I just got back from a vacation and logged in to my HA server using the local IP address. I just got a blank page that said “HACKED” in the upper left.
I’ve since blocked HA from the internet, closed all ports that point to HA, changed my password, and enabled 2FA (I know, I should have done this earlier). What else do I need to do? How do I get HA to load when I go to my local IP address instead of seeing the “HACKED” message.
I don’t see any issues within HA, so I’m hoping it was just someone messing around and not looking to do anything nefarious.
Don’t know how to help you with the HACKED message when using the local ip, other than maybe trying to restore from a backup if the system will let you.
As far as other preventative measures you can take, you can add ip_ban to your http key in your configuration.yaml
I would wipe the whole installation. Do a backup first, then wipe + restore. How were you accessing HA remotely when this happened? Opened port 8123 and logged in through that? Do you re-use the HA password on anything else on your network, like a NAS for example?
It could be so simple that “they” just changed your landing page, anyways you are not very informative in regards to your home-network, but i assume you have checked even your Router Settings etc.
What else ?, After such an “incident” i would Wipe Everything, factory-reset the Router, re install HA etc.
If you don’t do above, you will be “Hoping” the rest of your life, and suspect every strange issues in future as bogus “maybe caused by your lack of security” And that “incident”
The feeling and consequences of “Hoping” vs “Knowing” are miles apart
You could be “lucky” or someone might actually have “placed” a backdoor, in your network
PS: You also don’t tell whether you get this “hacked” note from one specific device(phone) or from all devices, so noone can’t exclude anything, as there is not sufficient info here, to tell from where you were hacked etc.
Maybe your “house keeper” just playing you, and had some fun while watering your plants
Taking your message at face value, the only correct answer is to assume that everything on your network is compromised, and copies of every file you have are on the internet now.
Format everything, reinstall operating systems and apps, restore files from backup, and do better next time.
Just want to give that point more emphasis - if HA was on your primary LAN and any of your other systems had vulnerabilities it’s possible other systems got breached too.
Note: If you use your primary laptop on public WIFI / coffee shops etc having a breach on your LAN probably isn’t any worse than that - other than the hacker may have more time to attack your laptop using HA as a bastion.
Not just HA - every machine you have.
For everyone else
Don’t put HA on the same VLAN as all your most valuable computers, either:
Put HA in its own sandbox. or
Move your most trusted computers into a more secure VLAN.
Don’t allow incoming connections to HA from the internet.
Ideally don’t allow HA to connect to the internet at all (no outbound traffic) - I had to give up on that.
For IOT devices don’t allow them internet access either (again I had to allow one device out).
Consider running HA under docker - it is much easier to reset a docker container.
Please do not resolve the hacked message.
Just be glad they left that there to inform you.
If you resolve only that then think about closing the more then likely backdoor too.
Wipe and restore would be the only thing to consider here
I had some open from before I started using Nabu Casa and I was using Nginx to reroute a login to my Blue Iris server. All ports to HA are now closed.
I was on a cruise ship and used that WiFi to access HA via the companion app. I’m wondering if that somehow caused this.
I have a backup from 10 days ago. I’ll wipe and restore from that. Is there any way to tell if that backup goes far enough back before the hack?
Oddly, when I visit HA’s local IP address on my desktop computer I don’t see the “HACKED” message, HA loads as normal. When I visited it on my laptop I see the “HACKED” message. The computers are on the same network. Any idea why?
Did you have this Laptop on your vacation also ?, anyways wipe it !
And check your HA logs and files for changes/timestamps etc. “clues/evidence”
As i mentioned earlier could be that HA is Not “Hacked” but your Laptop/browser is “infected/hacked” ( 11 hours ago i asked whether you’ve tried to access Ha from other devices, and you tell people now ? )
Anyhow, if you don’t have the knowledge to search through your devices, for Clues , evidence, etc. the best advises have been mentioned several times, Wipe everything
No, I brought my work laptop on the cruise; my personal laptop is where I see the “HACKED” message. I only accessed HA on the cruise via my phone and the companion app.
VPN!!!
On public wifi’s always use vpn. If you don’t have it set it up now. I have vpn always active on my phone, no matter how it’s connected. Same on laptops, tablets… when i use them out of my home.
