"Hacked" sabnzbd?

braveheart1980 · Post by **braveheart1980** » September 27th, 2011, 3:44 pm

I had an older version of sabnzbd (0.52).
I have set up https (with certificate signed by me uing openssl) and also set up user/pass for accessing the webinterface of sabnzbd

BUT when I returned I saw sabnzbd was downloading some files that I didn't know, as if someone "hacked" sabnzbd !

Any logical explanation?

PS I now upgraded to 0.6.9 with same setup and diferent API key

Post by **shypike** » September 27th, 2011, 3:52 pm

Do you have an RSS feed set up?
Do you always know what's inside any NZB you use?

braveheart1980 · Post by **braveheart1980** » September 27th, 2011, 4:08 pm

shypike wrote:Do you have an RSS feed set up?
Do you always know what's inside any NZB you use?

For some completely unknown reason to me, yes I had rss feeds, which I deleted

Post by **shypike** » September 27th, 2011, 4:14 pm

The apikey is there to protect against a (mostly) theoretical threat.
Namely an external website that sets up a hidden iframe that manipulates your SABnzbd at localhost.
It would be a hack that's rather desperate and not very effective.
That such a hack would succeed in creating an RSS feed on your installation is not impossible,
but also not very likely.
Nevertheless, should you have more information: I'm interested.

braveheart1980 · Post by **braveheart1980** » September 27th, 2011, 4:29 pm

shypike wrote:The apikey is there to protect against a (mostly) theoretical threat.
Namely an external website that sets up a hidden iframe that manipulates your SABnzbd at localhost.
It would be a hack that's rather desperate and not very effective.
That such a hack would succeed in creating an RSS feed on your installation is not impossible,
but also not very likely.
Nevertheless, should you have more information: I'm interested.

First of all let me thank you for your answers!

Secondly, I'll see what happens and post again

Are there any log file u r interested in?

Post by **shypike** » September 27th, 2011, 4:34 pm

Not really, the log file won't tell you where the requests came from.
BTW: do you expose SABnzbd to the internet?
So access from outside your LAN?
Or outside your own system? In the latter case any other system on your LAN might get access.

braveheart1980 · Post by **braveheart1980** » September 27th, 2011, 4:51 pm

shypike wrote:Not really, the log file won't tell you where the requests came from.
BTW: do you expose SABnzbd to the internet?
So access from outside your LAN?
Or outside your own system? In the latter case any other system on your LAN might get access.

I do expose sabnzbd to the internet and to the local lan too. I tried finding something useful in the logs too, but no luck

Post by **shypike** » September 28th, 2011, 2:35 am

braveheart1980 wrote: I do expose sabnzbd to the internet and to the local lan too. I tried finding something useful in the logs too, but no luck

Then all bets are off.
I assume you do use a username and password in SABnzbd?

braveheart1980 · Post by **braveheart1980** » September 28th, 2011, 4:26 am

shypike wrote:
braveheart1980 wrote: I do expose sabnzbd to the internet and to the local lan too. I tried finding something useful in the logs too, but no luck
Then all bets are off.
I assume you do use a username and password in SABnzbd?

Of course I do. I even changed that, just in case

Post by **shypike** » September 28th, 2011, 4:53 am

Very good.
But we're no security experts so how good the username/password protection is, I don't know.
It is the standard popup-style browser dialog, so it should be OK.
Personally, I don't take this risk and communicate from outside to my home only through a VPN tunnel.
But then, I am rather paranoid.

Support Forum

"Hacked" sabnzbd?

"Hacked" sabnzbd?

Re: "Hacked" sabnzbd?

Re: "Hacked" sabnzbd?

Re: "Hacked" sabnzbd?

Re: "Hacked" sabnzbd?

Re: "Hacked" sabnzbd?

Re: "Hacked" sabnzbd?

Re: "Hacked" sabnzbd?

Re: "Hacked" sabnzbd?

Re: "Hacked" sabnzbd?