Ich habe eine Benachrichtigung von Michael Herger bekommen, die in meinem Fall (da die beschriebenen Effekte genau passen) wahrscheinlich die richtige Lösung beinhaltet. Ich poste das mal hier:
my name is Michael Herger. I’m the maintainer of Logitech Media Server and author of several plugins for the Squeezebox ecosystem. I recently became aware of a scheme where one of my plugins is being abused to „spy“ on open LMS installations.
I’m writing to you because your LMS seems to be open to the public: your router is forwarding port 9000 (or whatever LMS is using) to the internet. Many of you might have done this to be able to access their music from the office or the road. others might have done it trying to work around some issue. But overall it’s a bad idea. We’ve observed several abuses in the past weeks and months. Unknown visitors:
– set a password on LMS, locking its owner out of his/her own music collection
– changed the web skin
– blasted music at full volume in the middle of the night. And then again five minutes after the owner turned it off. Repeat.
– installed the Gallery plugin and had it scan all folders of all the system’s disks, causing a crash sooner or later, or spying on its content(!)
– could even install their very own plugin to do _anything_ they wanted on your system
Ok, all this just to say: please don’t open your LMS to the internet. Edit the router configuration to stop forwarding port 900x (and 9090, 3483 if they’re open). Uninstall LMS if you no longer use it (it comes pre-installed with some NAS devices).
If you still want to be able to access your music collection from the road, use a VPN connection. See eg. the following how-to, by user pippin (of iPeng fame):
Please feel free to get in touch with me should you have any questions.
Ichhabe nun den Port 9000 geschlossen und hoffe, dass ich damit das Problem endlich gelöst habe.