I got hacked

Dominic · May 29, 2018, 8:50am

yep answered most of those. except for edit files addon - not installed. and didnt answer sjee as google is your friend (the answer is no log)

TFA · May 29, 2018, 8:57am

Then its just me being unable to find the answers in this discussion.
Would you mind enlighten me how the hacker was able to access your installation (through SMB, without the port 445 mapped?) so that i can happily go on with my life?

Dominic · May 29, 2018, 9:21am

tmjpugh · May 29, 2018, 1:10pm

Site list router vulnerabilities.
https://routersecurity.org/bugs.php

I am thinking router flaw that lets them into network and onto install…OR just user error
anyway, The site above is worth a look.

UPNProxy is a one I been look to share for a few days

ayavilevich · May 30, 2018, 6:34pm

David, did you check that your 3218 configurator port is password protected? Try direct access to it from the outside.

JasonH · May 30, 2018, 6:44pm

Sitting here reading but the one question no one has asked; have you checked your router? Recently there was a new article out regarding a 3 stage hack on multiple routers.

tmjpugh · May 30, 2018, 9:37pm

@JasonH
2 posts up I list the vulnerable routers and link to service advisery, etc

EDIT
Actually that was general vulnerability list
Below thread is about what you mention

DavidFW1960 · May 30, 2018, 9:57pm

Of course its got a strong password as i already stated. I have not been hacked or compromised.

Prathik_Gopal · May 31, 2018, 6:02am

I had left the guest mode enabled once and I had some kind of exe and some file in each folder , I had to scrap the entire files for fear of stolen data and rebuilt the content , again it gave me room for learning and segregating yaml’s in a better way . These days I keep the samba addon disabled as I only edit once a while and only when at home.

flamingm0e · May 31, 2018, 6:04pm

Look at Syncthing instead.

mnl1121 · May 31, 2018, 7:10pm

I’d be very interested in a pen testing tutorial.

ReneTode · May 31, 2018, 7:41pm

I use winscp.

that is very helpfull to.

miguelromao · June 3, 2018, 9:30pm

Hi,
Just checked SHODAN and thre is stil lots of people with their HA not secure.
even with cameras and password for the google accounts …
mqtt also needs to be secured as most are wide open.

nickrout · June 3, 2018, 10:19pm

They probably don’t all read this forum.

DavidFW1960 · June 3, 2018, 11:17pm

How is MQTT wide open? Are people opening MQTT port on router? It’s only accessible on local network for most people I would have thought?

flamingm0e · June 3, 2018, 11:24pm

Yep. They want owntracks etc…

miguelromao · June 3, 2018, 11:35pm

I’ve tried sucessfully with MQTTFX (client ) and see their topics and payloads.
left them a note to protected themselfs on the secrets.yaml

some guy even had the passwords for the cctv cams of his store.

flamingm0e · June 3, 2018, 11:37pm

How are you writing to their secrets file?

Are they leaving the damn SMB share open?

miguelromao · June 3, 2018, 11:37pm

… yep … wide open

flamingm0e · June 3, 2018, 11:38pm

I’m at a loss for words.