is the public internet web access to apex controller secure ?

J

j-123

Premium Member
hi , just setup my apex controller last week.

i have local private network access to web interface to apex controller now.

i would like to have public internet access to the controller when out of town.

question ??

anyone been hacked from the outside thru the public web interface ?
(settings got change on controller with no explanation)

or

having outside web access seems to make controller less stable somehow?


like everyone here i am sure ,,, looking for rock solid controller setup ,, with least chance for issues which may harm the aquarium.


so is hacking from outside a non issue ?

thanks for any feed back, Joe
 
when you accessing from outside, you still have to enter username and password to login. If these info got stolen, i am not sure how to prevent someone from logging in.
 
Its secure, mainly because no one cares. Its not like people are going to target your fish tank. Just use a secure password, upper case, lower case, numbers and letters at least 8 characters and you will be fine. You can also run it on an alternate port, instead of the default 80. http://myapex.domain.com:8087
 
ok so sounds like this is not an issue ,,, no one is posting any problems related to having public internet access .

no other thoughts ,,, thanks Joe
 
Technically, it is not secure since the user name and password are sent in clear text. Anyone intercepting the login packet(s) will have your credentials. Now we can argue the possibility of that happening and the value to the hacker to attempt to get in... In any event, I have never heard of anyone getting hacked. You still should use a strong password and user name as suggested by r0ck0
 
One thing you should be aware of is Neptune has chased some problems with the controller rebooting that they suspect is being caused when a bot finds your controller's IP address and pings it. The way to minimize this is to use a port other than 80 and to have a firewall running, which is good practice anyway. Russ might have some even better suggestions.

There's really nothing to exploit on these units since they're not running Windows but these aren't super robust web servers. Better to be safe than sorry.
 
+1 for using a strong complex password... as well as changing the username. This is why I make it a firm policy that my Reeftronics web site does not accept members whose controllers are still set to the default username & password. Using a non-standard port does have some minor security benefit, but it's not really all that effective. In the trade, that type of defensive mechanism is known as "security by obscurity"; in other words, just hiding something rather than positively preventing access.

There is ALWAYS some degree of risk whenever something is exposed to the Internet. However, I believe that in the case of our controllers, the benefits of having the capability for remote access far outweigh the risks.

There was one report I recall a few years ago where an RC'er was convinced that his AC3 was hacked and wiped clean. The poster didn't have anything to substantiate his claim though.

I too am getting these spontaneous reboots, and I have directly correlated them (at least in my case) with network activity... known and identifiable activity - I'm taking that 'bot theory with the proverbial grain of salt. I've been too busy with a brutal business travel schedule to devote more time to chasing it down further with some packet & traffic analysis, but I hope to do so next week.
 
Another option:

If you have a computer that is on all the time and is in the same network as your Apex controller, you can remote into that computer and control that controller from that computer. You do not need to open up the controller to the whole world.

In my case, I have a Windows computer that is on almost all the time. I enable remote desktop (RDP) on that computer. I used a non-standard RDP port. I also run dyndsn on that computer so I can use a friendly hostname to connect to the computer. When I want to change my Apex controller, I RDP into the computer first. Then I use the remote computer to connect to the controller. Heck, if I was really paranoid (which I am sometimes), I would make my computer VPN into my work VPN, then allow RDP (on my home computer) to only my VPN network, and then allow the controller to only be contacted by computers in my home network. :P

PS - while security from obscurity is weak security, it does help against bots who are specifically search for vulnerability on web ports. If I wanted to hack a particular, I would scan all 65K ports. However, I doubt someone is targeting our controller. In that case, they will just scan the common ports (80 for web). Changing your web port will be beneficial in this case.
 
Reefugee said:
If you have a computer that is on all the time and is in the same network as your Apex controller, you can remote into that computer and control that controller from that computer. You do not need to open up the controller to the whole world.
Click to expand...
You are quite correct, however that precludes the use of smartphone apps and such, which is one of the primary reasons why people want external access.
 
You must log in or register to reply here.

Similar threads

A
Aquarium Temperature Control: How I Hacked My Air Conditioner to control my tanks temperatures
Replies
6
Views
2K
Naso180
N
Reef Kinetics
ReefBot Lab: The Newest All-In-One Automated Water Tester from Reef Kinetics!
Replies
1
Views
2K
Reef Kinetics
Reef Kinetics
M
ESP32 - AQma WiFi LED Control - 8 x LED Channels, 3 x SSR. FOR FREE!
Replies
2
Views
2K
danielch2008
D
T
GHL Profilux 4 ... don't do it
Replies
5
Views
3K
quan325i
Q
S
Update and internet access for old Apex
Replies
7
Views
1K
kurt_n
K
Back
Top