• The forum software that supports hummy.tv has been upgraded to XenForo 2.3!

    Please bear with us as we continue to tweak things, and feel free to post any questions, issues or suggestions in the upgrade thread.

Just a security heads up

J

jack616

Member
as my online monitoring has revealed a continuing uptick in certain activities I just
thought I'd give a heads up of recent reports on a specific issue

a third party site reports:
" News
By Sead Fadilpašić published 10/06/2025

Mirai operators are hunting for new devices, experts warn... "

As I have seen this attack (log start as ) "POST /device.rsp?opt=sys&cmd=_S_O_S_T_R_E_A_MAX"
on 3 of my online linux servers I thought I'd mention it. Be careful people.
Use duckduck if you want further info.
------------------------------
 
;-) ... Just a note that specific work is going into certain types of devices ...
But then again -anyone using windows past V7 doesn't have a firewall either
no matter what they do anyway. But DVR's are becoming the target of choice
right now it seems.
 
Affected devices are TBK DVR-4104 and DVR-4216 (CCTV recorders). If the attack request reaches a LAN with a CF HD/R Fox T2, this just happens:
Code: 
$ curl -v --data '' 'http://humaxhdr.local/device.rsp?opt=sys&cmd=_S_O_S_T_R_E_A_MAX'
*   Trying x.x.x.x:80...
* Connected to humaxhdr.local (x.x.x.x) port 80 (#0)
> POST /device.rsp?opt=sys&cmd=_S_O_S_T_R_E_A_MAX HTTP/1.1
> Host: humaxhdr.local
> User-Agent: curl/7.88.1
> Accept: */*
> Content-Length: 0
> Content-Type: application/x-www-form-urlencoded
> 
< HTTP/1.1 200 OK
< Content-Type: text/html; charset="UTF-8"; no-cache
< Expires: -1
< Connection: close
< Pragma: no-cache
< Cache-Control: no-cache
< Refresh: 5; url=/
< Transfer-Encoding: chunked
< Date: Thu, 03 Jul 2025 10:46:06 GMT
< Server: Humax
< 

<... WebIf homepage HTML ...>

* Closing connection 0
$
So no worries there.
 
Thanks for that. I expected our Hummies would be too smart/dumb to respond in the required manner.

I suppose the specific target devices are programmed with a "_S_O_S_T_R_E_A_MAX" executable for some reason, which does something convenient for hackers (and perhaps Chinese overlords).
 
Why anyone thinks a custom web interface for a Humax box is going to respond to some hack for a TBK DVR is beyond me though.
But the OP seems to have form about posting vague, unsubstantiated, irrelevant rubbish.
 
Oh dear... Are you all having a rachael reeves day today?

The point being made was new specific TYPES of devices are being targetted with more than normal
interest - but by all means carry on pretending you're immune from interest.
 
You've posted in the HDR-FOX section of the forum. If you intended this to be information non-specific to HDR-FOX, you should be posting in the relevant section or Hummy Arms. The context is gleaned from the forum subject area, so it's your own doing.
 
You must log in or register to reply here.
Back
Top