cagrown 0 Posted March 16, 2015 Share Posted March 16, 2015 Not too worried since I don't have my MB server always running, but I received the following message from my antivirus today: OS Attack: GNU Bash CVE-2014-6271 Symantec writeup: http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27907 Any advice or remarks would be greatly appreciated. I only know enough to be dangerous, and I have little experience in GNU or Unix. environment: Windows 8.1 Pro (x64) - MB Server 3.0.5518.7 - Link to comment Share on other sites More sharing options...
Solution Koleckai Silvestri 1150 Posted March 17, 2015 Solution Share Posted March 17, 2015 (edited) Do you have a ported version of GNU Bash installed on your computer? This isn't normally installed with Windows. Do you have port 4826 forwarded to something on your router? If not, the worst they can do is block you from the internet. The destination IP is not a routable internet address. Might think about taking your network out of the consumer space of 192.168.X.X and putting it in another LAN network space if you want some obfuscation. Close any ports you're not using via your router/gateway. Also think about using a VPN to allow outside connections to your network. You can set one up in Windows directly or use a router/gateway that supports creating a VPN. Though if your WAN IP Address changes regularly, you will probably need an outside service to stabilize that. Issue doesn't seem to be related to MediaBrowser directly though. Edited March 17, 2015 by Koleckai Silvestri 1 Link to comment Share on other sites More sharing options...
cagrown 0 Posted March 17, 2015 Author Share Posted March 17, 2015 I don't believe there is any GNU Bash installation. I only forward ports for a synology nas, xbox live, and media browser. I am not using port 4826 outside my LAN from what I can tell. The VPN option is a good one, but I have a friend that I share media with and would prefer not to have that additional step and credentials, especially, because I don't know what kind of traffic they'll could accidentally send through my network.Thanks for the reply, I will keep my eye out for the culprit program. Link to comment Share on other sites More sharing options...
berrick 28 Posted March 17, 2015 Share Posted March 17, 2015 (edited) Hi, Looking at the screen shot, your using 192.168.1.181 for the MB server IP address with the default port 8096? Someone from China (22.186.34.11 port 4826) is attempting to access your MB server. This maybe a molitious attack or someone just "playing". I would change the port number you are using for port forwarding in your router and make sure all user accounts on the MB server have strong passwords in place. Other things to bare in mind are that you aren't using the default password to access your router and that replies to pinging the WAN IP address are disabled. Edited March 17, 2015 by berrick 1 Link to comment Share on other sites More sharing options...
cagrown 0 Posted March 17, 2015 Author Share Posted March 17, 2015 yeah the local ip of the media browser server is 192.168.1.181 using port 8096, with wan port forwarding from port 80. good advice, I'll double check the account passwords and the router password. I did have wan pinging enabled on the router. I didn't even consider that to be a vulnerability, but i guess a ping would make sense for searching ip address ranges. thanks for the advice! Link to comment Share on other sites More sharing options...
ebr 14903 Posted March 17, 2015 Share Posted March 17, 2015 with wan port forwarding from port 80 That makes it pretty visible since 80 is the default http port. 1 Link to comment Share on other sites More sharing options...
cagrown 0 Posted March 17, 2015 Author Share Posted March 17, 2015 (edited) I'll consider changing the wan port from 80. I used it because it made the setup of Media Brower really easy with a dynamic dns. I'll look into what's required by the dynamic dns to get the port forwarding away from port 80.Edit: The dynamic dns I use has a port 80 re-direct, so I'll change the ports being forwarded by my router, Thanks! Edited March 17, 2015 by cagrown Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now