Abyss web server - trying to record my screen - anyone know what the device is and does?

evolusic
evolusic Member, Beta Tester Posts: 6
First Comment Photogenic
edited November 21, 2019 in Devices & Security #1
VioletChepilRobin_from_FingCiaranhanyfthysnwsyhsban

Answers

  • VioletChepil
    VioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    hi @evolusic
    Thanks for this screenshot. Hopefully we can help. How do you know they were trying to record your screen?
    @Marc @kltaylor @Pixelpopper @Hronos @Crowgrandfather - any ideas about what this device may be? 
    I'll take a look around too.

    Community Manager at Fing

  • VioletChepil
    VioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    I've found this online: https://aprelium.com/abyssws/ 

    Anyone have any ideas about what this would be used for? 

    Abyss Web Server is a compact web server available for Windows, Mac OS X/macOS, and Linux operating systems.
    Despite its small footprint, it supports HTTP/1.1, secure SSL/TLS connections (HTTPS), automated provisioning and renewal of free certificates from Let's Encrypt® (ACME v2), IPv6, on-the-fly HTTP compression, dynamic content generation through CGI/FastCGI scripts, ISAPI extensions, native ASP.NET, HTTP/HTTPS/WebSocket reverse proxying, eXtended Side Includes (XSSI), custom error pages, password protection, IP address control, anti-leeching, bandwidth throttling, and log rotation.
    It also features an automatic antihacking system as well as a multilingual remote web management interface that makes its configuration as easy as browsing a web site.

    Community Manager at Fing

    Prootwadl
  • VioletChepil
    VioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    @evolusic - I've just modified the title of this discussion a bit to try and get more help with it from anyone familiar with Abyss web server. 

    Community Manager at Fing

  • Crowgrandfather
    Crowgrandfather Member, Beta Tester Posts: 70
    5 Answers 25 Likes 10 Comments First Anniversary
    ✭✭✭

    zyxel.com is a serious of network security appliances apparently. I'd never heard of them before but their website has a bunch of products listed including things like managed switches, routers, and firewalls.


    There's really not much to go on with this post. Can we get a MAC address and an IP address?


    And a description of what you were observing that made you assess this device was recording your screen?

    VioletChepil
  • Marc
    Marc Moderator, Beta Tester Posts: 2,665
    1,000 Likes 2500 Comments 100 Answers 250 Awesomes
    ✭✭✭✭✭✭
    If you have the IP address of the device, http to it over that port.  Example, from your web browser type in http://a.b.x.y:9999 where Abxy is the actual IP address.  That might tell you what it is. 
    Thats Daphnee, she's a good dog...
    VioletChepilPaullombardi2301
  • Hronos
    Hronos Member, Beta Tester Posts: 289
    100 Likes 100 Comments Second Anniversary 25 Awesomes
    ✭✭✭✭
    Yes, Zyxel is a brand of networking gear, I suppose @evolusic router it's from that brand, and that service could be a way the router/brand manage "remote management", because "lb130" could be a custom host, pointing to it's public IP address... if you do not use that, you should disable it at the router and close/block the port from been access from outside your network.
    Keep looking up!
    VioletChepil
  • Crowgrandfather
    Crowgrandfather Member, Beta Tester Posts: 70
    5 Answers 25 Likes 10 Comments First Anniversary
    ✭✭✭

    It's not open from the outside. I checked. My best guess is that it's a webpage for the router admin interface.

    Hronos
  • [Deleted User]
    [Deleted User] Posts: 0
    100 Comments 25 Likes First Anniversary Member of the Month
    ✭✭✭
    @evolusic - zyxel, as previously mentioned, produce numerous security devices. Do you have any on your network i.e. security cameras as they run a server to send/capture images (my Wi-fi Camera uses a web server). Also if you have any other security sensors connected to your network that could be what you’re seeing. Are you getting a message to tell you that the server is trying to do a screen capture, if you are then that would be very suspicious.
    download and run “malwarebytes” on your computers (All of them) to ensure you haven’t picked up any malware.
    MarcVioletChepil
  • Prootwadl
    Prootwadl Member Posts: 4
    First Comment Photogenic
    edited November 22, 2019 #10

    I'm quite familiar with Abyss. I've been using it internally at my work to host a DokuWki instance for documentation, and I've also used it to serve a number of other web pages, handle some basic Perl and PHP stuff, etc. It's a very nice little server, runs under windows and Linux, and has a nice GUI for administration.

    It's a relatively harmless piece of software. A small, lightweight, and fairly capable web server.

    VioletChepil
  • Prootwadl
    Prootwadl Member Posts: 4
    First Comment Photogenic

    An additional comment.

    The Abyss web server doesn't have any screen recording functionality. It simply presents web pages, and will also handle certain things like Perl and PHP if you've got pages with embedded code. But it doesn't do anything at all like screen scraping.

    If something like that is occurring, it would be a function of your browser or perhaps something on the site that the Abyss server is presenting to your browser.

    The server itself isn't responsible for what various server or client side scripts are doing as such, at least outside of normal security considerations. Like Apache and other similar pieces of software, it provides a script execution environment, but it does not directly provide or execute the code. That would be the site author and the underlying script engine respectively.

    VioletChepil
  • VioletChepil
    VioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    edited November 22, 2019 #12
    Wow thanks a lot all!
    Let us know @evolusic

    Community Manager at Fing

  • evolusic
    evolusic Member, Beta Tester Posts: 6
    First Comment Photogenic

    Wow so thank you what a response ! I do appreciate it . To further explain the screen recording incident ,I sat down at my iMac and when I logged in immediately a message said “sh” Is asking to record your screen I said no and while I’ve had weird stuff happen I was never concerned now I am looking back at all the odd things and like a hypochondriac on web MD I started looking at hacking stories and seeing the worst case scenario. I don’t know what I’m looking at and an activty monitor screen can be a dangerous thing to a person in a panic with all the Nefarious sounding words like daemon, syslogd ,spindump,trustd,sysextd,ath......so that’s a AMPDevicesagent......these things are most likely normal but why do half of them end in “d” user root means? UHG .....so basically I need to learn ......a lot and not freak out ....I have malware bytes and use it , I don’t know anyone contact wise “sh” but it also occurred to me I have a problem with someone hopping on my iPhones hot spot ......may be a neighbor prying or something ? I do appreciate the answers and direction a lot so I’ll ask just one more and if I get an answer it will most likely be the most important ! Where can a 40 yr old average technical ability person learn about the actual workings of our digital world ? Like languages terms and knowing what’s actually possible and can and does happen? Hope you have a good day everyone!

  • VioletChepil
    VioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    Thanks @evolusic - maybe we should start up another thread.
    What are some Key signs that your mobile is being hacked? And then I can facilitate some experts to add their input for you. What do you think?

    Community Manager at Fing

  • webwolf
    webwolf Member Posts: 21
    10 Comments 5 Agrees First Anniversary 5 Likes
    ✭✭

    I just installed a new tp-link IP camera, it uses that port and web server. Do you have such a device installed?

    It would ask for screen recording access on your mobile because the camera itself can record. I know it's a bit fluffy but I've disabled such permissions before and the camera stopped displaying on my mobile / crashing the app!

  • [Deleted User]
    [Deleted User] Posts: 0
    100 Comments 25 Likes First Anniversary Member of the Month
    ✭✭✭
    webwolf said:

    I just installed a new tp-link IP camera, it uses that port and web server. Do you have such a device installed?

    It would ask for screen recording access on your mobile because the camera itself can record. I know it's a bit fluffy but I've disabled such permissions before and the camera stopped displaying on my mobile / crashing the app!

    If you are installing a camera then it’s highly likely that the issue is one of terminology rather than a security risk. The fact that you’ve lost all functionality suggested that the app & camera need the permissions you’ve disabled to enable them to operate correctly. A quick “google” for your camera/issues should provide the information you need. I know some system messages can be quite alarming but you should expect warnings  when installing a new device and it’s associated software.
    webwolf
  • webwolf
    webwolf Member Posts: 21
    10 Comments 5 Agrees First Anniversary 5 Likes
    ✭✭
    edited April 6, 2020 #17

    Agreed, I think Android (Google) (assuming it's Android in the OPs issue) should resolve this in the OS. Recording the screen and displaying video from a recording device has a huge discrepancy. The hardwares functional requirements may be the same which explains the high level permission requirements but presents a real issue for laymen not understanding the apparent risks or lack of.

    I see this a lot where people are complaining that an app shouldn't need access to xyz permissions but it's mainly an issue with terminology and a lack of granularity in the permissions of Android.

    My question was more to the op to see if they did actually have an IP camera installed as I have. I only installed it recently and noticed it showed up in fing with no details at all. Elimination would indicate that it's the IP camera and running that hosting software.

    IoTs are a nightmare... They always seem to have cloud connectivity and no option to disable it and Strange permission requests but no obvious explanation in the app description or manual to specify why exactly it needs those permissions.


    PS: just noticed in the last response from the op it's an iMac. I don't know Apple very well but I'm assuming they operate fairly closely to the model that Android use with permissions. There's such a long way to go to secure end user devices at the operating system level and provide more useful feedback of events...

    [Deleted User]