I got hacked

… it’s a complete mess … at the end , they will suffer in a tragic way.
i guess they never watch the wannacry episode :slight_smile:

and they are not alone
https://www.shodan.io/search?query=smb

Should use cloudmqtt and bridge for external mqtt

Yes. I know this. I don’t open my home MQTT server. That’s stupid. I bridge to my own instance that’s secured

1 Like

But none of this is home assistant’s fault, home assistant does not open your LAN to the world. People do that all by themselves.

1 Like

My comment was a bit short - it was more for the forum than targeted at you :slight_smile:
Good that you are.

For the forum there is good info on how to bridge to a cloud hosted mqtt such as cloudmqtt.
e.g.

1 Like

Exactly. None of this is at the hands of the developers

2 Likes

Its true. You can lead a horse to water, but you can’t make it drink.
Still there is an opportunity here IMO for a “securing your HA” wiki page and pinning it everywhere :slight_smile:

The other point is that I cannot see anywhere in the docos where it remotely suggests that samba should be exposed to the internet. Nor are you likely to find such advice anywhere for any software project or howto.

I can understand why people would (unthinkingly) expose MQTT to make use of Owntracks, but samba?

People make mistakes.
Maybe they already opened SAMBA port from before HA? Maybe they have a crappy router thats badly configured out of box? Maybe UPNP?
It would be great to have a guide for people who are not security experts (or who did a lot of research) to penetration test their network and scan for vulnerabilities such as open ports etc

If you make the decision to start at the point that everyone may have made a mistake in the past, then the risk is that to give a howto on securing your home assistant systems, you just about need to cover off every possible security issue. I think any howto here should just cover off issues that commonly arise out of HA use, perhaps with a bit of networking/NAT basics thrown in.

one of my problems was bad router with plug n play. but also the default samba share settings. if the default samba addon did an auto admin with random generated password it would help newbies. in doco you could refer to turning off plug n play. and in the log it could show the random password

For the guides, maybe a database of routers people have and they can submit hows to setup/check/delete port forwarding

Or just refer to

https://www.portforward.com/

there is that

I have been hacked recently too. I did a fresh install of Hass I and installed mqtt, not too long later I find all my configuration deleted and over my tv at 99volume (very fu****** loud) it plays a line out of Hass forms for user frenk. This is insane what are they getting into my Hass box through ?

@ryanmaturi
Router possibly.

Many router exploits.
Could be another device on your network.
Not coming from HA likely else entire user base would have same problem.

Burn SD card and start over.
Factory Reset every device on network including router…if possible, reinstall OS
Update all devices and check web for known exploit.

Router brand you use?

It was hass, because when I unplugged it the problem stopped. I run pfsense on a watchguard firebox

Also my Hass instance was on stable build before this happened. Suddenly it is on beta build

Don’t unplug HASS, close the door on your firewall.

1 Like

This just seems like too much logic…