Seedit4me News, special category
| admin |
Posted 8 months ago | Updated 6 months ago
Over the last week we have been getting a handful reports from users getting randomly banned from private trackers, while somehow their content from sonarr/radarr and prowlarr was being deleted. We have investigated the issue and found that a small number of clients are using custom ports (found in the advanced area of your dashboard) to expose web GUIs of Radarr, Prowlarr (all the *arrs) to the public without any authentication or other security measures.
While you can use it to link your server to external apps, you are basically bypassing the authentication setup on your seedbox. Certain tracker staff who find insecure seedboxes are wiping configs and data to teach lessons to users as well as banning their accounts with them. While we disagree with these practices, there isn't much we can do to prevent this, seeing how these seedboxes are bypassing our default secure setup.
If you are running a custom port setup, make sure that you enable password protection: Settings -> General, then Security: change Authentication to "Basic" ("Forms" only works with Sonarr ).
Please note, this only affects clients using custom ports to bypass the basic auth login. If you do not have custom ports added turning on Basic auth will stop you being able to access your app as it already had our own basic auth enabled by default . Any seedbox that is not properly secured, regardless of provider, is currently being targeted by these individuals.
Anyways, have fun and keep your shit together :)
| veillerguise |
Posted 4 months ago | Updated 4 months ago
Can you post the steps of what not to do to bypass the authentication setup? For research purposes of course.