I got hacked

Of course its got a strong password as i already stated. I have not been hacked or compromised.

I had left the guest mode enabled once and I had some kind of exe and some file in each folder , I had to scrap the entire files for fear of stolen data and rebuilt the content , again it gave me room for learning and segregating yaml’s in a better way . These days I keep the samba addon disabled as I only edit once a while and only when at home.

Look at Syncthing instead. :wink:

I’d be very interested in a pen testing tutorial.

I use winscp.

that is very helpfull to.

Hi,
Just checked SHODAN and thre is stil lots of people with their HA not secure.
even with cameras and password for the google accounts …
mqtt also needs to be secured as most are wide open.

They probably don’t all read this forum.

How is MQTT wide open? Are people opening MQTT port on router? It’s only accessible on local network for most people I would have thought?

Yep. They want owntracks etc…

I’ve tried sucessfully with MQTTFX (client ) and see their topics and payloads.
left them a note to protected themselfs on the secrets.yaml

some guy even had the passwords for the cctv cams of his store.
:frowning:

How are you writing to their secrets file?

Are they leaving the damn SMB share open?

… yep … wide open

I’m at a loss for words.

… it’s a complete mess … at the end , they will suffer in a tragic way.
i guess they never watch the wannacry episode :slight_smile:

and they are not alone
https://www.shodan.io/search?query=smb

Should use cloudmqtt and bridge for external mqtt

Yes. I know this. I don’t open my home MQTT server. That’s stupid. I bridge to my own instance that’s secured

1 Like

But none of this is home assistant’s fault, home assistant does not open your LAN to the world. People do that all by themselves.

1 Like

My comment was a bit short - it was more for the forum than targeted at you :slight_smile:
Good that you are.

For the forum there is good info on how to bridge to a cloud hosted mqtt such as cloudmqtt.
e.g.

1 Like

Exactly. None of this is at the hands of the developers

2 Likes

Its true. You can lead a horse to water, but you can’t make it drink.
Still there is an opportunity here IMO for a “securing your HA” wiki page and pinning it everywhere :slight_smile: