Hellgate 0 Posted November 1, 2016 Share Posted November 1, 2016 I have the problem that none of the CSS settings is carrying over to Emby Connect for my other users, while it's working fine as long as I connect from the server IP / Domain directly,as soon as I connect via Emby connect, none of the changes apply anymore. This poses a potential security risk for my dedicated server. I found a similar topic from 2015 where luke answered but it was not really helpful to solve the problem. I am on the road a lot and run Emby on a dedicated server. But Emby is exposing one of my servers usernames in the path info, after noticing I disabled password login for that user and only use ssh key login. But since I share the media center with some people in my family and their kids i suddenly get brute force attacks on the specific username Emby exposes. I found out who did it by blocking the IP and then having a look at who no longer can connect to Emby,stupid kids, but it still poses a potential security risk for people running Emby on dedicated servers who might not be as knowledgeable as I am. Manipulating itemdetails.html to remove the info is not working either. Is there any other way I could enforce the mediaInfoContent not to be shown? Looking forward to your replies. Thanks for your time in advance. Link to comment Share on other sites More sharing options...
Happy2Play 8138 Posted November 1, 2016 Share Posted November 1, 2016 (edited) @@Luke can custom css carryover to Connect? I know currently no custom css has ever carried over to Emby Connect not sure if it is possible since Connect is a different server version then your local server also. Edited November 1, 2016 by Happy2Play Link to comment Share on other sites More sharing options...
Hellgate 0 Posted November 1, 2016 Author Share Posted November 1, 2016 @@Luke can custom css carryover to Connect? I know currently no custom css has ever carried over to Emby Connect not sure if it is possible since Connect is a different server version then your local server also. Thanks for the reply Happy. It's no problem if the custom CSS does not carry over, it was just not clear to me in the first place. The problem here is that I currently found no way to disable the Path info for my remote guests, by current design Emby exposes the full path and user like /home/testuser/BirthdayPartyVideos/. In this case testuser is visible to all users and guests of the server. That exposure resulted in my case in a targeted brute force attack on my ssh port. Instead of having to guess a valid username and password the attacker tried to guess only the password, since he had a valid user from the Emby path info. So I'm looking for a way to make the path name invisible for my guests. Would disconnecting everything from Emby connect and having users log in over a Domain -> Server IP help in this case? I am coming from Plex and really like Emby so far, but that emby exposes security relevant information to remote users that can be used to potentially compromise a user account on my server is an absolutely no-go. Link to comment Share on other sites More sharing options...
Luke 36878 Posted November 3, 2016 Share Posted November 3, 2016 What you can do is click on a user in Emby server setup, then you can choose to hide that user from login screens. From that point forward the user info will not be visible publicly. Going forward we will hide the path for non-admins. thanks. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now