TiVo Community
TiVo Community
TiVo Community
Go Back   TiVo Community > Main TiVo Forums > TiVo Home Media Features & TiVoToGo
TiVo Community
Reply
Forum Jump
 
Thread Tools
Old 05-01-2015, 05:40 PM   #1
lpwcomp
Registered User
 
Join Date: May 2002
Location: John's Creek, Georgia
Posts: 6,266
Disturbing messages in pyTivo log

I have started to get the follwing messages in the pyTivo I use to push recordings to a remote TiVo:
Code:
INFO:pyTivo:185.53.168.141 [01/May/2015 13:15:00] "POST http://work.a-poster.inf
o:25000/ HTTP/1.1" 403 -
INFO:pyTivo:185.53.168.141 [01/May/2015 13:15:21] code 400, message Bad request
syntax ('\x05\x01\x00')
INFO:pyTivo:185.53.168.141 [01/May/2015 13:15:21] "♣☺ " 400 -
Is someone attempting to hack into my system?

__________________
James L. Sutherland
"You know TiVo users. Bunch of b****y little girls" TiVoAxe

"Jessica Fletcher visits Midsomer. Carnage ensues!"
lpwcomp is offline   Reply With Quote
Old 05-01-2015, 06:12 PM   #2
wmcbrine
Resistance Useless
 
wmcbrine's Avatar
 
Join Date: Aug 2003
Posts: 9,423
Undoubtedly. You might want to filter that IP.

On the plus side, it's unlikely that this attacker has any clue how to penetrate pyTivo specifically -- this is probably something that targets Apache. On the minus side, pyTivo has not really been written with exposure to hostile network activity in mind.

__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
wmcbrine is offline   Reply With Quote
Old 05-04-2015, 04:12 AM   #3
wmcbrine
Resistance Useless
 
wmcbrine's Avatar
 
Join Date: Aug 2003
Posts: 9,423
(BTW, in case it isn't clear to others who might stumble upon this thread: Running pyTivo does not, in general, open up a security hole on your system. In this case, James has had to intentionally expose his system to the wider Internet, so that the remote TiVo (i.e. remote as in, at someone else's house) can access his pyTivo server -- since every push, by its nature, ends up in a pull. But a typical pyTivo setup would not be accessible from outside your home LAN.)

__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
wmcbrine is offline   Reply With Quote
Thanks For This Post:
Old 05-04-2015, 04:37 AM   #4
telemark
Registered User
 
Join Date: Nov 2013
Posts: 1,474
The IP is from .de (Germany)

Looks like that's the magic string for SOCKS5, so it's a bot looking for open proxies.


Last edited by telemark; 05-04-2015 at 04:58 AM.
telemark is offline   Reply With Quote
Reply
Forum Jump







Thread Tools


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Advertisements





TiVo Community
Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.
vBulletin Skins by: Relivo Media


(C) 2015 DBNet - All Rights Reserved. No information may be posted elsewhere without written permission.
TiVoŽ is a registered trademark of TiVo Inc. This site is not owned or operated by TiVo Inc.
All times are GMT -5. The time now is 07:20 PM.
Page generated in 0.04821706 seconds (73.60% PHP - 26.40% MySQL) with 18 queries