HELP......I've been hacked!!!!!
- Thread starter svb57
- Start date
D
Deleted member 143833
Boy, that's really bad; is everything in the tank OK?
One option; change password routinely! The AC3 password is transmitted in clear text (no https) making it semi-easy to hack the account using a simple sniffer.
Another option would be to use Aquanotes, which is website based and could be configured with a cert and use https but a cert isn't that cheap.
So far I haven't found any other options but maybe others have some ideas???
Where you connecting straight to the AC3 or was it another type of connection; just curious?
One option; change password routinely! The AC3 password is transmitted in clear text (no https) making it semi-easy to hack the account using a simple sniffer.
Another option would be to use Aquanotes, which is website based and could be configured with a cert and use https but a cert isn't that cheap.
So far I haven't found any other options but maybe others have some ideas???
Where you connecting straight to the AC3 or was it another type of connection; just curious?
No nothing happen. But i think i caught it within hours of it happening and with 750g of water the heaters being on did effect it that fast.
[Another option would be to use Aquanotes, which is website based and could be configured with a cert and use https but a cert isn't that cheap.] I do have Aquanotes...but dont understand what a "cert" is and how to do it. Cost is realative when I have as much in the system as I do.
The AC3 is connected straight to the modem.
HELP
Jim Mc
[Another option would be to use Aquanotes, which is website based and could be configured with a cert and use https but a cert isn't that cheap.] I do have Aquanotes...but dont understand what a "cert" is and how to do it. Cost is realative when I have as much in the system as I do.
The AC3 is connected straight to the modem.
HELP
Jim Mc
D
Deleted member 143833
A few more lower cost options:
Hackers attack using some tried and true methods, the most common user name is 'admin'. Passwords are hacked using a dictionary that just tried and tries until it hits (there are also common passwords; 'password'...)
'If' you where hacked using the above it would be more simple to elude another hack by:
* Change the user name
* Create a challenging password (for example 1 of my old passwords wat "2BeOrNot2Be"' try and hack that. Take a phrase and change the number words to digits, that is nice trick and easy to remember.
* DO NOT user port 80!!!!! Should I say this one again!!!! Why, because port 80 is the most common port hackers trace for (don't use port 446 either). Pick something up high, you can go all the way up to 9999, pick something out of the way.
Lastly, to answer your question; a cert (short for certificate) is a special key value which can be used to secure the communications channel and everything send over it. If you have a cert and properly configured IIS then you can connect to AquaNotes using a secured channel and that would make things more secure (the same thing banks use to protect your web access; https, aka SSL (secure socket layer)). What you would do in this setup would be access Aquanotes and not the AC3 because AquaNotes uses IIS, which can use SSL (Secure Socket Layer).
Hackers attack using some tried and true methods, the most common user name is 'admin'. Passwords are hacked using a dictionary that just tried and tries until it hits (there are also common passwords; 'password'...)
'If' you where hacked using the above it would be more simple to elude another hack by:
* Change the user name
* Create a challenging password (for example 1 of my old passwords wat "2BeOrNot2Be"' try and hack that. Take a phrase and change the number words to digits, that is nice trick and easy to remember.
* DO NOT user port 80!!!!! Should I say this one again!!!! Why, because port 80 is the most common port hackers trace for (don't use port 446 either). Pick something up high, you can go all the way up to 9999, pick something out of the way.
Lastly, to answer your question; a cert (short for certificate) is a special key value which can be used to secure the communications channel and everything send over it. If you have a cert and properly configured IIS then you can connect to AquaNotes using a secured channel and that would make things more secure (the same thing banks use to protect your web access; https, aka SSL (secure socket layer)). What you would do in this setup would be access Aquanotes and not the AC3 because AquaNotes uses IIS, which can use SSL (Secure Socket Layer).
D
Deleted member 143833
I am talking about the 1 for the AC3 (if that is what you have connected to the internet). Yes, it is the password you use to get into the AC3 from the web browser.
Port number is changed the same menu (Setup->NetSetup) as the password (Setup->Net Setup->Http Port)
Port number is changed the same menu (Setup->NetSetup) as the password (Setup->Net Setup->Http Port)
D
Deleted member 143833
No, username, password and port are all in the "Setup->Net Setup" menu section. Once you change them you will, likely need to reset the controller (either by unplugging or using the "Setup->Net Setup->Reset menu).
Remember to update the username and password in AquaNotes. The AquaNotes port does not need to be changed; the port you are changing in the aforementioned menu is only used for HTTP.
Oh, when you access the AC3 using a port other than 80 you will need to provide the port number on the connect line like this:
http://myreef.mydomain.com:9999/
or
http://192.168.1.50:9999/
Last, if you are running the gadget you will need to update the connection information, use the same format as above but don't include the "http://" (e.g., 192.168.1.50:9999 or myreef.mydomain.com:9999).
Ii think that should about be it but I'll be online for a while so if you need help you know where to find me....
Remember to update the username and password in AquaNotes. The AquaNotes port does not need to be changed; the port you are changing in the aforementioned menu is only used for HTTP.
Oh, when you access the AC3 using a port other than 80 you will need to provide the port number on the connect line like this:
http://myreef.mydomain.com:9999/
or
http://192.168.1.50:9999/
Last, if you are running the gadget you will need to update the connection information, use the same format as above but don't include the "http://" (e.g., 192.168.1.50:9999 or myreef.mydomain.com:9999).
Ii think that should about be it but I'll be online for a while so if you need help you know where to find me....
gkyle
Premium Member
I don't recommend opening the web server or Telnet port externally at all (at this point). If you have to, do as Ken suggests above, plus if it's possible only open it when you have to. If you're not actually traveling or something, block all access to this device at your firewall if you can. Most cable and DSL routers (such as Linksys) have a built-in basic firewall you can configure to simply block external access. For many, this is the default setting.
A hacker can find the port you're using for the web server easily with simple (and free - Nmap) tools. Changing it from port 80 makes great sense though, because you'll at least force them to look for it. I just tried running a simple security scan (using a free tool - Nessus) against my AC3 Pro and it went nuts within two minutes - without supplying a userid or password. So, you don't actually need to even hack it to cause serious problems. On mine, almost everything simply turned off, my Tunze units just started pumping air, and the Neptune clock went backwards about 4 hours. If someone knew (or discovered with a scan) your IP address and your Neptune isn't blocked by a firewall, they could do the same to you.
I'm going to run a more complete test later today or tomorrow to find all the vulnerabilities, and will post more information when I do. Hopefully these are things Neptune will be willing to correct with an update.
A hacker can find the port you're using for the web server easily with simple (and free - Nmap) tools. Changing it from port 80 makes great sense though, because you'll at least force them to look for it. I just tried running a simple security scan (using a free tool - Nessus) against my AC3 Pro and it went nuts within two minutes - without supplying a userid or password. So, you don't actually need to even hack it to cause serious problems. On mine, almost everything simply turned off, my Tunze units just started pumping air, and the Neptune clock went backwards about 4 hours. If someone knew (or discovered with a scan) your IP address and your Neptune isn't blocked by a firewall, they could do the same to you.
I'm going to run a more complete test later today or tomorrow to find all the vulnerabilities, and will post more information when I do. Hopefully these are things Neptune will be willing to correct with an update.
Roy G. Biv
Premium Member
The exact same thing happened to me about 6 months ago. Everything survived, but I am not comfortable to put it online anymore. 
RokleM
Premium Member
Even better yet, move the web port to something that will cause a malformed request. Put it on 443, 23, 110, etc. If someone tries to go to https://yourIP, it won't work because the device doesn't support secure transport. However, you can access it via http://yourIP:443.
Truly, the device should move to using all secure/encrypted data, however it has to have the horsepower to do so (which probably won't happen with this model).
Truly, the device should move to using all secure/encrypted data, however it has to have the horsepower to do so (which probably won't happen with this model).
corndogg
New member
If you want it to be secure, set up an SSH proxy server on your home computer and then route all traffic through it. It has numerous advantages for secure surfing when out & about. Anytime I use a public computer, I proxy through to my computer so that my data is never "in the open." I originally started doing this because my work blocked yahoo and a few other sites. This is a way to bypass almost any firewall that blocks certain traffic or sites. But basically all communication will be secure and encrypted from the computer you're using to your home cpu.
They are very easy to set up. But for those that don't keep a computer running all the time, you might not like the idea of leaving it on.
Here's a site that has an easy way to set one up.
http://www.linquist.net/geek/proxy
They are very easy to set up. But for those that don't keep a computer running all the time, you might not like the idea of leaving it on.
Here's a site that has an easy way to set one up.
http://www.linquist.net/geek/proxy
gkyle,
I've run both nmap, and the nessus scan, and have not been able to replicate the crashes, clock setting, etc. It was run on both an AC3, and 3Pro with previous generation firmware as well as the latest. I ran the most intense scans available on both of these tools. Please email me support@neptunesys.com the configuration you run ran to see the problem. Please don't post the settings as we don't want someone purposely trying to crash controllers.
I think the biggest security hole in the controllers is the user name and password fields. I don't know how many times that customers have called in for support, and still have the default user name and password in the their controller. If the program/configuration of the controller is changed, I would say that this is the most likely way that it occurred. Definitely, change the user name/password, and make it sure that it is at least 8 characters, both upper and lower case, numbers, and punc. character. Don't give out the username and password.
Curt
I've run both nmap, and the nessus scan, and have not been able to replicate the crashes, clock setting, etc. It was run on both an AC3, and 3Pro with previous generation firmware as well as the latest. I ran the most intense scans available on both of these tools. Please email me support@neptunesys.com the configuration you run ran to see the problem. Please don't post the settings as we don't want someone purposely trying to crash controllers.
I think the biggest security hole in the controllers is the user name and password fields. I don't know how many times that customers have called in for support, and still have the default user name and password in the their controller. If the program/configuration of the controller is changed, I would say that this is the most likely way that it occurred. Definitely, change the user name/password, and make it sure that it is at least 8 characters, both upper and lower case, numbers, and punc. character. Don't give out the username and password.
Curt
kfick
New member
Sorry to hear this happened. I use a VPN router (WRV200) from Linksys. I think you can get it for 80 bones now, and it's my Wireless G access point.
http://www.linksys.com/servlet/Sate...074625&pagename=Linksys/Common/VisitorWrapper
It has a weak 128 bit encryption, but I doubt anybody would waste the time to hack it. It works with dyndns just fine. I VPN in with its cheesy little client and then access my ACIII with its IP on my home network.
Curt, I found it odd I could only use an address of 194.194.xxx.xxx and have my ACIII accessable on my home network (not using VPN). If I went any higher, say 195.xxx.xxx.xxx it would not respond. Using 192.168.xxx.xxx at home confuses the poor router if I VPN from a hotel's network and its a private network as well and it has to translate between the two same ranges over VPN tunnel.
http://www.linksys.com/servlet/Sate...074625&pagename=Linksys/Common/VisitorWrapper
It has a weak 128 bit encryption, but I doubt anybody would waste the time to hack it. It works with dyndns just fine. I VPN in with its cheesy little client and then access my ACIII with its IP on my home network.
Curt, I found it odd I could only use an address of 194.194.xxx.xxx and have my ACIII accessable on my home network (not using VPN). If I went any higher, say 195.xxx.xxx.xxx it would not respond. Using 192.168.xxx.xxx at home confuses the poor router if I VPN from a hotel's network and its a private network as well and it has to translate between the two same ranges over VPN tunnel.
are you sure someone hacked in to screw with your tank? not to be a dink but that would be the last thing a hacker would want to be messing around in... i would see statements/passwords/account info/video files and the like.. might want to setup a router with mac address filtering, possibly peer guardian is pretty good and free..
