[Icecast] Icecast exploits?

[Jack Elliott]

Hi,

Our radio station has an Icecast server running on a Raspberry Pi. Some 
of the radio hosts stream their live shows to the server to be put on 
the FM broadcast.

A couple of days ago I saw that someone was connecting as a 
source-client repeatedly, every 15 to 20 minutes for about two minutes, 
then disconnecting, then after another 15 or 20 minutes, connecting 
again then disconnecting. After 24 hours there had been over 160 
connect/disconnect events. No audio was sent, just connect/disconnect. I 
tracked the source to a StarLink IP address, so it could have been from 
anywhere in the world.

After some investigation we found that one of our radio hosts had 
forgotten to turn off her source-client (Audio Hijack) and it was 
responsible for the robotic connect/disconnect dance.

While investigating I naturally thought that the source password might 
have gotten into the wrong hands and perhaps some evil person was 
attacking the Icecast server. Fortunately, it was not such a problem.

But I ask if there is any history of someone with the source password 
hacking into the server computer to do Bad Things?

Thank you!

-- 
Jack Elliott
Director of Classical Music Programming
High Desert Community Radio
KPOV Bend, Oregon