Hello,The station I run using ice cast keeps being targeted by a hacker.They manage to kill and start our stream at there own will. They have messaged us through a fake Facebook account telling us that they are hacking us and that in order for it to stop we need to give them our Wordpress admin, this was obviously never sent over. Any suggestions on how to stop and defend these attacks would be highly appreciated. Kindest RegardsHannah Carroll -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.xiph.org/pipermail/icecast/attachments/20160412/b0b47ab2/attachment.html>
On 12 Apr 2016, at 19:51, Hannah Carroll wrote:> Hello,The station I run using ice cast keeps being targeted by a > hacker.They manage to kill and start our stream at there own will. > They have messaged us through a fake Facebook account telling us that > they are hacking us and that in order for it to stop we need to give > them our Wordpress admin, this was obviously never sent over. > Any suggestions on how to stop and defend these attacks would be > highly appreciated.To discover more about your problem, we need more information. In the most recent Icecast Version (2.4.2 or 2.4.3 for Windows) there is no known security vulnerability that would allow this kind of denial of service. Which Icecast Version are you using? If you are using a recent version of Icecast and still have this problem, we would need error and access logs and a estimated time when the incident happened to find out what happened. Kind regards, Marvin Scholz
Hannah Carroll:> Hello,The station I run using ice cast keeps being targeted by a hacker.They manage to kill and start our stream at there own will. They have messaged us through a fake Facebook account telling us that they are hacking us and that in order for it to stop we need to give them our Wordpress admin, this was obviously never sent over. > Any suggestions on how to stop and defend these attacks would be highly appreciated.weak password on for the icecast admin page? i.e. at your_server:8000/admin since they ask for the WP login, it seems that they havn't come that far with their hack... if you want to be sure, re-install the whole box and apply all updates. bests, u.
I would make sure the admin password to your Icecast server is changed to a complex one that has a mix of upper and lower case letters and numbers. I would also make sure you have a firewall on your server and have only the ports you need open. All other ports should be closed. I also use a program called fail2ban that will block an ip address after so many failed login attempts. Larry From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Hannah Carroll Sent: Tuesday, April 12, 2016 12:51 PM To: icecast at xiph.org Subject: [Icecast] Ice cast Hacking Hello, The station I run using ice cast keeps being targeted by a hacker. They manage to kill and start our stream at there own will. They have messaged us through a fake Facebook account telling us that they are hacking us and that in order for it to stop we need to give them our Wordpress admin, this was obviously never sent over. Any suggestions on how to stop and defend these attacks would be highly appreciated. Kindest Regards Hannah Carroll -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.xiph.org/pipermail/icecast/attachments/20160413/e5dda4b9/attachment.html>