Jump to content

How to secure the server and privacy


jim_lee
 Share

Recommended Posts

Hello

I have been searching for several hours on how to disable the remote access and possibly make it more secure so no one else outside my network can see my files 

I read this topic "Disable Remote Access?" and many other topics - being newbie I have no idea how to disable it

when I go to My_IP_ADDRESS:8096 from other internet networks, it brings up a page that has my profile, 

 

can someone please make a step by step instruction on how to disable the remote so no one outside the network can access / know about me running this server?

thank you

Link to comment
Share on other sites

Two steps:

 

1) In the server dashboard Advanced->Hosting page un-check "Enable automatic port mapping".

2) Delete any port forwarding rules relating to your Emby server from your router (how to do this depends on the router)

Link to comment
Share on other sites

Two steps:

 

1) In the server dashboard Advanced->Hosting page un-check "Enable automatic port mapping".

2) Delete any port forwarding rules relating to your Emby server from your router (how to do this depends on the router)

thanks for the quick reply 

for step 2, does Emby server adds those rules automatically? because I didnt set up any rules

Link to comment
Share on other sites

thanks for the quick reply 

for step 2, does Emby server adds those rules automatically? because I didnt set up any rules

 

See step number one :).

Link to comment
Share on other sites

Well, that is a process that runs at server start up.  Once it happens, the rules will be there in your router.  So, you'll need to go to the router setup and remove/disable them.

Link to comment
Share on other sites

My "see step 1" comment was simply an answer to your question - yes, we do automatically create the rules, if that option is enabled.

Link to comment
Share on other sites

I fail to understand why this option is turned on by default. It should be opt-in not opt-out. There are a large number of posts about the topic and the consensus seems to be that people want to make the decision themselves not have it pre-decided for them.

Link to comment
Share on other sites

If it did, I don't believe I saw it. And if it did it should probably be highlighter, maybe on its own screen of the wizard.

Link to comment
Share on other sites

I fail to understand why this option is turned on by default. It should be opt-in not opt-out. There are a large number of posts about the topic and the consensus seems to be that people want to make the decision themselves not have it pre-decided for them.

This only happened if "uPnP" is enabled on your router.  If it is off on your router then the request can never be made.  So it really doesn't matter what the server wants to do if you have your router set up the way you want.

Link to comment
Share on other sites

When a generic user gets their router they almost never, ever login to make a single change. I never changed any uPnP setting in my router, which means it was a default setting. I installed emby and it decides to open ports. Sorry, but that's not particularly user friendly.

Link to comment
Share on other sites

Deathsquirrel

It should probably be off by default...and people that are going to pitch a fit about any security setting probably shouldn't be running the default settings on their router when said router supports UPNP reconfiguration ;)

  • Like 1
Link to comment
Share on other sites

Well, you had me at the first part. In terms of the rest of the sentence, not-so-much. People who are going to "pitch a fit" are either doing so because (a) "default on" is a terrible design when it comes to something that should be opt-in or (B) because they clicked on the link for the external IP and realized their videos were available to the world. In terms of the router supporting UPNP by default, I'll just add it to the list of reasons why Verizon's equipment sucks  :D

Link to comment
Share on other sites

 Sorry, but that's not particularly user friendly.

 

Actually, it is extremely user friendly but not very security conscious. 

 

However, note that the API is secure - assuming you give your users passwords.

Link to comment
Share on other sites

Well, you had me at the first part. In terms of the rest of the sentence, not-so-much. People who are going to "pitch a fit" are either doing so because (a) "default on" is a terrible design when it comes to something that should be opt-in or (B) because they clicked on the link for the external IP and realized their videos were available to the world. In terms of the router supporting UPNP by default, I'll just add it to the list of reasons why Verizon's equipment sucks :D

So did you also complain to Verizon that there default configuration is insecure and should be opt in rather than opt out too ;)

  • Like 1
Link to comment
Share on other sites

Maleficarum

When a generic user gets their router they almost never, ever login to make a single change. I never changed any uPnP setting in my router, which means it was a default setting. I installed emby and it decides to open ports. Sorry, but that's not particularly user friendly.

 

Most router manufacturers worth a damn will tell you in the user guides to make changes as soon as you install an item of theirs, including, but not limited to user passwords and port settings. If a user doesn't make those changes then that's on them. If people could actually be bothered to look at the settings a device offers and configure them properly and not run stock the multiple lists of default router passwords available on the internet would not be such a problem.

  • Like 1
Link to comment
Share on other sites

So did you also complain to Verizon that there default configuration is insecure and should be opt in rather than opt out too ;)

It's possible. I've complained to them about so many things it might have gotten lost in the pile :)

  • Like 1
Link to comment
Share on other sites

Most router manufacturers worth a damn will tell you in the user guides to make changes as soon as you install an item of theirs, including, but not limited to user passwords and port settings. If a user doesn't make those changes then that's on them. If people could actually be bothered to look at the settings a device offers and configure them properly and not run stock the multiple lists of default router passwords available on the internet would not be such a problem.

Because most cable customers are well-aware of the fact that they need to read the user guide for their cable modem? I'd politely suggest that someone qualified to be an alpha tester probably associates with people who are more technologically savvy than the average user who has read on cnet or some other site that "cutting the cable" is the newest thing to do and a smart move and what all the cool kids are doing and, and, and ... People look to emby (and Plex and the other HTPC-related software) to help them easily watch movies that they've ripped after paying $50 for some software recommended by the aforementioned cnet article. They're not looking for lessons in how to make sure their router is (or isn't) configured. My point (and based on a search through the forum archives, the point of a multitude of others) is that it should be opt-in and not opt-out. If you want to be able to watch your videos when you're not at home, then click here. Otherwise, don't worry about it.

Link to comment
Share on other sites

  • 2 weeks later...

As an FYI - Just did a complete delete/reinstall. I'm running the server on OS X. There is no startup wizard.

Link to comment
Share on other sites

There is, it just may not launch by default on all systems. So once you visit the web interface, you'll be redirected to the startup wizard. If that's not happening then your complete delete was probably not as complete as you thought.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...