Results 1 to 21 of 21

Thread: How Safe is Neptune Apex Fusion from hackers ?

  1. #1
    Regular Vistor
    Join Date
    Jul 2015
    Location
    UK
    Posts
    26

    How Safe is Neptune Apex Fusion from hackers ?

    With all the services like google, dropbox etc offering 2 factor authentication or dual authentication

    How safe is Neptune Apex fusion from being hacked or accounts compromised

    I'm slowly going completely down the apex route and have seen some stories of people being hacked and their tanks destroyed due to either bad setup's at home on their routers or their PC's have malware installed and it harvests passwords etc.

    I feel these days a password is just not safe enough!

    admittedly most of these had port forwarding on their routers and didnt change the default user/pass.

    My main concern is whatever is hosting Fusion gets compramised (just like sony did back in 2015/16) and hackers can destroy our tanks.

    Is there anyway to add an addtional level of security? like 2 factor auth? or send a email everytime you login or attempted login's locks account or something??????


  2. #2
    New User
    Join Date
    Dec 2013
    Location
    United States
    Posts
    1
    I have always wondered this myself. Is Fusion white hat hacked by a 3rd party with actual hackers (not just automated bots)?

    Fusion appears to be hosted by Cloudflare.

  3. #3
    Master Control Freak RussM's Avatar
    Join Date
    Dec 2012
    Location
    California - US Pacific
    Posts
    14,734
    Quote Originally Posted by kevitra View Post
    Fusion appears to be hosted by Cloudflare.
    Cloudflare is not a web hosting provider. It front-ends web sites hosted elsewhere, providing DNS services and performance & security enhancements for those sites.
    I'm not a Neptune support rep. Please do not send me PMs with technical questions or requesting assistance - use the forums for Apex help. PM me ONLY if the matter is of a private or personal nature. Thanks.

  4. #4
    Apex Guru zombie's Avatar
    Join Date
    Dec 2013
    Location
    Denver, CO
    Posts
    5,489
    I doubt neptunes servers are more secure than something like gmail, but it's waaaaay less likely to be hacked. People hack websites to make money. Since fusion doesn't store any personal information or credit cards there is no reason for someone to hack it.

    You might be an engineer if...You have no life and can prove it mathematically.

  5. #5
    Frequent Visitor
    Join Date
    Dec 2014
    Location
    Mojave Desert
    Posts
    87
    I'm more worried about the open telnet port on the apex itself than the fusion webpage.

    It would be nice to have 2FA but most companies that do it use SMS which has been proven to be insecure anyway. (Mostly the companies just want your phone number to sell to telemarketers.)


    Sent from my iPhone using Tapatalk

  6. #6
    Regular Vistor
    Join Date
    Jul 2015
    Location
    UK
    Posts
    26
    Trying not to go off topic here but if I go completely apex and I mean everything and all modules which I'm thinking about doing - I would expect a better safe guard than a single password to login to my account.

    Yes people mainly hack for money but as we have seen doesn't stop kids just getting in and renaming all the inputs and killing a tank - with a potential setup of over £20,000 I really want to have a better login system like 2FA or Authenticator app like Dropbox , gmail , Microsoft all offer and that's just to protect email! It's the only thing in the back of my mind that's stopping me completely automated.

    Even if the password or site isn't cracked or a backdoor found in the fusion hosting code PC's get compromised all the time and passwords harvested I think it's a sensible option to at least give the apex users an additional level if they wish to enable it. It wouldn't be that difficult todo either with all the API's out there namely google Authenticator. Is there an official response from apex here even if it's a no just so I can choose what I'm going todo

  7. #7
    New User
    Join Date
    Mar 2017
    Location
    Planet Earth
    Posts
    11
    I agree. For something designed to safeguard thousands of dollars in livestock and equipment, I would expect better online security. I don't think it is unreasonable to request 2 factor authentication, approved device list, or anything more substantial than the current password only security.

    If we can get notifications when our sump is low or temperature too high, why can't I at least get a notification when my account is accessed from a new location?

  8. #8
    Apex Guru zombie's Avatar
    Join Date
    Dec 2013
    Location
    Denver, CO
    Posts
    5,489
    I think you guys might be overthinking this. There has not been a single reported hacked fusion account since it's inception (at least reported onto the forums) and the one hack I could find was through the classic dashboard and the person who was hacked kept the password as default, and had an open port 80 with no firewall in his router.

    I personally would hate to have 2 step verification or location based blocking because when I want to check my tank I don't want to wait and I don't want anything that might hamper my access if the tank has an emergency.

    You might be an engineer if...You have no life and can prove it mathematically.

  9. #9
    Regular Vistor
    Join Date
    Jul 2015
    Location
    UK
    Posts
    26
    Quote Originally Posted by zombie View Post
    I think you guys might be overthinking this. There has not been a single reported hacked fusion account since it's inception (at least reported onto the forums) and the one hack I could find was through the classic dashboard and the person who was hacked kept the password as default, and had an open port 80 with no firewall in his router.

    I personally would hate to have 2 step verification or location based blocking because when I want to check my tank I don't want to wait and I don't want anything that might hamper my access if the tank has an emergency.

    You might be an engineer if...You have no life and can prove it mathematically.
    Zombie

    I disagree but agree with you not wanting it that's why I said make it a choice to enable just like all the other large tech companies do

    I think if the majority was asked do you want extra security the answer would be yes

    Just because it hasn't happened yet doesn't mean it won't also it might have happened and that person was silenced or paid.

    It would be a major flaw if the sole interface had a hole - not saying it does just speculating

    With my large tank I don't want that risk I would want 2FA option and I'm sure so would others

    Blows my mind that this hasn't been raised yet


    Sent from my iPhone using Tapatalk

  10. #10
    Frequent Visitor bigjim's Avatar
    Join Date
    Oct 2014
    Location
    Carpentersville, Il
    Posts
    205
    I'm not worried about some hacking my tank. I'm concerned someone will find a way to use Apex/Fusion to gain access to my network and computers.

  11. #11
    Frequent Visitor
    Join Date
    Dec 2014
    Location
    Mojave Desert
    Posts
    87
    Quote Originally Posted by bigjim View Post
    I'm not worried about some hacking my tank. I'm concerned someone will find a way to use Apex/Fusion to gain access to my network and computers.
    Yep.


    Sent from my iPhone using Tapatalk

  12. #12
    New User
    Join Date
    Apr 2014
    Location
    TAMPA, FL
    Posts
    3
    How large is the Apex Fusion community. I venture to guess not significant enough for hackers to care about wasting time and effort to go after this user community.


    Sent from my iPhone using Tapatalk

  13. #13
    Regular Vistor
    Join Date
    Jul 2015
    Location
    UK
    Posts
    26
    Quote Originally Posted by abhutta View Post
    How large is the Apex Fusion community. I venture to guess not significant enough for hackers to care about wasting time and effort to go after this user community.


    Sent from my iPhone using Tapatalk
    doesnt matter how big or small the fact the security is weak is a major concern for large tank owners with thousands invested in corals and time growing them

    why can we have an extra security option

  14. #14
    Frequent Visitor Torx's Avatar
    Join Date
    Dec 2013
    Location
    Blenheim, Ontario
    Posts
    393
    My $0.02, if you are that worried about it then don't use it. I mean, it will never be as secure as you want it. Duel authentication log in page? Even banks don't use that. Fusion is very well protected. As said already, hackers will never do it. It is a lot of work to hack a site and they won't do it for a system that holds 0 information. To add additional levels to raise security to NASA levels might entice someone.

    Also to note, this is a forum run by users of Neptune Apex, not Apex themselves. This might be a better suggestion to send the support team an email on it. Possibly could be a suggestion for the web designers

    Sent from my SM-G925W8 using Tapatalk
    Current: 120 Gallon Peninsula DIY system.

  15. #15
    Regular Vistor
    Join Date
    Jul 2015
    Location
    UK
    Posts
    26
    Quote Originally Posted by Torx View Post
    My $0.02, if you are that worried about it then don't use it. I mean, it will never be as secure as you want it. Duel authentication log in page? Even banks don't use that. Fusion is very well protected. As said already, hackers will never do it. It is a lot of work to hack a site and they won't do it for a system that holds 0 information. To add additional levels to raise security to NASA levels might entice someone.

    Also to note, this is a forum run by users of Neptune Apex, not Apex themselves. This might be a better suggestion to send the support team an email on it. Possibly could be a suggestion for the web designers

    Sent from my SM-G925W8 using Tapatalk
    Not sure what country your from but most banks in the UK use dual authentication

    So does gmail, Dropbox , Microsoft , Citrix and Cisco and even smaller IT outfits

    I want to use it and already invested I'm asking for Neptune to post here on their view to at least give the user the option to enable it

    I'm not talking about hacking a site that's hard work I'm talking about a PC being infected and details harvested & used something which we have seen recently and even with NHS meltdown of cryptography




    Sent from my iPhone using Tapatalk

  16. #16
    Frequent Visitor Torx's Avatar
    Join Date
    Dec 2013
    Location
    Blenheim, Ontario
    Posts
    393
    All those sites are a single login and password in North America

    Again though, Neptune doesn't typically patrol this site. If you want them to hear, then email them on your concern/suggestion.

    Sent from my SM-G925W8 using Tapatalk
    Current: 120 Gallon Peninsula DIY system.

  17. #17
    Frequent Visitor bigjim's Avatar
    Join Date
    Oct 2014
    Location
    Carpentersville, Il
    Posts
    205
    My bank is a single login if I log in from my regular pc. If I log in from a new pc I not only need my password but I have to pick the correct image from a page of images then I have to answer a security question. Only if all 3 are correct do I get access to my account. Also an email is sent to my registered email address informing me of a login from a different pc. My investment account has a similar security system and I'm in the US.

    Sent from my SM-G955U using Tapatalk

  18. #18
    Regular Vistor
    Join Date
    Jul 2015
    Location
    UK
    Posts
    26
    if neptune doesnt patrol there own forum then this thread is useless.

  19. #19
    Apex Guru zombie's Avatar
    Join Date
    Dec 2013
    Location
    Denver, CO
    Posts
    5,489
    Quote Originally Posted by tomcoleman View Post
    if neptune doesnt patrol there own forum then this thread is useless.
    They do, but they don't catch the majority of threads (at least not the guys at the tippy top that can make things happen). Best place to get exposure is actually a feature request in the "what I wish was different about apex fusion" thread.

    You might be an engineer if...You have no life and can prove it mathematically.

  20. #20
    New User
    Join Date
    Mar 2017
    Location
    Planet Earth
    Posts
    11
    Quote Originally Posted by Torx View Post
    My $0.02, if you are that worried about it then don't use it. I mean, it will never be as secure as you want it. Duel authentication log in page? Even banks don't use that. Fusion is very well protected. As said already, hackers will never do it. It is a lot of work to hack a site and they won't do it for a system that holds 0 information. To add additional levels to raise security to NASA levels might entice someone.

    Also to note, this is a forum run by users of Neptune Apex, not Apex themselves. This might be a better suggestion to send the support team an email on it. Possibly could be a suggestion for the web designers

    Sent from my SM-G925W8 using Tapatalk
    I think you are misunderstanding what people are asking for. No one is asking to make Fusion a burden to use, only to add the option for increased security. Wouldn't it be nice to know if your account was accessed from a new computer or smartphone? Wouldn't it also be nice to approve which devices your online account could be accessed from? This could all be done in a way that is not very obtrusive to the user, or even optional if you decided not to use it. Some hackers are not out there for money, just to cause grief. Imagine the grief they would cause if they decided to crash someone's tank just for laughs? Right now a compromised password is all it would take, and Fusion would not even need to be hacked.

  21. #21
    Regular Vistor
    Join Date
    Jul 2015
    Location
    UK
    Posts
    26
    Quote Originally Posted by reefspy View Post
    i think you are misunderstanding what people are asking for. No one is asking to make fusion a burden to use, only to add the option for increased security. Wouldn't it be nice to know if your account was accessed from a new computer or smartphone? Wouldn't it also be nice to approve which devices your online account could be accessed from? This could all be done in a way that is not very obtrusive to the user, or even optional if you decided not to use it. Some hackers are not out there for money, just to cause grief. Imagine the grief they would cause if they decided to crash someone's tank just for laughs? Right now a compromised password is all it would take, and fusion would not even need to be hacked.
    nail on the head

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •