FelipeFlaBR 0 Posted August 17, 2021 Posted August 17, 2021 Hi! My administrative account is being accessed from another external device. I changed the password twice. How should I proceed?
rbjtech 5285 Posted August 17, 2021 Posted August 17, 2021 It's very difficult to advise with such little information - but the first thing to do in these circumstances is to remove your internet connection and turn off all devices leaving on only your emby server and PC/console access. Reboot the remaining devices. Do a full Anti-Virus scan on the Server & PC. If clean, remove Emby remote access from within Emby, disable all the Emby accounts except the Admin and then change the password to something unique. I would also install a fresh copy of Emby over the top of your current install. Turn on all other devices and AV scan those. If you are satisfied that everything is clean, then re-open the internet access and emby remote access (still just on these devices) and watch the logs for access attempts. If you are using Emby remote on HTTP only, then I strongly suggest investing time in getting HTTPS setup.
Carlo 4561 Posted August 17, 2021 Posted August 17, 2021 8 hours ago, FelipeFlaBR said: Hi! My administrative account is being accessed from another external device. I changed the password twice. How should I proceed? Yes that's good you did this but you also want to remove the device that was using your admin user from the Device menu. That will force reauthentication and with the new password should stop them from logging in.
rbjtech 5285 Posted August 17, 2021 Posted August 17, 2021 15 minutes ago, cayars said: Yes that's good you did this but you also want to remove the device that was using your admin user from the Device menu. That will force reauthentication and with the new password should stop them from logging in. Hi Carlo - so does changing the password not force re-authentication ? I would very much hope this is not cached/valid outside the current session ...
Carlo 4561 Posted August 17, 2021 Posted August 17, 2021 Well if you're already logged in or have a token ID then you want to force it to login again for new validation and deleting the device will force this.
Painkiller88 250 Posted September 6, 2021 Posted September 6, 2021 This is why 2FA/MFA will be such a big improvement, but the request for this is already open for years.
FelipeFlaBR 0 Posted September 23, 2021 Author Posted September 23, 2021 On 9/5/2021 at 10:30 PM, Luke said: @FelipeFlaBR isso ajudou? Fixed the problem... Changing the settings to require a password on the local network.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now