Wowza-Server in old Flashphoner 2.1 open for everyone?

[marcw]

Hello!

On one server there is the meanwhile very old FP 2.1 running since ages. This year I got a second time an abuse message from my data center owner. Someone complained that there were live streams distributing sports streams from a portuguisian tv broadcaster. There first time I simply answered with "That's bullshit." (surly written in more polite words). The second time I thought that I should have a deeper look onto the server and I found some Wowza streams wich potentially do not belong to my streaming service. My questions: Is it possible to log into the Wowza-Server without knowing the server's root passwort? And if so, how can I prevent others from using it?

Thank you and best regards,
Marc

 

[Max]

Good day.
Flashphoner 2.1 is very old and obsoleted. We can't even test it right now. So we recommend to deploy a new instance with latest 5.2 if a security issues persist.

 

[Max]

Also Wowza is not a part of Flashphoner 2.1. Maybe you've installed Wowza server by yourself. In this case, you may try to update Wowza to recent version and refer to Wowza documentation for security setup.

 

[Max]

Hello

We have double investigated your report.

1. Flashphoner has never contain Wowza server inside.
2. Flashphoner 1.x was an add-on (extension) for Wowza in a form of jar file.
3. Flashphoner 2.x was a standalone RTMFP-SIP server without any dependencies to other media servers.

It seems you have a standalone Wowza installation on your server.
And someone stream video through your Wowza server.

Options:

1. Shutdown Wowza server at all if it is not used.
2. Ask Wowza support how to restrict publishing streams. Or try via admin panel.

Your questions:

1. Is it possible to log into the Wowza-Server without knowing the server's root passwort?
Yes. Anyone can stream via your server if you didn't restrict (authenticate) publishing streams.

2. And if so, how can I prevent others from using it?
See Option 2.

Recommendations:

ps aux | grep java

Check what processes are running.

netstat -nlp | grep 1935

Check what process uses TCP port 1935 (RTMP).

kill PID

Stop process if you are sure this process is not used in your app

 

[marcw]

Sorry that I am coming back so late. I really appreciate your deeper investigation! I get

root@sipper1 ~ # netstat -nlp | grep 1935
tcp6 0 0 :::1935 :::* LISTEN 1496/java
udp 0 0 0.0.0.0:1935 0.0.0.0:* 27669/java

so I think I should kill 1496 as the second port (as far as I know) is the port for udp flash streaming.

Thank you so much!
Marc

 

[Max]

so I think I should kill 1496 as the second port (as far as I know) is the port for udp flash streaming.

Yes, seems like you should stop this process.