependency located somewhere else. Ports are open and forwarded when it is installed. The server just doesn't start. properly and run.
Luke 39655 Posted June 3, 2023 Posted June 3, 2023 1 hour ago, Gantzed said: I have, without a doubt, deleted /volume1/.@plugins/AppCentral/emby-server. In fact, it vanished on its own after I uninstalled Emby. I feel like there is a residual file or dependency located somewhere else. Ports are open and forwarded when it is installed. The server just doesn't start. properly and run. Is there anything under the server data folder? Emby Server Data Folder
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now