Get_iplayer is streaming live TV!

d.lake at surrey.ac.uk d.lake at surrey.ac.uk
Mon Nov 28 06:39:43 PST 2016


I don't use any standard ports for anything....  I also only use SSH with a private cert.

It's running as a VM on a VM which I snapshot daily.  If someone breaks in and breaks it (which they haven't in 5 years), I tear it down and start another.

But yeah - running anything as root is a stupid idea (but I am very, very stupid at times :-) )

On this occasion, I think a simple password capture will probably do the trick.

Ho hum.  More stuff to do.


-----Original Message-----
From: get_iplayer [mailto:get_iplayer-bounces at lists.infradead.org] On Behalf Of Nick
Sent: 28 November 2016 14:02
To: get_iplayer at lists.infradead.org
Subject: Re: Get_iplayer is streaming live TV!

On Mon, 28 Nov 2016 12:40:58 +0000
<d.lake at surrey.ac.uk> wrote:

> I suspect the aim is to stream BBC TV programmes from outside the 
> UK...
> 
> I run my get_iplayer server on a VPS using a VERY unusual port
> number.   I had assumed that would be good enough, but it wasn't.
> 
> Because I spend a lot of my time travelling, all my music and radio
> downloads are stored on a cloud VPS server.   I can't really block
> down by IP address because I don't really know where I'll be 
> connecting from.
> 
> I'll have a hack round the get_iplayer.cgi and see if I can add some 
> sort of basic password.

Are you running the cgi as root? Your other emails had paths that were very rooty. If so, that is asking for problems. Someone just using your cgi to just pirate some TV programmes might be a lucky escape.

I recommend SSH for getting arbitrary services across the internet securely. Have it listening on port 443 and you can get to it from anywhere, even through restrictive firewalls.

A command like:

ssh -L 8080:127.0.0.1:8080 -p 443 user at host

The above would tunnel port 8080 on your machine to 127.0.0.1:8080 at the server end. So if you have gip cgi running on the server, listening only on 127.0.0.1 and port 8080, you can bring that port to your local computer over SSH. On the local computer (where you are running the ssh client) you would also connect to http://127.0.0.1:8080

If you really want to run gip as root, like this you can still ssh in as an unprivileged user.

Nick

_______________________________________________
get_iplayer mailing list
get_iplayer at lists.infradead.org
http://lists.infradead.org/mailman/listinfo/get_iplayer

-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2016.0.7924 / Virus Database: 4664/13487 - Release Date: 11/27/16



More information about the get_iplayer mailing list