I wanted to update everyone what happened with this Apex as Neptune Systems takes the utmost care in your security. So when this thread came up yesterday we immediately contacted the customer to see what was going in.
The issue here, as Terence mentioned, was that this Apex was placed directly on the Internet without a router's firewall protecting it. The customer network was setup in such away that he had a router/modem combo from his ISP connected to his home router. This is a situation in which is called double NAT- basically there was a firewall from his ISP then a firewall with his router. His Apex was connected to the router/modem and during some recent work the ISP removed the firewall on their provided gateway so his home router would be the only router. This was to help some recent Internet connection issue the customer had been experiencing.
Once that firewall was removed the Apex was directly accessible on the Internet on the standard port 80. If you are not aware, in any given minute there are many, many "pings" on your home's public IP address. Typically this is something like a "knock, knock," but your home router's firewall basically says, "the door is locked and move along." When something (the Apex in this case) responds back with "hello," well that causes the "hacker" to investigate. Because the customer was not aware that his Apex was accessible on the Internet he had never changed his local web interfaces user name and password from the typical "admin" and "1234." And at the point the "hacker" had his way with the system changing the configuration and programming to essentially toast the tank. Fortunately, the customer was readily aware of when this was happening and the loss of livestock has not been a total loss.
With this being said, I would like to stress a couple things:
- Apex Fusion allows a safe and secure way to access your Apex system without the concerns of your Apex being accessible on the Internet
- In the Apex (2016), there are no added features in the local interface versus the Apex Fusion interface- they are one and the same. Therefore, there isn't much need to make the 2016 model accessible outside your home network.
- If you opt to make you Apex's local interface accessible outside your home network, then
- Do NOT make it available on port 80. Change the HTTP port to a random four digit number.
- Change the user name and password of the system. Please note after changing the user name and password you must restart the Apex system for that to take effect. Also note, that your Apex system password is not your Apex Fusion login credentials. They are two separate and unrelated pieces of information.
If anyone has any questions/concerns about the security of their system, then please do not hesitate to contact our support team.
Paul
Bookmarks