 Notice. New forum software under development. It's going to miss a few functions and look a bit ugly for a while, but I'm working on it full time now as the old forum was too unstable. Couple days, all good. If you notice any issues, please contact me. |
Forum Index : Microcontroller and PC projects : Pi-comite: full webserver in MMBasic
  Page 2 of 2 |
|||||
| Author | Message | ||||
led-bloon Senior Member  Joined: 21/12/2014 Location: AustraliaPosts: 208 |
I cannot tell a lie .. twas me see the page and can switch on/off etc What's up? don Miss you George |
||||
| WhiteWizzard Guru  Joined: 05/04/2013 Location: United KingdomPosts: 2959 |
Thanks led-bloon  Were you using the IP or the whitewizzard.... in the URL? |
||||
| led-bloon Senior Member Joined: 21/12/2014 Location: AustraliaPosts: 208 |
I used the IP address will try the URL now One thing I must say... general info to all here running any program as root (sudo) on the internet is VERY dangerous especially if your id/password is pi/raspberry Minimum should be change the password! Better to create new id/password in pi group. Best is DON'T run any program as root when connecting to the internet! Miss you George |
||||
| Phil23 Guru Joined: 27/03/2016 Location: AustraliaPosts: 1667 |
Same result from down in AUS, I get a timeout with either the IP or DNS name. Phil. |
||||
| lizby Guru Joined: 17/05/2016 Location: United StatesPosts: 3464 |
Don't know if you have taken the site down now, but I've not been able to connect to either address. PicoMite, Armmite F4, SensorKits, MMBasic Hardware, Games, etc. on fruitoftheshed |
||||
| WhiteWizzard Guru Joined: 05/04/2013 Location: United KingdomPosts: 2959 |
Thanks guys for the feedback. It was just a quick test to check my initial setup; all is 'offline' again. Now need to get to the next stage of my master-plan!  |
||||
| WhiteWizzard Guru Joined: 05/04/2013 Location: United KingdomPosts: 2959 |
I will be back in the next couple of days with another 'plea for help'. Must tighten up my security too as mentioned by Led-Bloon (I don't want an IT issue like British Airways has suffered today with!) |
||||
| WhiteWizzard Guru Joined: 05/04/2013 Location: United KingdomPosts: 2959 |
Does the above apply only if SSH is enabled (and the port known)? I am curious as to what is achievable by a hacker if they find an open port that is not anything to do with SSH. Just a few hours Googling seems to imply that with SSH disabled, all is safe Thanks for any comments . . . . WW |
||||
| led-bloon Senior Member Joined: 21/12/2014 Location: AustraliaPosts: 208 |
Nothing to do with open ports .. if hackers can break your program (eg buffer overruns with unpredictable results), hackers then probe your program, with this knowledge, to gain access as superuser of the system running their own code (or something like that). Not being a spurt not sure how, but certain it can happen. Perhaps some fiendish hacker can enlighten us?  Miss you George |
||||
| WhiteWizzard Guru Joined: 05/04/2013 Location: United KingdomPosts: 2959 |
Thanks led-bloon for your response. So taking it further. . . Can I ask all you Linux / Raspberry Pi experts out there whether you believe there is any risk with the following setup: 1> a RPi (Pi-croMite) on my LAN with SSH disabled 2> a 'new' RPi login password (i.e. other than 'raspberry') 3> Port forwarding on my Router to a pre-defined Socket (as set/required in MMBASIC for remote access) 4> An MMBASIC web-server running on the Pi-croMite (allowing remote control/sensing of I/O pins) I am curious to know what a hacker can infiltrate. Could they get onto my LAN in any way-shape-or-form? Peter: Is there any other Ports that are open in the background 'workings' that could cause a security risk? Sorry for all the questions, but I need to be sure before exposing my intended solution to the public!  WW |
||||
MicroBlocks Guru Joined: 12/05/2012 Location: ThailandPosts: 2209 |
MMBasic for the Pi has a system command that could be abused, but if you do not include it in your own Basic program then that 'hole' does not exist. Of course never let anyone be able to access the console of the mite. Hackers only can do something with your Linux environment. But that should be preventable by using a firewall/port forwarding in your router. As long as you have no ports open to the internet your ok. Opening only a specific port to your Basic program can not do any harm, worst case is trying it to fail which could cause havoc if it is doing something important like controlling your heater. :) Microblocks. Build with logic. |
||||
| WhiteWizzard Guru Joined: 05/04/2013 Location: United KingdomPosts: 2959 |
Thanks MicroBlocks (hope you're keeping well )Sorry for the dumb question, but by this are you referring to Port 80? Any clarification appreciated. |
||||
| WhiteWizzard Guru Joined: 05/04/2013 Location: United KingdomPosts: 2959 |
Is this 'common' knowledge? Curious now as to what that command (or commands) is/are. PicroMite has the SYSTEM command itself to execute CLI commands - does this cause an issue in your opinion? So many questions going around in my head as this is all new to me. Bottom line I guess is could someone effectively get into the MMBASIC code (remotely) and change/view it and/or control my I/Os? Like you mention, this could be disastrous . . |
||||
| MicroBlocks Guru Joined: 12/05/2012 Location: ThailandPosts: 2209 |
Most hacking happens on known ports and with known programs that respond to those ports. For instance port 3389 is remote desktop on windows pc's, port 25 is an smtp server, 80 is a webserver etc. A 'robot' will just scan computers on those ports, determine if it is open, has the known program running on it so that it can apply the right 'hack'. With a mite running on port 80 it will be unknown and maybe something is tried but will be unsuccessful. Unsuccessful in the sense of 'hacking', meaning taking control of your device and let it do things that are beneficial for the hacker. If the program running on the mite is not robust it can happen that it stops working. Depending on what runs on the mite it can be a problem or no problem at all. If you make the console of the pi available over internet, you do need to worry as listing the program, figuring out what it does would not be that hard. But that requires you to have the console RX/TX lines connected to the outside world through a proxy(TCP <-> serial). If you have a program running that you can access over the internet, always assume that others can too. If you can control pins with that program, basically you give that control to anyone who gains access. A simple password can help. Using a different port then 80 will help, allowing only connections from certain computers (ip addresses) will help. The more barriers the better. Microblocks. Build with logic. |
||||
| lizby Guru Joined: 17/05/2016 Location: United StatesPosts: 3464 |
This is fairly common knowledge in the linux world. The most frequently given example is a simple linux/unix command which erases your hard drive--but other commands could gain control of your computer. The PicroMite SYSTEM command does not expose the danger so long as "guests"/intruders do not have access to the command. It would be very dangerous practice to allow someone from outside to run the SYSTEM command, but, as MicroBlocks suggests, if you don't give them access to the console, and don't let them run system commands of their own devising, you should be quite safe. If users are allowed to enter data, it might be possible (for instance, with buffer overruns), for them to break your program, but since they don't and wouldn't have console access, they wouldn't have access to the R-Pi command line, and so couldn't gain control of anything. The watchdog timeout could allow your program to restart if broken--just as if a bug is encountered. (Not a linux guru--just my understanding.) PicoMite, Armmite F4, SensorKits, MMBasic Hardware, Games, etc. on fruitoftheshed |
||||
jman Guru Joined: 12/06/2011 Location: New ZealandPosts: 711 |
@WW If you are really nervous about internet connected gear then the best way is create a DMMZ (Basically a separate Lan) for internet facing devices. Then your firewall prevents traffic from and to your normal Lan. This way if a device is compromised only that device or the devices on in DMZ are at risk and you Lan is safe.  Regards Jman |
||||
| WhiteWizzard Guru Joined: 05/04/2013 Location: United KingdomPosts: 2959 |
Hi Jman, That makes sense, but how to make two LANs with one router? I will Google and see what I can find out. It is not so much a case of being nervous, but more about curiosity as to whether the LAN is 'exposed' in the above setup. EDIT: sorry - predictive text changed your name! |
||||
| Phil23 Guru Joined: 27/03/2016 Location: AustraliaPosts: 1667 |
Another alternative is to create a 2nd Subnet with a 2nd router. For not a lot of cash you can end up with 4 ports & a Wifi connection in the work area. I do this in my work area so clients computers never sit on my subnet. Just configure the 2nd routers Wan port as a static IP on the 1st LAN & set it's gateway to point to the primary router. Phil. |
||||
| Page 2 of 2 |
|||||
 Print this page |
 |
The Back Shed's forum code is written, and hosted, in Australia. | © JAQ Software 2025 |
