Closed maurodelazeri closed 8 years ago
Hi @maurodelazeri
Let's take that privately. Would you mind sending more info at security@liquidsoap.fm ? In particular, how did you get those commands? Through the logs? If so then could you send us the logs at the above email address?
Thanks!
Also, do you run Liquidsoap as root? Do you have any other services running on the server? Is there any other interaction in Liquidsoap (or other programs)? How do you know for sure it is input.harbor
?
I just send an email to security@liquidsoap.fm check it out
Just to update it, Telnet is something that should be used carefully, I increased the number of characters for a password and the most important change I restrict the permissions of the User that uses liquidsoap. I have saw it for a week and it did not happen more, anyway I believe that future improvements can be made to use harbor input.
Was this security issue confirmed? Is there any news on this at all?
I'm sure you're aware but a potential security measure is to use IPTables or similar to restrict access to the harbor port to certain IPs or ranges of IPs.
I was never able to reproduce or find any conclusive evidence of a security issue in liquidsoap's code. The stack running the compromised machine was quite complex, using node up front and running as root..
2016-03-15 4:53 GMT-05:00 S54B32 notifications@github.com:
Was this security issue confirmed? Is there any news on this at all?
I'm sure you're aware but a potential security measure is to use IPTables or similar to restrict access to the harbor port to certain IPs or ranges of IPs.
— You are receiving this because you commented. Reply to this email directly or view it on GitHub: https://github.com/savonet/liquidsoap-full/issues/17#issuecomment-196746278
I'm closing this one. Please re-open or fill a new issue if/when needed.
Guys, I'm using the liquidsoap for some time, I have enabled the "input.harbor" in my script, it is a dynamic script that always generates User and password dynamically. I saw that when enabled "input.harbor" my machine is invaded and runs on my machine the following commands bellow, I formatted 3 times the machine and I did several tests and yes, the security hole that allows access to my machine is when the "input.harbor" is enabled. Basically what I noticed is that the invader installs a SYS flood in my machine, nothing more than that, but this is very serious.
Please who have "input.harbor" enabled can verify that? Check the user "webll" in your /etc/passwd