Jump to content

Emby shows unknown users


Doebert
 Share

Recommended Posts

Doebert

All of a sudden I can no longer get into Emby??

When I start Emby in windows 10 it shows 2 unknown users. 1-computerguyiptv and 2-doom. I have no idea who they are? When I try to log in with my credentials it doesn't recognize my account.

I first noticed a problem when I was trying to access it on Roku and it showed my server name with addition info after that "LIVETV VOD AND MORE". I have no idea where that came from either??

So........what should I do to resolve this without losing all my media?

 

Thanks in advance.

 

 

Link to comment
Share on other sites

Doebert

Emby server is shut down and I am currently doing a full system scan for virus's.

I located the logs and will forward to Luke.

 

Thanks for the quick responce.

Link to comment
Share on other sites

wayloncovil

Emby server is shut down and I am currently doing a full system scan for virus's.

I located the logs and will forward to Luke.

 

Thanks for the quick responce.

@@Doebert,

I'm sorry your system was compromised. This is a big deal.

Once you figure out what happened, please let us know so we can be educated so we can prevent this from happening to ourselves.

Thanks!

Link to comment
Share on other sites

Happy2Play

Did your admin user have a set password?

Link to comment
Share on other sites

Doebert

@@Doebert,

I'm sorry your system was compromised. This is a big deal.

Once you figure out what happened, please let us know so we can be educated so we can prevent this from happening to ourselves.

Thanks!

Will do.

I have rock solid virus protection and the complete system scan shows no threats.

I was thinking a system restore may work,  but I am not doing anything until the Admins review.

Also from a quick look @ my libraries it looks like all my media is OK, but will confirm later.

Link to comment
Share on other sites

darkassassin07

This exact case has come up several times in the last couple months. It has always come down to users on the server having no password or a very weak password as well as admin rights on the server. A malicious third party has been getting into servers through poorly setup user accounts.

 

 

This can be made easier for hackers if you have 'my easy pincode' setup for easy lan access, and a reverse proxy that isnt correctly passing the clients ip address making all connections look like lan access.

I had that issue, where users that had a strong password setup as well as a blank pin code for password-less lan login could login outside the lan without a pass because the emby server saw the proxy as the client instead of seeing the client thats connected to the proxy.

  • Like 1
Link to comment
Share on other sites

Doebert

This exact case has come up several times in the last couple months. It has always come down to users on the server having no password or a very weak password as well as admin rights on the server. A malicious third party has been getting into servers through poorly setup user accounts.

 

 

This can be made easier for hackers if you have 'my easy pincode' setup for easy lan access, and a reverse proxy that isnt correctly passing the clients ip address making all connections look like lan access.

I had that issue, where users that had a strong password setup as well as a blank pin code for password-less lan login could login outside the lan without a pass because the emby server saw the proxy as the client instead of seeing the client thats connected to the proxy.

I only had 1 user and I thought the password was strong.

I have no idea what 'my easy pincode' is or how it is used.

As far as admin rights to the server this is required for a single user isn't it?

I was using an older version of Emby (3.5.3.0) as it was running great and didn't want to upgrade yet, but that may have been a mistake for security reasons.

Link to comment
Share on other sites

Pog22

I only had 1 user and I thought the password was strong.

I have no idea what 'my easy pincode' is or how it is used.

As far as admin rights to the server this is required for a single user isn't it?

I was using an older version of Emby (3.5.3.0) as it was running great and didn't want to upgrade yet, but that may have been a mistake for security reasons.

 

Have you used this password elsewhere? 

https://haveibeenpwned.com/

  • Like 1
Link to comment
Share on other sites

Pog22

I would definitely check your password there.

You don't check your password there. You check your email address against a list of known public hacks

Link to comment
Share on other sites

BAlGaInTl

You don't check your password there. You check your email address against a list of known public hacks

You are incorrect.

 

They recently added the ability to check passwords and provide an API for applications to use. That is why many password managers now have a check to see if a specific password has been compromised.

 

Here is the link to the direct password checking:

 

https://haveibeenpwned.com/Passwords

 

Yes... you can also check for email accounts that have been involved in breaches, but the direct password checking can be even more telling.

  • Like 2
Link to comment
Share on other sites

Doebert

Have you used this password elsewhere? 

https://haveibeenpwned.com/

The admin's think I did not set a password, but I am like 99% sure I did??

I would never leave the password blank as that would be stupid.

I used to have the same password for the server and the forum if that matters....but not any more!

I also think it's not a coincident that the unknown user 'Doom' was used in my account and in the link above that Happy2Play provided. Seems like there is someone out there targeting Emby servers.

 

Anyway, Thanks for the info. I checked my old password and it checked out OK.

Edited by Doebert
Link to comment
Share on other sites

Pog22

 

I also think it's not a coincident that the unknown user 'Doom' was used in my account and in the link above that Happy2Play provided. Seems like there is someone out there targeting Emby servers.

Not a person, a bot, crawls the internet looking for easily hacked servers

Link to comment
Share on other sites

Happy2Play

Local User and Connect user are two different accounts.  Local user has its own area to set password on your server, and Connect has the forum/Connect to control its password.

 

So you went to Dashboard-Users-selected your user-went to passwords tab and applied a password, as there was no password applied at the creation of the user.  This admin password issue has been resolved for new installs of v4.1+..

Link to comment
Share on other sites

Doebert

Local User and Connect user are two different accounts.  Local user has its own area to set password on your server, and Connect has the forum/Connect to control its password.

 

So you went to Dashboard-Users-selected your user-went to passwords tab and applied a password, as there was no password applied at the creation of the user.  This admin password issue has been resolved for new installs of v4.1+..

Thanks for the info and I am now running 4.1.1.0

But let me ask you a stupid question....

When I would log out of the server and log back in I would enter a password. If I didn't create a password initially it would not let me log in would it?

Or am I missing something?

 

Thanks again

Link to comment
Share on other sites

Happy2Play

Thanks for the info and I am now running 4.1.1.0

But let me ask you a stupid question....

When I would log out of the server and log back in I would enter a password. If I didn't create a password initially it would not let me log in would it?

Or am I missing something?

 

Thanks again

 

How were you logging in?  Connect or locally?

Link to comment
Share on other sites

Doebert

How were you logging in?  Connect or locally?

On my P.C. which is locally is that correct?

Link to comment
Share on other sites

Happy2Play

On my P.C. which is locally is that correct?

 

You can do either on your PC.  What url would that be?

Link to comment
Share on other sites

darkassassin07

He meams were you using app.emby.media or were you connecting directly to your server with an ip+port combo like 192.168.0.75:8096 or even your own domain name.

Link to comment
Share on other sites

Doebert

You can do either on your PC.  What url would that be?

I am a little confused on the locally and the connect (imagine that), which I will have to read up on.

Let me put it another way.

On my PC where I have Emby installed in the browser is where I would log in.

Url is localhost:8096

Link to comment
Share on other sites

Happy2Play

I am a little confused on the locally and the connect (imagine that), which I will have to read up on.

Let me put it another way.

On my PC where I have Emby installed in the browser is where I would log in.

Url is localhost:8096

 

If you were connecting via localhost:8096 and had to enter a password, then you did have a applied password.  I guess the next question would be was that the only user account on the server?

Edited by Happy2Play
Link to comment
Share on other sites

Doebert

If you were connecting via localhost:8096 and had to enter a password, then you did have a applied password.  I guess the next question would be was that the only user account on the server?

Yes

In the beginning I had a couple of users but I deleted them a few months ago.

The single user which of course was a admin was not hidden and I am guessing that may be how they got in.

Just trying to identify the problem so it doesn't happen again to me or anyone else.

Link to comment
Share on other sites

wayloncovil

Yes

In the beginning I had a couple of users but I deleted them a few months ago.

The single user which of course was a admin was not hidden and I am guessing that may be how they got in.

Just trying to identify the problem so it doesn't happen again to me or anyone else.

 

How complex was the admin password?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...