The originating IP is 86.80.121.128 even through the attacker URL is my localhost
its a GNU Bash CVE-2014-6271
Any assistance/advise would be appreciated.
Intrusion Attempt warning since upgrading to 0.20
Forum rules
Help us help you:
Help us help you:
- Are you using the latest stable version of SABnzbd? Downloads page.
- Tell us what system you run SABnzbd on.
- Adhere to the forum rules.
- Do you experience problems during downloading?
Check your connection in Status and Interface settings window.
Use Test Server in Config > Servers.
We will probably ask you to do a test using only basic settings. - Do you experience problems during repair or unpacking?
Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
-
CranialBlaze
- Newbie
- Posts: 14
- Joined: May 29th, 2010, 6:57 am
Intrusion Attempt warning since upgrading to 0.20
Ever since upgrading to the latest SABNZBD I been getting constant intrusion attempt warnings from Norton IS. It keeps blocking it, but its getting annoying now and I was wondering why I am suddenly being intruded on from Netherlands
The originating IP is 86.80.121.128 even through the attacker URL is my localhost
its a GNU Bash CVE-2014-6271
Any assistance/advise would be appreciated.
The originating IP is 86.80.121.128 even through the attacker URL is my localhost
its a GNU Bash CVE-2014-6271
Any assistance/advise would be appreciated.
Re: Intrusion Attempt warning since upgrading to 0.20
You could start by putting a username/password on your SABnzbd webinterface (Config -> General); now it's open to Internet.
The same for your CP interface.
The same for your CP interface.
-
CranialBlaze
- Newbie
- Posts: 14
- Joined: May 29th, 2010, 6:57 am
Re: Intrusion Attempt warning since upgrading to 0.20
Have set that up, how'd you even know I use CP. Still looking for a better alternative. Not like it works anyway. See if that helps.
Will report back later
Will report back later
-
CranialBlaze
- Newbie
- Posts: 14
- Joined: May 29th, 2010, 6:57 am
Re: Intrusion Attempt warning since upgrading to 0.20
So it has been a good few days and even with the PW I am still getting the warnings from Norton. Different IP this time, 62.47.249.79
Re: Intrusion Attempt warning since upgrading to 0.20
The bad guys on internet continuously do port scans.
They don't necessarily look for SABnzbd, mostly for open ports with other protocols.
The reaction of Norton is very likely correct, but it doesn't tell
you what kind of attack it is.
At the very least you should secure your SABnzbd port with a username and password.
Then you probably can tell Norton to keep blocking, but to stop complaining.
They don't necessarily look for SABnzbd, mostly for open ports with other protocols.
The reaction of Norton is very likely correct, but it doesn't tell
you what kind of attack it is.
At the very least you should secure your SABnzbd port with a username and password.
Then you probably can tell Norton to keep blocking, but to stop complaining.
-
CranialBlaze
- Newbie
- Posts: 14
- Joined: May 29th, 2010, 6:57 am
Re: Intrusion Attempt warning since upgrading to 0.20
I get that, I just find it odd that I have been using Norton for over 2 years, sabnzbd for longer, yet as soon as I upgrade to 0.20 I suddenly get these intrusion attempt.
I read up on this specific attack and its a vulnerability caused by a coding flaw which allows backdoor access,, the username and password are meaningless with this specific attack.
http://www.securityfocus.com/bid/70103
I read up on this specific attack and its a vulnerability caused by a coding flaw which allows backdoor access,, the username and password are meaningless with this specific attack.
http://www.securityfocus.com/bid/70103
Re: Intrusion Attempt warning since upgrading to 0.20
SABnzbd isn't vulnerable to these kinds of attacks.
Even if if were, just about all previous versions would be too.
There have been zero changes to the web framework the last year.
Just go back to your older versions and see what happens.
The port scans aren't triggered by a new SABnzbd version.
The Bash vulnerability is fairly recent, so scanning for it
and Norton knowing about it may very well happen to sync with your
installation of 0.7.20
Even if if were, just about all previous versions would be too.
There have been zero changes to the web framework the last year.
Just go back to your older versions and see what happens.
The port scans aren't triggered by a new SABnzbd version.
The Bash vulnerability is fairly recent, so scanning for it
and Norton knowing about it may very well happen to sync with your
installation of 0.7.20