| Author |
|
gg102
Senior Member
Joined: January 29 2013
Location: United States
Online Status: Offline
Posts: 245
|
| Posted: June 04 2014 at 09:49 | IP Logged
|
|
|
Well, it would never happen to me...but it did. My PH got hacked last night. My house, seemingly, was just going nuts.
Without giving away too many security details, the source of the hack was Asia. I know this from information outside PH. They got into my PH through the WEB access. Of course I had a password, not to radically difficult, but what I thought was "reasonable." Well, now, my new password is ridiculously complex.
The reason for this post is for Dave.
It is possible that they have been attempting for months.
In the log, you record WEB access, but there is no distinction between successful login and unsuccessful login attempts.
Dave, I know you're in the weeds with the new version, so maybe start the new request list and add successful login and unsuccessful login attempts to the log file with as much detailed information that you have access to. Then set some type of triggered event (both successful and unsuccessful) so I can do some macro based on this event. ( I would send to me, a text message and want to shutdown the WEB access after x number of attempts). I would also like access to disable WEB access maybe by a system flag or function call or something.
I would love to hear other thoughts or experiences.
Edited by gg102 - June 04 2014 at 10:14
|
| Back to Top |
|
| |
TonyNo
Moderator Group
Joined: December 05 2001
Location: United States
Online Status: Offline
Posts: 2889
|
| Posted: June 04 2014 at 17:41 | IP Logged
|
|
|
This is something. Let's harden those passwords right now...
|
| Back to Top |
|
| |
lizaoreo
Groupie
Joined: February 11 2013
Location: United States
Online Status: Offline
Posts: 75
|
| Posted: June 10 2014 at 13:39 | IP Logged
|
|
|
I've been thinking about that myself. I recently had someone trying to hack my FTP server, I changed ports and that stopped the attack but got me thinking more about the security of my different services available outside the network, PH being one of those.
I'd like to see that type of filtering, even just auto lock down the service (my FTP server does that thankfully).
|
| Back to Top |
|
| |
nick7920
Senior Member
Joined: March 04 2008
Location: United States
Online Status: Offline
Posts: 193
|
| Posted: June 14 2014 at 23:18 | IP Logged
|
|
|
Strong Password is always good idea. but also block those
IP address , if you know the foreign IP in log just block
those or better the full range.
|
| Back to Top |
|
| |
dhoward
Admin Group
Joined: June 29 2001
Location: United States
Online Status: Offline
Posts: 4447
|
| Posted: June 19 2014 at 17:46 | IP Logged
|
|
|
gg,
I will definitely look into this. The PH eventlog should be logging EVERY attempt (successful or unsuccessful) but it does not make the distinction (this is assuming you've got both Trusted web access and untrusted web access checked for your logging). If you're seeing something different with unsuccessful attempts not being logged, let me know and I'll see what is going on.
I'll also look into a way to differentiate unsuccessful attempts from successful attempts as well as provide a mechanism to programmatically shutdown the webserver. The triggers may be a little more difficult but I'll see what I can do.
Not sure what version you're on but the more recent versions also support SSL which should be pretty secure. Of course, if they guess your password, then all bets are off but with SSL, nobody should be able to sniff your packets.
Dave.
|
| Back to Top |
|
| |
gg102
Senior Member
Joined: January 29 2013
Location: United States
Online Status: Offline
Posts: 245
|
| Posted: June 19 2014 at 19:35 | IP Logged
|
|
|
Dave,
Thank you for the reply.
I reviewed the log file many days ago, and because I automatically purge the file after 2 days, it's now gone. What I remember seeing was a lot of WEB accesses. I don't know if they were successful or not successful. I assumed (maybe wrongfully) that some of those accesses were unsuccessful but not documented as unsuccessful. It's completely possible that they were all successful. From my router log, I saw where the accesses were coming from, and I blocked a significant class-A block of addresses. As you know, hackers can re-route their traffic to almost anywhere, so I expect that if they desire, they could re-route and get back.
I do not know how to set a cookie or a certificate, but maybe that's the way to go. That stuff is outside my expertise.
Can I create a cookie and download it to my smartphone or laptop and restrict access to those devices that have the cookie or certificate only? Can you point me to something that would help on this? I do not permit guest logins; only me.
I'm running ver 2.14
In the setup/log I do not see an option for successful/unsuccessful option. I only see web access and trusted access. I assume that "trusted" access is for the internal LAN and WEB is outside WEB. At least that's the way I have it configured. Am I missing something?
I don't "NEED" to shutdown the logins, I was only thinking of a way to pause or delay logins after x unsuccessful attempts like the way Windows does at the user login screen. Would be nice to have that configurable. Maybe just increment a system variable for successful and unsuccessful logins that I can read and make decisions based on that. I could trigger on the global var based on the change.
If you can log the IP of "who's calling" that would be nice.
I know you're busy, so this might be ok after the next ver comes out - just another thing to add to the list. I sure wouldn't want the "to do" list to become empty!
Thanks Dave.
|
| Back to Top |
|
| |
kemporama
Senior Member
Joined: November 21 2008
Online Status: Offline
Posts: 102
|
| Posted: June 22 2014 at 21:39 | IP Logged
|
|
|
Speaking of user accounts, is there a way, or will there be a way in the new release, to create more than one logon account, and possibly assigning different permissions such as being able to only use control center, not allowed to run macros, etc? Ideally I'd like to setup my wife with her own account to access the system from her phone, but she can never remember what my logon and password are.
|
| Back to Top |
|
| |
smarty
Super User
Joined: May 21 2006
Location: United States
Online Status: Offline
Posts: 728
|
| Posted: January 20 2015 at 14:57 | IP Logged
|
|
|
Following up on this older thread....
the "ph_system" function is now available to track bad web-server log-in attempts. It can also enable or disable PH's webserver...cool.
My question would be, how would you trigger off of this information? Is there a way to trigger off a bad log in attempts...how???
__________________
Elk - Insteon - BlueIris - DMC1 - PowerHome - XLobby - HA_Bridge w/Dots - Brultech
|
| Back to Top |
|
| |
dhoward
Admin Group
Joined: June 29 2001
Location: United States
Online Status: Offline
Posts: 4447
|
| Posted: January 20 2015 at 15:09 | IP Logged
|
|
|
Steve,
No triggers in this version as it would have required a database change to implement it. The next version with all the database upgrades will have triggers for the bad login attempts.
In the meantime, you would have to poll this value periodically.
Dave.
|
| Back to Top |
|
| |
Active Topics 
Memberlist 
Search 
Help
Register 
Login
PowerHome Messageboard : PowerHome General
Topic: My PH got hacked last night.
