Results 1 to 15 of 15

Thread: Apex hacked!

  1. #1
    New User
    Join Date
    Jun 2016
    Location
    columbus, oh
    Posts
    4

    Apex hacked!

    Came home to a 85 degree tank and dead fish. When I logged into fusion I was shocked to see all of my programming was changed...outles were renamed and their status were all changed to on. My outlets were renamed very vulgar names like HITLER_RULES, JEW_CAMP and FAGGOT.

    Who would do such a thing? Was anyone else out there hacked, and what can we do about it? It has happened 3 times in 18 hours each getting worse

  2. #2
    Master Control Freak RussM's Avatar
    Join Date
    Dec 2012
    Location
    California - US Pacific
    Posts
    22,464
    Do you have port forwarding to the Apex configured in your router? If you do, change the public port used ASAP. Did you change the Apex default password to something complex? Even if you did, change the password and reboot the APEX immediately. Use a password which has at least 8 characters, both upper and lower case, as well as numbers.
    Please do not send me PMs with technical questions or requesting assistance - use the forums for Apex help. PM me ONLY if the matter is of a private or personal nature. Thanks.

  3. #3
    Frequent Visitor
    Join Date
    Nov 2015
    Location
    Duluth, GA
    Posts
    163
    I wonder if they got in through the classic web page or from Fusion?

    If it was from the classic web then the kid hacked into your network, this could be online or via wifi. (Most likely)
    If it was Fusion then a profile, like a Google account, was most likely compromised. (I don't see this as likely because they would've gone fore something more important than your Apex)

    This really sounds like a punk kid neighbor of yours that got in via wifi and this was the only thing he could get into on your network.

    Either way you should button down you're security ASAP. Start by making sure your home network is secured. Do not do anything until you've shut down your wifi network and are connected via a wired port to the router. You can also scan though the router to see if a device has connected that doesn't look familiar. Then through a secure connection change all of your passwords. Router, wifi, systems, Apex, and online accounts (especially banking and Apple and/or Google accounts. I would also scan for viruses & malware on all systems connected to that network.

  4. #4
    Frequent Contributor iamchadster's Avatar
    Join Date
    Aug 2013
    Location
    Wilsonville, Oregon
    Posts
    2,639
    Unthinkable, I am really sorry to hear that happened to you.
    Chad

  5. #5
    Frequent Contributor
    Join Date
    Jan 2013
    Location
    Gilroy, CA
    Posts
    1,043
    I believe we worked with the OP today and from what I heard his Apex was available to the outside world with no firewall and a sick and malicious individual gained access to his Apex directly. Someone on my staff has more details and will follow up here with more details and a few best practices for all of you out there.

  6. #6
    Director, Customer Experience Paul's Avatar
    Join Date
    Jan 2013
    Location
    Neptune Systems
    Posts
    224

    Apex hacked!

    I wanted to update everyone what happened with this Apex as Neptune Systems takes the utmost care in your security. So when this thread came up yesterday we immediately contacted the customer to see what was going in.

    The issue here, as Terence mentioned, was that this Apex was placed directly on the Internet without a router's firewall protecting it. The customer network was setup in such away that he had a router/modem combo from his ISP connected to his home router. This is a situation in which is called double NAT- basically there was a firewall from his ISP then a firewall with his router. His Apex was connected to the router/modem and during some recent work the ISP removed the firewall on their provided gateway so his home router would be the only router. This was to help some recent Internet connection issue the customer had been experiencing.

    Once that firewall was removed the Apex was directly accessible on the Internet on the standard port 80. If you are not aware, in any given minute there are many, many "pings" on your home's public IP address. Typically this is something like a "knock, knock," but your home router's firewall basically says, "the door is locked and move along." When something (the Apex in this case) responds back with "hello," well that causes the "hacker" to investigate. Because the customer was not aware that his Apex was accessible on the Internet he had never changed his local web interfaces user name and password from the typical "admin" and "1234." And at the point the "hacker" had his way with the system changing the configuration and programming to essentially toast the tank. Fortunately, the customer was readily aware of when this was happening and the loss of livestock has not been a total loss.

    With this being said, I would like to stress a couple things:

    - Apex Fusion allows a safe and secure way to access your Apex system without the concerns of your Apex being accessible on the Internet
    - In the Apex (2016), there are no added features in the local interface versus the Apex Fusion interface- they are one and the same. Therefore, there isn't much need to make the 2016 model accessible outside your home network.
    - If you opt to make you Apex's local interface accessible outside your home network, then
    • Do NOT make it available on port 80. Change the HTTP port to a random four digit number.
    • Change the user name and password of the system. Please note after changing the user name and password you must restart the Apex system for that to take effect. Also note, that your Apex system password is not your Apex Fusion login credentials. They are two separate and unrelated pieces of information.


    If anyone has any questions/concerns about the security of their system, then please do not hesitate to contact our support team.


    Paul

  7. #7
    Regular Vistor
    Join Date
    May 2016
    Location
    US, Pacific
    Posts
    25
    It's upsetting for something like this to happen to anyone. Hope you recover from this incident. This also serves as a wake up call for us all to be careful about setting up any online device.

    Sent from my SM-G935V using Tapatalk

  8. #8
    Frequent Visitor
    Join Date
    Jul 2016
    Location
    minneapolis
    Posts
    71
    Is there a place where it says step by step how to change the password on both the apex 2016 and the older controller?
    Is there a place where it shows how to tell if the 'apex is accessible outside your home network'?
    Is there a place where we can check what port is being used (if any)? Is there a place that explains where to change the port (to not make it available on port 80). IE to make sure the system is secure where are the instructions to do what you suggest above?

  9. #9
    Master Control Freak RussM's Avatar
    Join Date
    Dec 2012
    Location
    California - US Pacific
    Posts
    22,464
    Quote Originally Posted by mnmnmn View Post
    AND PS - I found where to change the password - and changed it - but now can't log in.
    Reboot for the login change to take effect.
    Please do not send me PMs with technical questions or requesting assistance - use the forums for Apex help. PM me ONLY if the matter is of a private or personal nature. Thanks.

  10. #10
    Master Control Freak RussM's Avatar
    Join Date
    Dec 2012
    Location
    California - US Pacific
    Posts
    22,464
    The Apex cannot tell you if there is external access configured.

    External access will only be available if deliberately configured in your router, and you will know if you've done that. The public http port used is set in the router, not the Apex.
    Please do not send me PMs with technical questions or requesting assistance - use the forums for Apex help. PM me ONLY if the matter is of a private or personal nature. Thanks.

  11. #11
    Frequent Visitor
    Join Date
    Jul 2016
    Location
    minneapolis
    Posts
    71
    OK - the instructions from Paul weren't clear - there is a place to change the port using the apex application so i didnt know if that was where he meant. It is worrisome because the way the problem above was described suggested that the user didnt do anything to the router but that there was a change at the ISP. So just wanted to be sure that somehow this couldn't happen here. Thanks again will try the reset thing with the password

  12. #12
    Master Control Freak RussM's Avatar
    Join Date
    Dec 2012
    Location
    California - US Pacific
    Posts
    22,464
    If you do not have port forwarding to the Apex set up in your router, you are OK. The circumstances that allowed the OPs Apex to be directly exposed to the Internet are actually quite unusual.
    Please do not send me PMs with technical questions or requesting assistance - use the forums for Apex help. PM me ONLY if the matter is of a private or personal nature. Thanks.

  13. #13
    Frequent Visitor
    Join Date
    Jul 2016
    Location
    minneapolis
    Posts
    71
    Thanks - rebooted the unit. Still can't log in via the x.x.x.x or using the xxxxx.local since trying to change the un/password from the admin1234 to another. says password is invalid. I suppose that i could have typed the password incorrectly when i changed it (there is not a placebo double type the password to confirm it). Do I have to reset and reprogram the whole thing?

  14. #14
    New User
    Join Date
    Jun 2016
    Location
    columbus, oh
    Posts
    4
    Turns out it was the firewall on my router had been left down by the cable provider. Over the course of 4 days my outlet profiles were manipulated to the ON position and renamed very vulgar Names 5 different times. My username was even changed to "Your hacked". The lesson learned is make sure your properly protected with a firewall and solid password!!!

    Neptune was very quick to dial into my system and help me restore my profiles. Unfortunately, I lost 36 fish and some corals.

  15. #15
    New User
    Join Date
    Mar 2020
    Location
    Auburn, WA
    Posts
    2
    Quote Originally Posted by Holowicki View Post
    Turns out it was the firewall on my router had been left down by the cable provider. Over the course of 4 days my outlet profiles were manipulated to the ON position and renamed very vulgar Names 5 different times. My username was even changed to "Your hacked". The lesson learned is make sure your properly protected with a firewall and solid password!!!

    Neptune was very quick to dial into my system and help me restore my profiles. Unfortunately, I lost 36 fish and some corals.
    I know this is an really old thread, but am reassured with my decision to have purchased my Apex based on Neptune’s response. My unit is connected to a router via Ethernet and I remember creating passwords for everything, so I think I’m good. I’m not an IT tech savvy person, but now feel like I should learn more because I barely understand what happened. ( I sorta do ) but.... feel like I need to bone up on network knowledge and such. Very reassuring to see the response to this by members and Neptune.

Similar Threads

  1. Help! Hacked Neptune systems?
    By Lizard333 in forum Misc Apex Usage & Programming
    Replies: 10
    Last Post: 06-29-2018, 16:28
  2. Help! Fusion Media Hacked?
    By SanClementeEric in forum Camera & Media Integration with APEX Fusion, APEX Local, & Classic Dashboards
    Replies: 2
    Last Post: 07-09-2016, 10:12

Tags for this Thread

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •