More > JRiver Media Center 26 for Linux
Docker Container for JRiver Media Center 26
HaWi:
--- Quote from: max096 on August 04, 2020, 06:03:40 pm ---How did you block germany as a country?
--- End quote ---
I am using the Synology Firewall, there you can select Countries but, as you say, that might be spotty.
--- Quote from: max096 on August 04, 2020, 06:03:40 pm ---Can you lookup what IPs are on that list your router is using? Try to instead block specific IPs, or ranges. If your router has a country based blocking system it might very well be spotty. The only way that I can tell to find out where an IP is coming from is to ask external services that supposedly know it, because they built databases mapping it based on what IPs belong to what ISP (currently, hopefully). But threw the actual connection there is not really anything you can trust that I know of to really tell where the IP is coming from.
--- End quote ---
I have also blocked ranges of IP's but there have been >1500 IPs so far ... And I blocked myself a few times, too ;D
I ran Traceroute in Network Utilities on my Mac, and the penultimate server often shows a domain name, like a provider (Telstra, in Sweden comes up often, too), so I am only guessing. I have set up a quick and dirty OpenVPN server on the Synology but am unclear if I should now remove all Port fwds from my Router, which is a Eero, and makes it very painful to reopen them. If I do it, do I need to open the ports through VPN? I am a total noob, I'm afraid.
Scobie:
Would it be worth destroying the Container and redownloading the image?
May be that you've been hacked so best thing is just to kill it and redeploy...?
HaWi:
--- Quote from: Scobie on August 04, 2020, 10:27:33 pm ---Would it be worth destroying the Container and redownloading the image?
May be that you've been hacked so best thing is just to kill it and redeploy...?
--- End quote ---
I don't think I have been hacked. All the attempts failed at authentication.
HaWi:
I am running into a problem now that when I activate the firewall, I cannot open MC26 on port 5800 anymore. I have a rule opening it, though. I also open all the other ports that I thought I needed, like 5900, 51000, 51101, 52199, 52000. Are there any ports I am missing? The problem goes away when I disable the final Deny All rule.
Many thanks,
Hans
EDIT: I think I figured it out. Some ports were UDP and needed to be TCP...
max096:
--- Quote from: HaWi on August 06, 2020, 09:55:06 am ---I am running into a problem now that when I activate the firewall, I cannot open MC26 on port 5800 anymore. I have a rule opening it, though. I also open all the other ports that I thought I needed, like 5900, 51000, 51101, 52199, 52000. Are there any ports I am missing? The problem goes away when I disable the final Deny All rule.
Many thanks,
Hans
--- End quote ---
You just need 52199 to be able to connect to it with JRiver and JRemote etc. 5900 or 5800 for VNC if you need it. Have you tried to enable SECURE_CONNECTION? You can read up more here https://github.com/jlesage/docker-baseimage-gui#security. Id recommend it either way if you do want to host it in a public manner. It might also have the unintended side effect of breaking whatever VNC client they are using, because SSL over VNC is very much not a standard feature at all. You are very restricted in what VNC client you are able to use with it. A lot of them donīt work with it at all. Just use one that works yourself.
About your firewall rules. I canīt really help you with that either as Im not very familiar with synology NAS. Im sure there are many resources out there as itīs very popular NAS solution. I do however think that blocking all people that ever try to access it is a real rats nest to get into especially if you are getting thouthands of requests already. IPs are very easy to come by these days with all the AWS of the world that allow you to just spin up things anywhere around the globe on demand. I would say keep the container up to date (at least once every monthsīish) with a secure enough password you should not have problems with it. Make backups of your config and music directory and they wonīt even be able to do any considerable damage when they get it right.
If you can manage also try to use a different public port other than 5900 (or use the 5800 web ui, should also be better). As 5900 is the default VNC port it is what people would look for. Just pick something like 8083 you will likely see far less access on it. If you cannot do it on your router like this for some reason I think you can also change it with the -rfbport option. I however never tried this and am not sure if the webui would still work when the VNC port has changed inside the container.
Just to give you an idea how many possible combinations there are in passwords to make you a bit more comfortable about your thouthands of requests. There are 26 letters in the alphapet. Lets just say we restrict ourselves to only lower case letter and 10 of them. That would mean you have 26! / (26-10)! options which if you type it into google (well... calculator on the go lul) it spits out 1.9275224e+13 possible combinations, so appearently google decides 19275224000000 is too big for the calculator already to display (e+13 means * (10^13)). You can play this game with bigger sets of possible characters and/or longer passwords. You will find that you very quickly reach a number that is unimaginable big in human terms. Meaning if your password is secure enough you probably cannot brute force it. They would need some exploit or social engineering to skip or get the password. They still try anyways as there are a lot of machines out there that run unsecure passwords you would find in common password lists, or combinations of those lists. Or itīs a well known default password from products that automatically configure VNC.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version