Page 1 of 1
Intrusion Attempt warning since upgrading to 0.20
Posted: December 26th, 2014, 8:03 am
by CranialBlaze
Ever since upgrading to the latest SABNZBD I been getting constant intrusion attempt warnings from Norton IS. It keeps blocking it, but its getting annoying now and I was wondering why I am suddenly being intruded on from Netherlands
The originating IP is 86.80.121.128 even through the attacker URL is my localhost
its a GNU Bash CVE-2014-6271
Any assistance/advise would be appreciated.
Re: Intrusion Attempt warning since upgrading to 0.20
Posted: December 26th, 2014, 9:21 am
by sander
You could start by putting a username/password on your SABnzbd webinterface (Config -> General); now it's open to Internet.
The same for your CP interface.
Re: Intrusion Attempt warning since upgrading to 0.20
Posted: December 26th, 2014, 9:32 am
by CranialBlaze
Have set that up, how'd you even know I use CP. Still looking for a better alternative. Not like it works anyway. See if that helps.
Will report back later
Re: Intrusion Attempt warning since upgrading to 0.20
Posted: December 30th, 2014, 4:20 am
by CranialBlaze
So it has been a good few days and even with the PW I am still getting the warnings from Norton. Different IP this time, 62.47.249.79
Re: Intrusion Attempt warning since upgrading to 0.20
Posted: December 30th, 2014, 5:58 am
by shypike
The bad guys on internet continuously do port scans.
They don't necessarily look for SABnzbd, mostly for open ports with other protocols.
The reaction of Norton is very likely correct, but it doesn't tell
you what kind of attack it is.
At the very least you should secure your SABnzbd port with a username and password.
Then you probably can tell Norton to keep blocking, but to stop complaining.
Re: Intrusion Attempt warning since upgrading to 0.20
Posted: December 30th, 2014, 6:06 am
by CranialBlaze
I get that, I just find it odd that I have been using Norton for over 2 years, sabnzbd for longer, yet as soon as I upgrade to 0.20 I suddenly get these intrusion attempt.
I read up on this specific attack and its a vulnerability caused by a coding flaw which allows backdoor access,, the username and password are meaningless with this specific attack.
http://www.securityfocus.com/bid/70103
Re: Intrusion Attempt warning since upgrading to 0.20
Posted: December 30th, 2014, 6:35 am
by shypike
SABnzbd isn't vulnerable to these kinds of attacks.
Even if if were, just about all previous versions would be too.
There have been zero changes to the web framework the last year.
Just go back to your older versions and see what happens.
The port scans aren't triggered by a new SABnzbd version.
The Bash vulnerability is fairly recent, so scanning for it
and Norton knowing about it may very well happen to sync with your
installation of 0.7.20