Server been hacked

[dibsta 0]

Hi all

 

when I tried using MB3 today user name a password had been changed

 

Dave

[Koleckai Silvestri 1150]

Should be a log of the event. Developers will need that. If you have your server exposed to the internet, you should make sure that you have strong passwords on all accounts. If you're using the newest dev server and clients, kill any unknown api keys listed under Server -> Security.

Edited August 4, 2014 by Wayne Luke

[moviefan 184]

Please provide more information about your setup so we can determine if there is indeed a security issue that needs to be investigated.

[Luke 37161]

there is nothing that needs to be investigated. please see the release notes from two server releases ago. we have a new security api, and clients currently are being given a grace period to update their apps. Please read the blog. Once the switch is flipped, your password is the only thing that will be able to grant programmatic access to the api. For example, nzbdrone and sickbeard are in the process of updating their apps to talk to ours, but their connectivity will not function without your explicit approval from the server dashboard. 

 

Chef's kinect app will have the same fate as well. So it is in line with industry standards. If you have a blank password though, that's a different story.

[Lee 204]

Would it be possible to have certain users (kids) only access the server from certain devices ?

I'm thinking my 3yr old only being able to connect from WMC on the server and her nowtv box??

Sent by lumia 1020 & Tapatalk