INTERACT FORUM
More => Old Versions => JRiver Media Center 24 for Windows => Topic started by: mwillems on August 20, 2018, 07:13:13 pm
-
Should folks with internet facing JRiver servers change their access keys, or are those safe?
[Edit by JimH -- this thread was split from Servers Compromised (https://yabb.jriver.com/interact/index.php/topic,117123.0.html) ]
-
+1
What's working and what's not? (Dlna isn't working for me)
-
Is our interact password stored in the clear (i.e. not hashed) on your servers?
-
I changed my Interact password, but where do we need to go to change our "merchant server" passwords? It might make sense to include helpful links for that to make it easier for people. Even better would be to force password resets, if possible, and send emails out to everyone to let them know they need to reset their passwords.
-
More information would certainly be appreciated when available.
I have three different passwords associated with JRiver; Forum, Wiki, and Rover (created for each purchase/upgrade from memory). Are all compromised?
All passwords were encrypted, right?
I can change the Forum and Wiki passwords, but from memory, I can't change a password associated with a purchase or upgrade. i.e. The Rover password. I see it is still down anyway. Some instructions regarding Rover and licences would be appreciated.
It looks like the Access Key functionality is still working, but is it a threat at all? I wouldn't think so, other than identifying the IP Address of a MC installation that was internet facing. That MC installation should still require a User and Password to gain access, so as long as it isn't the same, no-one will get in.
No doubt you are busy at the moment. But the extent of the issue would be good to know.
-
No Credit card information was lost because we made the decision many years ago not to store credit cards.
It was a wise decision. Let this be the occupation of PayPal.
-
I'll be the first to contribute... But I want the "offline" day to day runnin' to not get in the way of these exceptions! This is from one that has upgraded from mc18! Checks for plugins has to stop as they are right now...there has to be a better was of checking new updates of plugins that takes downtime in regards.
-
Access Key does not seem to be working.
I revoked my old key and tried to assign a new one. JRiver says it can't connect.
Media Center 24.exe is allowed through my firewall; nothing else changed on my end and this worked fine before so I don't think this has anything to do with firewall or router. I have also verified from the outside in port 52199 and 52200 are open
Aside from the forum (which I changed my password), what else do I need to change? And please confirm you are storing hashed passwords - and something better than SHA1
-
We'll just have to wait... But they'll get it sorted (in the same boat).
-
I changed my Interact password, but where do we need to go to change our "merchant server" passwords? It might make sense to include helpful links for that to make it easier for people. Even better would be to force password resets, if possible, and send emails out to everyone to let them know they need to reset their passwords.
It's the buy-button server, where you retrieve your licenses.
Some of this won't work for another day or two.
I agree on resetting passwords.
-
Spike,
I moved your password post here:
https://yabb.jriver.com/interact/index.php/topic,117127.msg810281.html#msg810281
-
I changed my Interact password too. I'd highly suggest everyone should!
-
Thanks for the quick and open disclosure of this. A much better response than those organisations that try to hide such break ins.
-
Thanks Jim - Sorry about your issues. I've changed my passwords including MC server passwords just in case.
-
Split some password discussion here:
https://yabb.jriver.com/interact/index.php/topic,117127.msg810309.html#msg810309
-
You could send the hacked accounts to https://haveibeenpwned.com/, and direct folks to go there to check whether a username or e-mail of there's has been compromised.
Never mind, I see you already did that over on the password discussion thread - https://yabb.jriver.com/interact/index.php/topic,117127.0.html
Thanks!
-
The access key server is back online
-
Hi there,
i just install a few days a go media center on my qnap new.
i can not enter my key as its showing an error. "can not access server" so i extend the trial what works for me fine.
When i can use my master lic or when is the server up again to use my final key?
thx
-
We expect it to be back in a day or two, but we won't put it online until we find the cause of the problem. I'm sorry.
I'll try to keep you posted.
-
Thx, jim
Am sorry for your server problems
-
Hello, MC crashed, and now upon start it asks for license, how can i get it working? I am unable to play anything, MC simply wont start.
-
Hello, MC crashed, and now upon start it asks for license, how can i get it working? I am unable to play anything, MC simply wont start.
Send an email to deanna (at) jriver (dot) com with your license code and she will have it send email you the .mjr file to register it.
-
Hi; I formated my pc but i can't activate my jriver license. How can i restore my license
-
Hi; I formated my pc but i can't activate my jriver license. How can i restore my license
Read the reply just above your question.
-
Password Reset?
I received an email from the forum early this morning....
Dear marko,
This mail was sent because the 'forgot password' function has been applied to your account. To set a new password, click the following link:
hxxps://yabb.jriver.com/interact/index.php?action=reminder;sa=xxxxxxxx;u=xxxxx;code=xxxxxxxxx
IP: 93.142.49.209
Username: marko
Regards,
The INTERACT FORUM Team.
This appears to be a Croatian IP address. Anything to be concerned about here?
-marko
-
Password Reset?
I received an email from the forum early this morning....This appears to be a Croatian IP address. Anything to be concerned about here?
-marko
Either it's an mistake typing in the email address on the request reset form from that address or an attempt to change it which won't work without access to the email.
-
OK, cheers Bob. I can't see them typing my email address accidentally... I might be wrong, but in my head, that's not a common email address.
Maybe one of the 15 others that use marko in their names hit reset thinking it was theirs. I'll ignore it for now.
-marko