![]() ![]() ![]() Sonarr will now prefix every request to both ports with the provided Base-URL so we can make it work with a Reverse Proxy. The default ‘ SSL Port Number‘ isn’t relevant as Sonarr/Radarr will be listening on both ports.If you haven’t already, change the ‘ URL Base‘ to ‘ /sonarr‘.In Sonarr/Radarr, go to Settings > General and click on the toggle next to ‘ Advanced Settings‘ so it says ‘ Shown‘.It is for educational and awareness purposes only.Configuring Sonarr/Radarr to use Let’s Encrypt SSL (HTTPS) This video is not encouraging the use of Shodan to hack or use this data for malicious purposes. The IP addresses from the search query are a small portion of the potential targets a bad actor could attack. ![]() You might be lucky and someone may try and alert you to the issue before someone else with less good intentions comes along but this video demonstrates what is open and out there now. Remember, if something is wide open and accessible on the internet, it is not a case of if it’s when it will be discovered and breached. By doing this, you will also hide yourself from services like Shodan as they will be unable to connect to your origin IP without going through Cloudflare first which they cannot map in the same way. You can also have your firewall block any traffic that’s not from Cloudflare to have better traffic flow control. If you want to have web based services externally available, consider proxying this traffic through Cloudflare to avoid having your origin IP exposed. In addition you are also potentially exposing your origin IP which makes it a target for any port scanning tool to find. This would mean only having one single port forward rule and allowing you to minimise externally exposed services. When needing to expose applications using HTTP/HTTPS, the preferred scenario would be to have a load balancer/reverse proxy running on TCP 443 with SSL/TLS configured, this setup would route traffic accordingly based on hostname using SNI to other internal services without exposing them directly. You can see from the search data that changing the default port from TCP 8989 won’t help you. Port forwarding without proper security is extremely dangerous. Instead, consider using more robust access methods such as a VPN or reverse proxy (Apache, NGINX, Caddy etc) with some form of authentication management in front. Better yet, do not directly expose Sonarr to the internet at all. If you have, at minimum enable authentication (it is off by default). If you haven’t ever forwarded any ports before you are likely safe. The important point to highlight is make sure your Sonarr install is not wide open on the internet. The Shodan CLI commands used are trivial and only expose what is already publicly available to anyone else. Someone acting with even more malicious intent could even go as far as deleting entire media libraries as well, given there is no access control. By having something like Sonarr completely open on the internet, it can act as an entry point into other services. Plex (via credentials or auth token), Download clients, Indexer API keys, notification services API keys as well as dumping the entire SQLite database for harvesting all of this information from. Realistic scenario: Assuming the role as a bad actor, by using a few Shodan CLI commands, this data could be leveraged to harvest API keys from Sonarr installations and any connected services e.g. This is very dangerous considering Sonarr usually has read/write access to storage locations and is often connected to a variety of other services. Using a basic http.title search query with a not condition to remove Sonarr installs that do at least have the built-in authentication enabled (the http.title value will contain the word Login), we can find over 1,000 Sonarr installations (both v2 and v3) that are completely wide open right now. We can do this using the http.title value from the banner. These however may not all be completely unprotected, so we must adjust the query to filter down to those which are open with no authentication. Starting with a basic query we find there are over 2,000 indexed installs in Shodan at the time of recording. The video demonstrates how easy it is to find open Sonarr installations ( ) currently accessible via the internet with no authentication. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |