Announcement

Collapse
No announcement yet.

Web Server Security?

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Web Server Security?

    Hey guys,
    I have noticed a few failed attempts to connect to my HomeTroller from China: seven tries from the same IP in the last 24 hours. I noticed entries in the log, simply while looking for something else. No idea if it happened before.

    Searched around, found nothing useful in these forums, but found a report of a known HS vulnerability: http://www.exploit-db.com/exploits/18567/

    So... How do you guys go about protecting your server, short of IP blocking in router?
    Tags: hacking, protection, security
    #2
    That exploit was fixed shortly after it was discovered. These failed attempts happen all the time and as far as I know no one has ever got hacked. There are some settings to block ipaddress that fail x number of times in a row. Look for "Enable IP Hack Blocking" in the HS setup for some settings to assist with these hackers.
    💁‍♂️ Support & Customer Service 🙋‍♂️ Sales Questions 🛒 Shop HomeSeer Products

    Comment

      #3
      Originally posted by Rupp View Post
      That exploit was fixed shortly after it was discovered. These failed attempts happen all the time and as far as I know no one has ever got hacked. There are some settings to block ipaddress that fail x number of times in a row. Look for "Enable IP Hack Blocking" in the HS setup for some settings to assist with these hackers.
      Rupp,
      I do have the IP blocking enabled after three attempts. Unfortunately, my attempts happened about three hours apart - all seven of them. So this did not work. Even if it did, IP blocking is pretty primitive: use a VPN or a proxy server and you get around them. Especially blocking one IP at a time. I was looking for suggestions on intelligent filtering, such as IP ranges determined from reverse trace of host. I'd go for a country-specific tracking: I don't know anyone in China and don't have any reason to open my IP to them

      Comment

        #4
        Sure but as I say it's only a nuisance as most all of these are just probing bots. You can spend the rest of your life running from these guys or simply ignore the log file as they aren't getting anywhere.
        💁‍♂️ Support & Customer Service 🙋‍♂️ Sales Questions 🛒 Shop HomeSeer Products

        Comment

          #5
          If you're running vnc on the HomeTroller, I would highly recommend that you change the default password. That should prevent any unwanted VNC hacks.
          As for the HomeSeer webserver itself, change the default username and password to something else and you should be as secure as you are with any other username/password protected website.
          💁‍♂️ Support & Customer Service 🙋‍♂️ Sales Questions 🛒 Shop HomeSeer Products

          Comment

            #6
            Originally posted by macromark View Post
            If you're running vnc on the HomeTroller, I would highly recommend that you change the default password. That should prevent any unwanted VNC hacks.
            As for the HomeSeer webserver itself, change the default username and password to something else and you should be as secure as you are with any other username/password protected website.
            VNC has been long gone (I use Logmein instead). User name and pass are custom. Sounds good.

            Comment

              #7
              I get the Chinese bots about once a month trying to hack in.

              Also have seen Netherlands, Italy, Spain, Korea ( can't remember north or south), among others.

              Have you checked out Jon00 script WhoIs? It keeps track of all logins and attempts and displays them on a nice web page inside HomSeer.

              Comment

                #8
                Put a linux router distro between your internal lan and your ISP provided router/modem and use another NAT range to protect your network. Adding Knock and Snort will protect your Lan even more. I have used freesco for over twelve years and I have never seen any attempts in my logs. You have the added benefit of installing a self updating hosts file package that protects your browser from malware too...
                3.0.0.548: HS3PRO - 3.0.5.10: AIAlert - 2.1.1.0: APIWeather - 2.0.64.0: BLBackup - 2.0.45.0: BLLAN - 2.0.37.0: BLRoombaWifi - 1.0.0.3: DevLog - 1.2.5.15: KeyPad - 3.0.2.25: NetCAM - 0.0.0.52: Pushover 3P - 3.0.0.5: SendVFD - 1.0.0.3: Tiles - 3.0.11.0: Z-Wave

                Comment

                  #9
                  In my case it happens every now and then that I get blocked when trying to connect from work so the IP blocking works really effectively. If I get blocked I can then use VNC.

                  Comment

                    #10
                    I don't have a HomeTroller, but was wondering if it will let you block a range of IP addresses? If so, there are sites like blockcountryip.com or countryipblocks.net that you can use to look up the range that an entire country may be using, and decide which countries you would like to block.

                    Jeff

                    Comment

                      #11
                      I agree with using a software linux or BSD firewall between your ISP connection and your internal LAN.

                      Envision your network at home as an onion with layers on it with the core of the onion being the most protected ....

                      You can then protect all of your internal LAN stuff and literally layer the access to the outside world....
                      - Pete

                      Auto mator
                      Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb

                      HS4 Pro - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
                      HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11
                      X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

                      Comment

                        #12
                        I have a sonic wall network appliance which has ip blocking by country feature.

                        It doesn't always work. They must be able to spoof ip addresses because I still get china hits on my server quite often.

                        Comment

                          #13
                          Originally posted by prsmith777 View Post
                          I have a sonic wall network appliance which has ip blocking by country feature.

                          It doesn't always work. They must be able to spoof ip addresses because I still get china hits on my server quite often.
                          I was looking at exactly that: hardware firewall or, ultimately, a Unified Threat Management (UTM) appliance to protect entire LAN. Which model are you using and do you use their subscription services?

                          Comment

                          Previous template Next
                          Working...
                          X