Pi-star security consideration

The Universal Plug-and-Play service is scary as heck! I always disable it on any devices I have connected to my network for exactly the reason Martin ran into.

Many people don't understand what the difference is between the Public and Private options in Pi-Star. The fact that Pi-Star is poorly documented is a big part of the reason for that.

I only have DMR enabled on my Pi-Star hotspots and I have 4 different sets of Public/Private radio buttons. Each one performs a separate function. With the exception of the Public/Private radio buttons for "Node Type", the rest are for automatically modifying the firewall policy on Pi-Star and controlling the UPNP commands that are sent to your firewall/router. Pi-Star runs a built-in host-based firewall called "iptables" which is the de-facto firewall in most Linux distributions.

Manually Edit Pi-Star Hosts File - How to edit Pi-Star DMR_Hosts.txt file

Manually adding or overriding repeaters and reflectors in the hosts files

Pi-Star updates the lists of reflectors and repeaters stored in the hosts files (/usr/local/etc) nightly, but there may be times when you want to use one that isn't listed or override an incorrect entry. In this case, you can add it manually to the override hosts file in the /root directory, which is the root user's home directory. Once you've done this, you can run a regular Pi-Star Update without losing your changes.

Pi-star Captive Portal default remote password

Pi-star Captive Portal default remote password



The default Pi-star Captive Portal remote password is in Configuration <-> Expert <-> ircDDBGateway <-> at the end of the page and is In the remote password field.

Pi-star Captive Portal default remote password

Setup Pi-star WiFi captive portal

New to Pi-star 4.1.1 and plus versions is the WiFi captive portal, so how does it work and how to set it up.

A Captive Portal is a screen that will be shown initially to anyone who connects to your Wi-Fi Access Point. Before they can begin utilizing the Wifi connection, they will need to complete an action, until then, the captive portal will continually greet them.

You can display whatever you want on the captive portal, so it can be highly useful if you are going to lay out some ground rules to using your Wifi access point before a user gains access to it or whether you will require them to log in before getting access.

Pi-star security vulnerability

My Jumbospot based hotspot had been running continuously for weeks without problems, then I noticed that it had begun hanging most nights. This carried on for a couple of weeks with me trying out various configuration changes without success. Then I logged in via SSH one evening and got a "disk full" error message referring to "/var/log". When I checked, I found that the "auth.log" file had grown to fill the entire "/var/log" partition. Viewing it revealed that my hotspot was under continual attack from the internet - bots around the world were flooding it with login attempts with random user ids and passwords on a range of port numbers and protocols!

Port settings to remotely access pi-star

which ports need to be forwarded if I do want to remotely access pi-star?
73 de Arnie W8DU

Amateur radio: SSH Updating hotspot firmware via Pi-Star

Firmware release notes on GitHub: ZUMspot/MMDVM_HS
  • Log into Pi-Star via SSH.
  • Run a Pi-Star Update:
  • sudo pistar-update
  • Note: If there's anything unusual about the update process, for example, if there are unusual error messages or it finishes with a "mount: / is busy" message, it might be a good idea to rerun the update and also to reboot before proceeding:
  • sudo reboot
  • Run one of the following commands:
  • Note 1: It isn't necessary to first put Pi-Star into read-write mode (rpi-rw); the script takes care of that.
  • Note 2: When you first enter one of the following commands, you'll see a message showing the current version of firmware that is installed on your hotspot, for example:
  • MMDVM_HS_Hat-v1.3.3 20180224 ADF7021 FW by CA6JAU GitID #d90263f
  • Press any key to write the hs_hat firmware to this modem or Ctrl-C to quit…
  • If you press any key to continue, the next thing you'll see is a message about the new version of firmware that is being installed, for example:
  • Flashing your hs_hat modem to the latest version
  • --2018-05-23 08:41:20-- http://github.com/juribeparada/MMDVM_HS/releases/download/v1.3.6/ install_fw_hshat.sh

    Download Update your hotspot! Pi-star Version 4.1.2 released (Video)





    Select : Configuration / Logon


    Select : Upgrade

    Or
    Downloads : https://www.pistar.uk/downloads/

    Pi-star Scraper and statistics using tools like Grafana

    Pi-star Scraper and statistics using tools like Grafana
    Python script to get data from the Pi-Star Dashboard and store it to InfluxDB

    you might also be interested in something I set up recently: a script which scrapes the Pi-Star dashboard regularly and puts the data into a database. With this, I have an unlimited activity history and can do nice statistics using tools like Grafana.

    Pi-Star security vulnerability

    ... have you opened it up to the outside world?

    My Jumbospot based hotspot had been running continuously for weeks without problems, then I noticed that it had begun hanging most nights. This carried on for a couple of weeks with me trying out various configuration changes without success. Then I logged in via SSH one evening and got a "disk full" error message referring to "/var/log". When I checked, I found that the "auth.log" file had grown to fill the entire "/var/log" partition. Viewing it revealed that my hotspot was under continual attack from the internet - bots around the world were flooding it with login attempts with random user ids and passwords on a range of port numbers and protocols!

    Pi-star Public Wifi Access auto authentication w//NO Mobile Phone

    Pi-star Public Wifi Access auto authentication w//NO Mobile Phone
    Pi-star MMDVM hotspot Jumbo hotspot and Public Wifi Issue

    Many public / guest Wi-Fi connections require a web browser to register for security reasons. Then a temporary password is issued, also a username.  Example; McDonald’s, Starbucks, Timhortons.

    The pi-star wifi configuration is provisioned only for a password or paraphrase.

    I have tried entering the temporary password that I acquired using my smart phone with no success.
    I have no problem connecting to my home router or friends and relatives Wi-Fi, but no joy in connecting to these other guest Wi-Fi’s.

    Is there a workaround for this or any suggestions?
    Since the pi star has no built in browser I am aware of.

    Pi-star Modem Log File

    To display the Pi-star Modem Log file in the browser, enter the following.

    Add the following URL to your PiStar into your browser

    Example:
    http://pistar.local/admin/download_modem_log.php
    /admin/download_modem_log.php