I don't use any standard ports for anything.... I also only use SSH with a private cert.
It's running as a VM on a VM which I snapshot daily. If someone breaks in and breaks it (which they haven't in 5 years), I tear it down and start another. But yeah - running anything as root is a stupid idea (but I am very, very stupid at times :-) ) On this occasion, I think a simple password capture will probably do the trick. Ho hum. More stuff to do. -----Original Message----- From: get_iplayer [mailto:get_iplayer-boun...@lists.infradead.org] On Behalf Of Nick Sent: 28 November 2016 14:02 To: get_iplayer@lists.infradead.org Subject: Re: Get_iplayer is streaming live TV! On Mon, 28 Nov 2016 12:40:58 +0000 <d.l...@surrey.ac.uk> wrote: > I suspect the aim is to stream BBC TV programmes from outside the > UK... > > I run my get_iplayer server on a VPS using a VERY unusual port > number. I had assumed that would be good enough, but it wasn't. > > Because I spend a lot of my time travelling, all my music and radio > downloads are stored on a cloud VPS server. I can't really block > down by IP address because I don't really know where I'll be > connecting from. > > I'll have a hack round the get_iplayer.cgi and see if I can add some > sort of basic password. Are you running the cgi as root? Your other emails had paths that were very rooty. If so, that is asking for problems. Someone just using your cgi to just pirate some TV programmes might be a lucky escape. I recommend SSH for getting arbitrary services across the internet securely. Have it listening on port 443 and you can get to it from anywhere, even through restrictive firewalls. A command like: ssh -L 8080:127.0.0.1:8080 -p 443 user@host The above would tunnel port 8080 on your machine to 127.0.0.1:8080 at the server end. So if you have gip cgi running on the server, listening only on 127.0.0.1 and port 8080, you can bring that port to your local computer over SSH. On the local computer (where you are running the ssh client) you would also connect to http://127.0.0.1:8080 If you really want to run gip as root, like this you can still ssh in as an unprivileged user. Nick _______________________________________________ get_iplayer mailing list get_iplayer@lists.infradead.org http://lists.infradead.org/mailman/listinfo/get_iplayer ----- No virus found in this message. Checked by AVG - www.avg.com Version: 2016.0.7924 / Virus Database: 4664/13487 - Release Date: 11/27/16 _______________________________________________ get_iplayer mailing list get_iplayer@lists.infradead.org http://lists.infradead.org/mailman/listinfo/get_iplayer