I got hacked

DavidFW1960 · May 30, 2018, 9:57pm

Of course its got a strong password as i already stated. I have not been hacked or compromised.

Prathik_Gopal · May 31, 2018, 6:02am

I had left the guest mode enabled once and I had some kind of exe and some file in each folder , I had to scrap the entire files for fear of stolen data and rebuilt the content , again it gave me room for learning and segregating yaml’s in a better way . These days I keep the samba addon disabled as I only edit once a while and only when at home.

flamingm0e · May 31, 2018, 6:04pm

Look at Syncthing instead.

mnl1121 · May 31, 2018, 7:10pm

I’d be very interested in a pen testing tutorial.

ReneTode · May 31, 2018, 7:41pm

I use winscp.

that is very helpfull to.

miguelromao · June 3, 2018, 9:30pm

Hi,
Just checked SHODAN and thre is stil lots of people with their HA not secure.
even with cameras and password for the google accounts …
mqtt also needs to be secured as most are wide open.

nickrout · June 3, 2018, 10:19pm

They probably don’t all read this forum.

DavidFW1960 · June 3, 2018, 11:17pm

How is MQTT wide open? Are people opening MQTT port on router? It’s only accessible on local network for most people I would have thought?

flamingm0e · June 3, 2018, 11:24pm

Yep. They want owntracks etc…

miguelromao · June 3, 2018, 11:35pm

I’ve tried sucessfully with MQTTFX (client ) and see their topics and payloads.
left them a note to protected themselfs on the secrets.yaml

some guy even had the passwords for the cctv cams of his store.

flamingm0e · June 3, 2018, 11:37pm

How are you writing to their secrets file?

Are they leaving the damn SMB share open?

miguelromao · June 3, 2018, 11:37pm

… yep … wide open

flamingm0e · June 3, 2018, 11:38pm

I’m at a loss for words.

miguelromao · June 3, 2018, 11:39pm

… it’s a complete mess … at the end , they will suffer in a tragic way.
i guess they never watch the wannacry episode

and they are not alone
https://www.shodan.io/search?query=smb

hijinx · June 4, 2018, 12:12am

Should use cloudmqtt and bridge for external mqtt

flamingm0e · June 4, 2018, 12:18am

Yes. I know this. I don’t open my home MQTT server. That’s stupid. I bridge to my own instance that’s secured

nickrout · June 4, 2018, 1:13am

But none of this is home assistant’s fault, home assistant does not open your LAN to the world. People do that all by themselves.

hijinx · June 4, 2018, 1:57am

My comment was a bit short - it was more for the forum than targeted at you
Good that you are.

For the forum there is good info on how to bridge to a cloud hosted mqtt such as cloudmqtt.
e.g.

flamingm0e · June 4, 2018, 2:02am

Exactly. None of this is at the hands of the developers

hijinx · June 4, 2018, 3:05am

Its true. You can lead a horse to water, but you can’t make it drink.
Still there is an opportunity here IMO for a “securing your HA” wiki page and pinning it everywhere