Intrusion Attempt warning since upgrading to 0.20

Get help with all aspects of SABnzbd
Forum rules
Help us help you:
  • Are you using the latest stable version of SABnzbd? Downloads page.
  • Tell us what system you run SABnzbd on.
  • Adhere to the forum rules.
  • Do you experience problems during downloading?
    Check your connection in Status and Interface settings window.
    Use Test Server in Config > Servers.
    We will probably ask you to do a test using only basic settings.
  • Do you experience problems during repair or unpacking?
    Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
Post Reply
CranialBlaze
Newbie
Newbie
Posts: 14
Joined: May 29th, 2010, 6:57 am

Intrusion Attempt warning since upgrading to 0.20

Post by CranialBlaze »

Ever since upgrading to the latest SABNZBD I been getting constant intrusion attempt warnings from Norton IS. It keeps blocking it, but its getting annoying now and I was wondering why I am suddenly being intruded on from Netherlands

The originating IP is 86.80.121.128 even through the attacker URL is my localhost
its a GNU Bash CVE-2014-6271

Image

Any assistance/advise would be appreciated.
User avatar
sander
Release Testers
Release Testers
Posts: 9070
Joined: January 22nd, 2008, 2:22 pm

Re: Intrusion Attempt warning since upgrading to 0.20

Post by sander »

You could start by putting a username/password on your SABnzbd webinterface (Config -> General); now it's open to Internet.

The same for your CP interface.
CranialBlaze
Newbie
Newbie
Posts: 14
Joined: May 29th, 2010, 6:57 am

Re: Intrusion Attempt warning since upgrading to 0.20

Post by CranialBlaze »

Have set that up, how'd you even know I use CP. Still looking for a better alternative. Not like it works anyway. See if that helps.

Will report back later
CranialBlaze
Newbie
Newbie
Posts: 14
Joined: May 29th, 2010, 6:57 am

Re: Intrusion Attempt warning since upgrading to 0.20

Post by CranialBlaze »

So it has been a good few days and even with the PW I am still getting the warnings from Norton. Different IP this time, 62.47.249.79
User avatar
shypike
Administrator
Administrator
Posts: 19774
Joined: January 18th, 2008, 12:49 pm

Re: Intrusion Attempt warning since upgrading to 0.20

Post by shypike »

The bad guys on internet continuously do port scans.
They don't necessarily look for SABnzbd, mostly for open ports with other protocols.
The reaction of Norton is very likely correct, but it doesn't tell
you what kind of attack it is.
At the very least you should secure your SABnzbd port with a username and password.
Then you probably can tell Norton to keep blocking, but to stop complaining.
CranialBlaze
Newbie
Newbie
Posts: 14
Joined: May 29th, 2010, 6:57 am

Re: Intrusion Attempt warning since upgrading to 0.20

Post by CranialBlaze »

I get that, I just find it odd that I have been using Norton for over 2 years, sabnzbd for longer, yet as soon as I upgrade to 0.20 I suddenly get these intrusion attempt.

I read up on this specific attack and its a vulnerability caused by a coding flaw which allows backdoor access,, the username and password are meaningless with this specific attack.

http://www.securityfocus.com/bid/70103
User avatar
shypike
Administrator
Administrator
Posts: 19774
Joined: January 18th, 2008, 12:49 pm

Re: Intrusion Attempt warning since upgrading to 0.20

Post by shypike »

SABnzbd isn't vulnerable to these kinds of attacks.
Even if if were, just about all previous versions would be too.
There have been zero changes to the web framework the last year.
Just go back to your older versions and see what happens.
The port scans aren't triggered by a new SABnzbd version.
The Bash vulnerability is fairly recent, so scanning for it
and Norton knowing about it may very well happen to sync with your
installation of 0.7.20
Post Reply