Add a notation to a music on Kodi through internet

haplo · May 23, 2020, 12:08pm

Hi,

First, I’d like to congratulate the developers of Yatse. I use the free app since 1 year at last, and I bought the pro app last week, this app is wonderful!

I have a raspberry pi, with Kodi to manage my music. I have 2 hosts in Yatse for this raspberry pi :

One on my local network
One with my router’s ip address, and an opened port on this router.

In Yatse, I have an intelligent playlist, with a notation = 0. I listen to music, and when I like it, I add a notation to this music. The notation goes in a MySQL database. This works perfectly on my local network.

I tested through internet, with my WiFi network off. I can listen to music, but I can’t add a notation to it.

Could you improve Yatse in order to let the user add a notation to music, if he’s not on a local network?

Thanks in advance.
Best regards,
Matthieu Le Gac

Tolriq · April 9, 2020, 3:41pm

Lack details and logs, but Yatse does not care about how you are connected to decide what it does

Furthermore you usually do not need to add 2 hosts, most routers can do reentrant NAT/PAT.

So please give more details and logs about what you are doing and how you configure things.

haplo · April 9, 2020, 3:28pm

Thank you for your fast answer
Sorry for the lack of logs, I thought it was a known problem in Yatse.

For the moment I can’t send you a log, because I just tried to have the same problem… and now I have the star with which I can add a notation to my music ! But I can assure you that before sending this request of a new feature, I hadn’t the star.

I’ll try to do it again, and when I’ll know the procedure, I’ll send it to you, with a log.

Matthieu

Tolriq · April 9, 2020, 3:30pm

Rating from now playing is tied to media center being connected and supporting that. Kodi support that whatever connection way.

haplo · April 9, 2020, 3:40pm

I followed what you said, I found the way to reproduce the lack of star. But it is finally not a real problem, sorry for the inconvenience

I deleted the host in my local network, and kept only the host on my public IP address.

I started a music on WiFi. When the music was playing, I turned off the WiFi. And then, the star disappeared. It appears again when I play the next music. So you see, it’s not a big deal, sorry.

Many thanks for your advices and have a nice weekend!

Matthieu

Tolriq · April 9, 2020, 3:57pm

I’d still need logs to see what happens, the star should disappear for like 10 sec max the time Yatse switch to non wifi interface and reconnect, but then it should be displayed before next song.

haplo · May 23, 2020, 9:35am

Here are the logs.
For the procedure:

Activate the WiFi
Load a playlist
Play a song
Disable the WiFi

The block where the song is playing will collapse, and if you click on it, the star is gone.

Hope it helps.

Matthieu

Tolriq · April 9, 2020, 6:56pm

Thank will try to reproduce and fix in a future release.

haplo · May 23, 2020, 8:16am

Hi,

I’d like to share something with you.
Two weeks ago, my SQL database has been hacked. All of my databases have been deleted, and the hacker created a database in which he wrote that he could restore all of the data in exchange of a certain amount of bitcoins.

I was able to uninstall mysql, reinstall it, restore my databases with a backup, it just took me time, but no money. Now, my mysql installation is secured (the system where mysql is does not secure the installation of mysql, and I left the default mysql port, which was an error).

I wonder if a hacker downloaded the log file is this discussion to hack my system. In the log file, we can easily find my IP address and the opened port on my router.

Do a hacker can use these informations to try to hack a system? If other people have done the same mistakes than me, I think the debug log should not contain the connection informations.

Could you make them unreadable ? I think they are not important in your debug process. You can replace ip address with xxx.xxx.xxx.xxx for example, and the same for the port.

What do you think about it ?
Sorry to explain this in this topic, it should be a fresh new subject. But I wanted to add a comment in the topic where my debug log was.

Thanks in advance.
Matthieu Le Gac

haplo · May 23, 2020, 8:21am

I’d like to add:
I don’t know if the hacker used the log file. Maybe they used another way to get these informations, of maybe it’s just bad luck.

But I think the debug log should not contain the IP address, for security reasons.

Matthieu

Tolriq · May 23, 2020, 8:41am

They do not download random zip files then find what is in the zip file then connect They use scan tools for that, and having mysql directly on Internet unsecured would always ends up like this.

And the logs does not contains your Mysql address at all, I guess it’s the same as your Kodi with port forwarding and no security at all.

Anyway IP is mandatory for debugging, all password and sensitive information is removed, if an hacker can connect with just an IP then you will be hacked no matter what.

Furthermore FAQ and templates explain that you can send the logs by mail or privately here if there’s a privacy concern.

haplo · May 23, 2020, 11:42am

I don’t totally agree with you.

I don’t know where this hackers got my IP address. But neither do you. You can’t prove that nobody got this log file on you forum. Do you?

If some people know that a developer always ask for log files with ip address inside (as you do), I think it’s easier for them to look on this forum than try some ip addresses and a lot of luck.

Yaste is linked to Kodi, which is sometimes linked to Sql.
So if a hacker find an ip address in the log file you ask for, and just try to attach on default mysql port with anonymous user, or I don’t know how, let’s not make him the task easy.

I think that only you need the ip address (I don’t know why you need it, by the way). There is no need to ask for a log file on a forum. You should ask to send toe log file in a mail, or a secured website where only you can get this log file.

One more time, I don’t blame Yatse, I don’t know how the hackers got my IP address. My only goal is to make things more secure.

If you want to discuss about it, we can exchange mails, and if you speak french, it will be easier to understand each other

Matthieu

Tolriq · May 23, 2020, 12:05pm

I actually can prove that the log was not accessed As I have all access logs and even the forum shows a count joined to the file

Then 99,999% of the users do not expose Kodi to Internet as Kodi is fully insecure and I warn about it, then 99,999% of the users certainly do not expose Mysql to internet and even more without proper security.

So while I do understand why you are angry, this is not Yatse’s fault if you have made multiple security errors. Hackers do scan every IP all the time, they do not need some random log on some random website to do that.

Furthermore Yatse default action on log generation is to send them by mail, when you open an issue here there’s a template that also explains a few things that you did remove and ignore

So I’m sorry but I’ll keep on disagreeing Security is not something you invent.

haplo · May 23, 2020, 12:50pm

I don’t know where you read that I was angry. By after your answer, I’m a little, that’s right.

It’s a shale not to care about security…

And inventing some probabilities don’t make them real, too.

Tolriq · May 23, 2020, 1:23pm

I do not invent probabilities this is how hackers work, just document a little about them

And as said your logs was not accessed by anyone but me, and you did not follow the default protocol on Yatse log sending and on securing your network.

What do you expect from me? I’m trying to explain you how things work, you just keep telling me that I should change everything because you where hacked without any relation to Yatse and this forum.

I do not even understand what you are trying to prove.