Announcement

Collapse
No announcement yet.

Homeseer security issue - Needed to upgrade HS3!

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
    #1

    Homeseer security issue - Needed to upgrade HS3!

    Hi all,

    i just seen that a chinese ip logged in my system and try to delete everything ..
    he connected a way trough homeseer not vnc or telnet or else..

    he could give himself access again, i could stop him by turning off my internet...

    i just was in time because the system told me a ip have granted access to some ip...
    and he was deleting events etc and did a homeseer restart and delete logs etc...... lucky i have a backup.. and i have his ip

    How can he access without a username ?

    i first was thinking its a plugin what gets access... but not... i start watching then my scripts went missing and events...


    also this homeseer was running 310days without restarting
    using .315

    the ip is a vpn so someone did hack this homeseer version somehow...

    IP Address 122.152.196.18 has been blocked from further access to the system.
    IP Address 122.152.196.18 has been re-enabled for access to the system. (this is done after 10 minutes but it was within 1 minute... then it happend.)

    It started with the isp modem crash out of nothing and about 1 hour later i get the homeseer message on my phone that there was granted access on my system, i checked the log and it was first blocked and than directly granted access..... then it started.. and i keep watching wat this person was doing.. because i have a backup on a other pc.
    Last edited by Malosa; March 14, 2018, 01:14 PM.
    Preferred -> Jon's Plugins, Pushover, Phlocation, Easy-trigger,
    Rfxcom, Blade Plugins, Pushbullet, homekit, Malosa Scripts



    HS3Pro 4.1.14.0 on windows 10 enterprise X64 on hp quadcore laptop 8 GB.
    Tags: None
    #2
    Don’t understand, do you have an open port into your system or did they come in through MyHS?

    Without having open ports into your system I don’t see how someone can get into your network unless you had a virus or trogen on your system or you have a very insecure router.

    If they came in through MyHS then HS has a serious problem or you had insecure password.

    If you want to directly access your HS system ONLY do it through a very good router with built in VPN.
    HomeSeer Version: HS3 Standard Edition 3.0.0.548
    Linux version: Linux auto 4.15.0-72-generic #81-Ubuntu SMP Tue Nov 26 12:20:02 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
    Number of Devices: 484 | Number of Events: 776

    Enabled Plug-Ins: 3.0.0.13: AirplaySpeak | 2.0.61.0: BLBackup
    3.0.0.70: EasyTrigger | 1.3.7006.42100: LiftMaster MyQ
    4.2.3.0: mcsMQTT | 3.0.0.53: PHLocation2 | 0.0.0.47: Pushover 3P
    3.0.0.16: RaspberryIO | 3.0.1.262: Z-Wave

    Z-Net version: 1.0.23 for Inclusion Nodes
    SmartStick+: 6.04 (ZDK 6.81.3) on Server

    Comment

      #3
      Have you called HomeSeer? This is something I would definitely call them directly about even if to just notify them and check their logs (if it was coming through myHS).

      Comment

        #4
        Do you still have the default user defined as this login/password isn't hard to figure out.
        💁‍♂️ Support & Customer Service 🙋‍♂️ Sales Questions 🛒 Shop HomeSeer Products

        Comment

          #5
          Originally posted by Rupp View Post
          Do you still have the default user defined as this login/password isn't hard to figure out.


          Rupp. This was a major known issue a while back (sometime in the last year). Which version fixed this and when?
          cheeryfool

          Comment

            #6
            Originally posted by Malosa View Post
            Hi all,

            i just seen that a chinese ip logged in my system and try to delete everything ..
            he connected a way trough homeseer not vnc or telnet or else..

            he could give himself access again, i could stop him by turning off my internet...

            i just was in time because the system told me a ip have granted access to some ip...
            and he was deleting events etc and did a homeseer restart and delete logs etc...... lucky i have a backup.. and i have his ip

            How can he access without a username ?

            i first was thinking its a plugin what gets access... but not... i start watching then my scripts went missing and events...


            also this homeseer was running 310days without restarting
            using .315

            the ip is a vpn so someone did hack this homeseer version somehow...

            IP Address 122.152.196.18 has been blocked from further access to the system.
            IP Address 122.152.196.18 has been re-enabled for access to the system. (this is done after 10 minutes but it was within 1 minute... then it happend.)

            It started with the isp modem crash out of nothing and about 1 hour later i get the homeseer message on my phone that there was granted access on my system, i checked the log and it was first blocked and than directly granted access..... then it started.. and i keep watching wat this person was doing.. because i have a backup on a other pc.
            Your signature shows you are running 3.0.0.312 and the post says you are running 3.0.0.315. There was an update issued that addressed a security issue where login was possible without credentials. I think this fix was subsequent to the version you are running. 3.0.0.368 is the current release and it has the security fix. I would recommend beta 3.0.0.423 as there are a lot of additional fixes in the current beta.

            3.0.0.423
            Last edited by randy; March 15, 2018, 12:06 AM.
            HS4 Pro, 4.2.19.16 Windows 10 pro, Supermicro LP Xeon

            Comment

              #7
              Hi all,

              @rupp @Randy

              sorry i am running 315 not 312 my fault,

              yes default user is still defined.. but the password is hard to figure out ..


              I called my isp and there was an attack because my modem got first attacked and let it reboot, after then they did something to the modem and then they went on my local network and somehow they managed to login to homeseer..

              I was not the only person there where more people who had a planned attack on some routers.

              homeseer is on a different subnet and also it needs a password to access..

              but i did check my firewall and everything was on..

              so what i do now is let run homeseer fully behind my ddwrt router over vpn.

              and i have no issue anymore.. but its still strange.

              i wil update to the last beta like you said Randy, 315 is old and its my fault to not update to a newer stable version.
              but i just want to let you guys know.

              regards.


              Originally posted by Rupp View Post
              Do you still have the default user defined as this login/password isn't hard to figure out.
              Preferred -> Jon's Plugins, Pushover, Phlocation, Easy-trigger,
              Rfxcom, Blade Plugins, Pushbullet, homekit, Malosa Scripts



              HS3Pro 4.1.14.0 on windows 10 enterprise X64 on hp quadcore laptop 8 GB.

              Comment

                #8
                Which ISP do you use? Where are you located?
                💁‍♂️ Support & Customer Service 🙋‍♂️ Sales Questions 🛒 Shop HomeSeer Products

                Comment

                  #9
                  I am curious too.

                  There are documented issues with the old Motorola / Arris SB6141 cable modems.

                  ALL ISP cable modems are just opensource firewalls with ISP access with the proper tools.

                  WAN (internet) ==> ISP modem (which is a firewall/router/switch) ==> your home network device (DDWRT).
                  - Pete

                  Auto mator
                  Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
                  Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
                  HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram
                  HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
                  HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11
                  X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

                  Comment

                    #10

                    Comment

                      #11
                      @rupp

                      i'm located in the Netherlands.
                      isp is called Ziggo.

                      the isp gave me the Arris Connect Box (TG2492LG-ZG) 1year ago
                      but in my second subnet i have a ddwrt but right now no vpn

                      they changed my ip and reflashed my isp router with some updates or something.
                      since today i changed everything and also ports.
                      and not even 1 attempt to login.

                      i gonna now install the version Randy said, lets see how it goes.


                      Originally posted by Rupp View Post
                      Which ISP do you use? Where are you located?
                      Preferred -> Jon's Plugins, Pushover, Phlocation, Easy-trigger,
                      Rfxcom, Blade Plugins, Pushbullet, homekit, Malosa Scripts



                      HS3Pro 4.1.14.0 on windows 10 enterprise X64 on hp quadcore laptop 8 GB.

                      Comment

                        #12
                        Are you running your router with the HomeSeer port exposed to the Internet?

                        Comment

                          #13
                          Originally posted by farfromuman View Post
                          Are you running your router with the HomeSeer port exposed to the Internet?

                          Comment

                            #14
                            I would check the router's port forwarding. UPNP could have set forwards at some point and those dont clear out automatically.
                            I run OpenVPN server on the router and dont have to worry about hackers trying to login to Blueiris and Homeseer.

                            Sent from my LG-H871 using Tapatalk

                            Comment

                              #15
                              Originally posted by Malosa View Post
                              Hi all,

                              @rupp @Randy

                              sorry i am running 315 not 312 my fault,

                              yes default user is still defined.. but the password is hard to figure out ..
                              Is your password sufficiently complex and long though? I've had passwords cracked that I thought were hard to figure out, but with scripts running the majority of attacks they can try millions of combinations in little time. I suggest a good random password (long, including digits and symbols) and a good, secure password manager application so you don't have to create memorable passwords.
                              HS Pro 3.0 | Linux Ubuntu 16.04 x64 virtualized under Proxmox (KVM)
                              Hardware: Z-NET - W800 Serial - Digi PortServer TS/8 and TS/16 serial to Ethernet - Insteon PLM - RFXCOM - X10 Wireless
                              Plugins: HSTouch iOS and Android, RFXCOM, BlueIris, BLLock, BLDSC, BLRF, Insteon PLM (MNSandler), Device History, Ecobee, BLRing, Kodi, UltraWeatherWU3
                              Second home: Zee S2 with Z-Wave, CT101 Z-Wave Thermostat, Aeotec Z-Wave microswitches, HSM200 occupancy sensor, Ecolink Z-Wave door sensors, STI Driveway Monitor interfaced to Zee S2 GPIO pins.

                              Comment

                              Previous 1 2 template Next
                              Working...
                              X