Announcement

Collapse
No announcement yet.

I was Hacked !!!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    VPN is the answer but I also use a rattrap. Best investment I’ve made. I have three of them in three homes.

    Comment


    • #17
      Originally posted by harvito View Post
      VPN is the answer but I also use a rattrap. Best investment I’ve made. I have three of them in three homes.
      Have you continued with their monitoring service? Is it necessary to do so?

      Comment


      • #18
        RATTrap as a company does not monitor. The device is hardware based and not cloud. Although it does get updates regularly-

        Comment


        • #19
          Originally posted by harvito View Post
          RATTrap as a company does not monitor. The device is hardware based and not cloud. Although it does get updates regularly-
          I don't have one but if I'm reading their website correctly there is a subscription requirement. 1st year included with $199 hardware purchase and $9/mo thereafter.
          -Wade

          Comment


          • #20
            If you want to go the Pro-sumer route. Take a look at the Synology RT2600ac Beam Forming Router, VPN, Firewall, DNS server, DHCP server, File Server, etc. Same people that bring you the great Synology NAS devices.

            Not exactly cheap but it has one of the best OS's in the industry. It also comes with Intrusion Protection as a default, and if you add an external storage device such as a USB Stick or USB EHD then you can load the free Threat Protection Firewall as well. They also have the RC1600ac series of Mesh Routers so you can outfit your entire home with a mesh network.

            As I said, not cheap and definitely not for the plug and go kind of person, but the user interface is very intuitive, has auto updates and it updates regularly as new exploits or attacks are released. Best decision I have lately made.

            https://www.amazon.com/Synology-RT26.../dp/B01N5MPTG1

            Comment


            • #21
              Yes here have been doing separate devices on the network for around 20 years...

              1 - alway purchased a cable modem and never leased. Started with Motorola SB (4 Surfboard modems) and today using an Arris SB 6190 (32X8) Gb modem
              2 - secondary ISP here is a cellular modem (which is also used as a fail over for alarm monitoring)
              3 - Firewall started with using Smoothwall many many years ago...then switched to using PFSense wanting to have a failover internet connection.
              You can purchase a service contract for PFSense on a yearly basis and let the folks there manage the firewall.
              IE: started with cable and DSL failover in the early 2000's
              4 - Wireless AP's went from using OpenWRT Linksys / Buffalo APs to using Ubiquiti networks.
              Lately tinkering with Ruckus Wireless access point (note all AP's are POE connected ceiling or wall mount).
              5 - Network switches today are 3 24 port managed and 3 24 port unmanaged Gb switches. There is also a managed 24 port POE switch in the mix.

              Note here have no dependencies on wireless for any automation, audio, et al or cell phones or tablets (shut them off when home).

              I am testing firmware customized for MQTT WiFi devices and have been using customized micro OpenWRT wireless AP's for this stuff.

              Note #2 - The Homeseer "servers" were running on Windows Server Standard and today running on Ubuntu Server. Have never utilized the Windows servers to surf the web and since Homeseer 1 always dedicated computer.
              - Pete

              Auto mator
              Homeseer 3 Pro - 3.0.0.534 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU - Mono 6.00
              Homeseer Zee2 (Lite) - 3.0.0.534 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro - Mono 6.00

              X10, UPB, Zigbee, ZWave and Wifi MQTT automation.

              Comment


              • #22
                Originally posted by Pnord View Post
                OK, Never thought it would happen to li'l ol' unimportant me but they got me.
                Many files were encrypted & I was given an address to get them back.

                I was backed up & after running malewarebytes (free, scan only) I quarantined the apparent problems, deleted the encrypted files & ran a repair install of HS3.
                I'm up & running again.
                I got a new drive coming & this weekend will fresh reinstall everything.

                Now, just curious, how did they get in?
                I'm running HS3 on a dedicated laptop,(windows 7 Pro), I rarely touch this machine, no emails received (send only) or browsing.
                The only exposure I can see is the Web Server & Blue Iris which are both port forwarded through the router.
                Apparently windows defender is not sufficient.

                If I confess to being ignorant, can you give me some Ideas where to tighten up?

                Be gentle, I'm not in your league.
                Thanks
                Paul
                Did you get the name of the malware?
                You need to make sure to regularly update windows. Read up on BlueKeep. Microsoft even released a patch for XP/2003 recently.

                Comment


                • #23
                  I’m also interested in how you were breached. No specifics but why do you think it was an outside breach vs a payload from an internal infected source. That source doesn’t have to be the laptop - What was the ransomware name that Malwarebytes reported. Just curious-

                  Comment


                  • #24
                    Thank you for the ideas, so much to explore here.
                    For those who want the details, from malwarebytes:

                    Backdoor.Agent.WU, C:\USERS\XXX\APPDATA\ROAMING\WINUPMGR.EXE, Quarantined, [6384], [548478],1.0.10834
                    Ransom.Amnesia.Drop, C:\USERS\XXX\APPDATA\LOCAL\TEMP\$TMP$001.EXE, Quarantined, [9949], [631302],1.0.10834
                    And
                    Registry Value
                    Backdoor.Agent.WU, HKU\S-1-5-21-679669901-2820413117-484704748-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Windows Update Manager, Quarantined, [6384], [548478],1.0.10834
                    Backdoor.Agent.WU, HKU\S-1-5-21-679669901-2820413117-484704748-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WINDOWS UPDATE MANAGER, Quarantined, [6384], [548478],1.0.10834

                    Hope that helps,

                    I'm guessing that without port forwarding, any remote desktop connection is out ?

                    Thanks
                    Paul







                    Comment


                    • #25
                      Looking closely at RATTrap and speaking with them today, the first year of subscription is included with the purchase. After that, it's $9;99 per month or $99 per year.
                      Spoke with an engineer there as well. Looks like very interesting tech. I also read this article this afternoon - https://homealarmreport.com/smart-ho...ojo-vs-keezel/


                      Robert
                      HS3PRO 3.0.0.500 as a Fire Daemon service, Windows 2016 Server Std Intel Core i5 PC HTPC Slim SFF 4GB, 120GB SSD drive, WLG800, RFXCom, TI103,NetCam, UltraNetcam3, BLBackup, CurrentCost 3P Rain8Net, MCsSprinker, HSTouch, Ademco Security plugin/AD2USB, JowiHue, various Oregon Scientific temp/humidity sensors, Z-Net, Zsmoke, Aeron Labs micro switches, Amazon Echo Dots, WS+, WD+ ... on and on.

                      Comment


                      • #26
                        Thinking by default Windows 10 will share the Windows 10 updates from other computers on your network. That could be a source.

                        You can shut this "feature" off if you want to.

                        Teamviewer works well and it is free and you do not have to open any ports to use it. I use it here for family members.

                        For myself I continue to utilize PFSense. You can add the plugin ClamAV which is always being updated and it is free.

                        With ClamAV, Squid, Snort, PFBlocker, DNS Resolver you would be well protected and best of all it is free.
                        - Pete

                        Auto mator
                        Homeseer 3 Pro - 3.0.0.534 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU - Mono 6.00
                        Homeseer Zee2 (Lite) - 3.0.0.534 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro - Mono 6.00

                        X10, UPB, Zigbee, ZWave and Wifi MQTT automation.

                        Comment

                        Working...
                        X