Announcement

Collapse
No announcement yet.

How to prevent intrusions

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    How to prevent intrusions

    Hi,

    I believe that my HS3 system is being pinged somehow or hackers are using port scanners and are trying to access my HS3 system.

    I have daily occurances of different and multiple IP addresses trying to access my system. I could see in the log how they tried different USER ID's and incorrect password until I disabled remote access in the HS3 Setup, but that also blocks MY access to the system. Now I only see "connection fro ip adress XX has been blocked because remote connections is disabled".

    I have tried to "list" all the individual IP addresses on the Norton Firewall but this will be a never ending situation.

    How can I prevent this in an easier manner?

    There was a mention of using a VPN or something but not sure if that will fix it.


    By the way I have a regular Comcast cable modem.
    Thanks
    Chris
    Attached Files

    #2
    You could go to the trouble of blocking these but the HS3's web server is doing it's job and blocking these as evidenced by the log file. Putting your HS3 web server on a non standard port can help as well but the log entries are not likely to stop as this is what these guys do.
    💁‍♂️ Support & Customer Service 🙋‍♂️ Sales Questions 🛒 Shop HomeSeer Products

    Comment


      #3
      Use a high port number, say something above 7000. Make sure to avoid regularlu used port numbers such as 8080. It may not eliminate it completely, but will likely reduce it significantly.

      Cheers
      Al
      HS 4.2.8.0: 2134 Devices 1252 Events
      Z-Wave 3.0.10.0: 133 Nodes on one Z-Net

      Comment


        #4
        Rupp - Does the "Enable IP Hack Blocking" still work in the HS3 Network Settings? I keep it turned on, but every time I restart HS3 it turns back off. Yep, I submitted a Bugzilla weeks ago, but not fixed yet.

        Comment


          #5
          Originally posted by prnorton View Post
          Rupp - Does the "Enable IP Hack Blocking" still work in the HS3 Network Settings? I keep it turned on, but every time I restart HS3 it turns back off. Yep, I submitted a Bugzilla weeks ago, but not fixed yet.
          +1

          Sent from my SM-G935V using Tapatalk

          Comment


            #6
            Originally posted by prnorton View Post
            Rupp - Does the "Enable IP Hack Blocking" still work in the HS3 Network Settings? I keep it turned on, but every time I restart HS3 it turns back off. Yep, I submitted a Bugzilla weeks ago, but not fixed yet.
            Yea, this is broken (sort of) but if you change the values for Block Timeout, Failures, and Fail Intervals it will save these in the settings.ini file and will work even though it shows unchecked. You can verify this by looking for the
            [IPBlock] section in the settings.ini file.
            💁‍♂️ Support & Customer Service 🙋‍♂️ Sales Questions 🛒 Shop HomeSeer Products

            Comment


              #7
              It happens to everyone probably. Nobody worries about it if you have a remotely decent password. They are looking for IIS systems and databases to steal. HS2/3 is a pure HMTL server. As they say in Jersey - fohgetabowdit.


              ~Bill

              Comment


                #8
                Originally posted by Rupp View Post
                Yea, this is broken (sort of) but if you change the values for Block Timeout, Failures, and Fail Intervals it will save these in the settings.ini file and will work even though it shows unchecked. You can verify this by looking for the
                [IPBlock] section in the settings.ini file.
                I disagree with you Rupp. Yes, the settings.ini file is modified and yes, the network settings does not show. But it doesn't disable IP hacking. I have to remember to re-set it after each reboot. A couple of times I forgot until I looked at the log file to see about 50 lines of hacking attempt. Once set again, it works.

                I have mentioned this issue with Tyler Manson and it appears HS is reviewing this.

                Robert
                HS3PRO 3.0.0.500 as a Fire Daemon service, Windows 2016 Server Std Intel Core i5 PC HTPC Slim SFF 4GB, 120GB SSD drive, WLG800, RFXCom, TI103,NetCam, UltraNetcam3, BLBackup, CurrentCost 3P Rain8Net, MCsSprinker, HSTouch, Ademco Security plugin/AD2USB, JowiHue, various Oregon Scientific temp/humidity sensors, Z-Net, Zsmoke, Aeron Labs micro switches, Amazon Echo Dots, WS+, WD+ ... on and on.

                Comment


                  #9
                  Originally posted by langenet View Post
                  But it doesn't disable IP hacking. I have to remember to re-set it after each reboot. A couple of times I forgot until I looked at the log file to see about 50 lines of hacking attempt. Once set again, it works.

                  I have mentioned this issue with Tyler Manson and it appears HS is reviewing this.

                  Robert
                  I'm not sure of the issue you are seeing but as a work around I'd add something to my startup script to reset this issue after each reboot.


                  ~Bill

                  Comment


                    #10
                    I'd like to do that. Just I haven't looked at how to set this on start up. If you know how, please let me know.

                    To recap, the settings are definitely set in the settings.ini. It appears to me that HS doesn't read them at start up to set accordingly.

                    Robert
                    HS3PRO 3.0.0.500 as a Fire Daemon service, Windows 2016 Server Std Intel Core i5 PC HTPC Slim SFF 4GB, 120GB SSD drive, WLG800, RFXCom, TI103,NetCam, UltraNetcam3, BLBackup, CurrentCost 3P Rain8Net, MCsSprinker, HSTouch, Ademco Security plugin/AD2USB, JowiHue, various Oregon Scientific temp/humidity sensors, Z-Net, Zsmoke, Aeron Labs micro switches, Amazon Echo Dots, WS+, WD+ ... on and on.

                    Comment


                      #11
                      Copy the settings out of the settings.ini file showing the way you want them and I'll come up with some code after work.

                      Cheers.


                      ~Bill

                      Comment


                        #12
                        Originally posted by Bill Brower View Post
                        Copy the settings out of the settings.ini file showing the way you want them and I'll come up with some code after work.

                        Cheers.
                        As an FYI, changing the settings in settings.ini file while HS3 is running has no effect. It only seems to read those settings on startup.

                        Cheers
                        Al
                        HS 4.2.8.0: 2134 Devices 1252 Events
                        Z-Wave 3.0.10.0: 133 Nodes on one Z-Net

                        Comment


                          #13
                          Originally posted by sparkman View Post
                          As an FYI, changing the settings in settings.ini file while HS3 is running has no effect. It only seems to read those settings on startup.

                          Cheers
                          Al
                          Well, there you have it!


                          ~Bill

                          Comment


                            #14
                            But you see.... that's the issue. The settings.ini has what I want in it. Just that HS3 ignores it on start up. I have to go the network page and set it again since the defaults are set which include a missing check on the enable IP hacking - which in my opinion should be set by default and not cleared as it is.

                            Robert
                            HS3PRO 3.0.0.500 as a Fire Daemon service, Windows 2016 Server Std Intel Core i5 PC HTPC Slim SFF 4GB, 120GB SSD drive, WLG800, RFXCom, TI103,NetCam, UltraNetcam3, BLBackup, CurrentCost 3P Rain8Net, MCsSprinker, HSTouch, Ademco Security plugin/AD2USB, JowiHue, various Oregon Scientific temp/humidity sensors, Z-Net, Zsmoke, Aeron Labs micro switches, Amazon Echo Dots, WS+, WD+ ... on and on.

                            Comment


                              #15
                              This is something that broke recently. It used to work.

                              May-16 10:37:58 AM Web Server Web Server authorized login successful from: 67.204.166.43 User: wrb
                              May-16 10:37:55 AM Web Server Web Server login failed from: 67.204.166.43 User: fred_the_terrorist
                              May-16 10:37:53 AM Web Server Web Server login failed from: 67.204.166.43 User: fred_the_terrorist
                              May-16 10:37:52 AM Web Server Web Server login failed from: 67.204.166.43 User: fred_the_terrorist
                              May-16 10:37:51 AM Web Server Web Server login failed from: 67.204.166.43 User: fred_the_terrorist
                              May-16 10:37:50 AM Web Server Web Server login failed from: 67.204.166.43 User: fred_the_terrorist
                              May-16 10:37:49 AM Web Server Web Server login failed from: 67.204.166.43 User: fred_the_terrorist
                              May-16 10:37:48 AM Web Server Web Server login failed from: 67.204.166.43 User: fred_the_terrorist
                              May-16 10:37:46 AM Web Server Web Server login failed from: 67.204.166.43 User: fred_the_terrorist
                              May-16 10:37:45 AM Web Server Web Server login failed from: 67.204.166.43 User: fred_the_terrorist
                              May-16 10:37:44 AM Web Server Web Server login failed from: 67.204.166.43 User: fred_the_terrorist
                              May-16 10:37:43 AM Web Server Web Server login failed from: 67.204.166.43 User: fred_the_terrorist
                              May-16 10:37:41 AM Web Server Web Server login failed from: 67.204.166.43 User: fred_the_terrorist


                              ~Bill

                              Comment

                              Working...
                              X