Tulex
Solar Wizard
Sorry, didn't catch that the name matched. Guess the way you said this is the user, my brain assumed it was different.
No issue. I did it. 20k phantom load and lost all settings and lost AC Couple on 18kpv
- Thread starter millsan1
- Start date
n2aws
Solar Addict
- Joined
- Oct 24, 2022
- Messages
- 690
@millsan1 A while back, I thought my account had been hacked too, but it turns out I was trying to record a video.. I played it back, and realized I had done it myself. I suspect the likelyhood of someone hacking your account to mess with you, is pretty low. Occams razor would sugest that.. like my scenario, you likely did it without realizing it.
Yeah, I just checked my cameras. I was driving back from lunch when it happened. Maybe a pocket dial thing? Anything is possible. But me, going in and setting all settings to default is not something I would have done purposely.
Luxpower_Gilbert
Luxpert @Luxpower USA Team
my best bet its either the account is compromised or the user reset to default accidently, because looking at the logs there's to many setting changed by a single user name which is the owner account. any settings that changed is being recorded except if the setting is done on the inverter screen.
Attachments
Yeah, that is me fixing the problem.
Quattrohead
Solar Wizard
Are you sure you should be posting details from people's logs like this? I would not be happy if you did that to me that's for sure.
Luxpower_Gilbert
Luxpert @Luxpower USA Team
I'm not sure why would be bad it just a history logs of setting, there's no sensitive information in my opinion.
besides my serial number and station name?
Luxpower_Gilbert
Luxpert @Luxpower USA Team
you posted your serial number here. and its useless to anyone unless you have a super admin account with luxpower or EG4.
robbob2112
Doing more research, mosty harmless
There are freely available lists IPs with the device type on the net, just a result of NMAP scans with fingerprinting turned on. My neighbor had their baby camera hacked until they switched it to an internal only wifi SSID.
I run 3 SSID on my wifi - The one we use in the house, the one I give to visitors when they want to use wifi, and the one of IoT devices. I have the internet of things devices segmented out so they can't see or access my lan devices.
I run 3 SSID on my wifi - The one we use in the house, the one I give to visitors when they want to use wifi, and the one of IoT devices. I have the internet of things devices segmented out so they can't see or access my lan devices.
Quattrohead
Solar Wizard
So Gilbert is pointing a finger at "user error" Quite possible but a chat with the OP would have been nice to see if he was ok with his data being posted and being "ratted out". We have all made mistakes in the past.
BTW my new wireless router has guest and IoT networks, very nice.
BTW my new wireless router has guest and IoT networks, very nice.
Bluedog225
Texas
- Joined
- Nov 18, 2019
- Messages
- 3,248
Seems like a lot of work just to mess with you.
robbob2112
Doing more research, mosty harmless
I think the key would be the access log verse when the user was able to log in and change things. If the changes were made when he was fiddling then I vote user error..... if it was while he was on planes, trains, or away from home that is far less likely
Serial number not a privacy concern to anything or any device other than how inner systems operate and what employees have access to from there.
E.g. certain ISP employees can identify you via device serials
similar with the IMEI / IMSI numbers of a phone. Anyone with those numbers can uniquely track your device globally but they need access to the systems in the first place.. And that type of access they could be doing that tracking already regardless.
Anyway if these were unique keys they'd be random generated strings, not anything close sequential numbers like serials are.
*cough except for social security lmao
he already has app / web access on that list so he's using multiple devices to reset his settings. Assuming it's all under the same IP it'd be easier
but yea I agree, a list of all sessions and their IPs is easiest method to see what is logged in. Sessions list being far superior.
Google, netflix, facebook and some other places usually make that available and let you see whom currently has an unexpired session key and can login.
In order to access accounts in many online systems you don't need username or password at all, you just need a valid key. This is why browser addons are dangerous as they can just steal that. Hence the heavy crack down on them last several years.
robbob2112
Doing more research, mosty harmless
Lastpass is my friend - a bazzilion passwords - not one the same and none less than 12 characters unless the stupid webste won't allow complex and longer.
jarred125
New Member
- Joined
- Jul 16, 2021
- Messages
- 125
Yeah but those session attacks need "physical" (obviously could happen without being physically there) access and in this case it's simply trying to track down whodunnit and an IP would generally be sufficient as most attacks aren't going to originate from legit sources but mostly from datacenter blocks that are known to not care who runs what (I love those, they are my most favorite thing in the world when one of our users does the bad thing).
What do you mean by physical?
Any compromise to a computer/phone can take the session key from it and login on their own device
It's the most common "hack" method today.
The only other one is of course social engineering.. just asking for the info, most people give it out lmao
yep password managers are good, I definitely wouldn't trust an online one though
but regardless, when these big sites get compromised, it's nice to not have to change 500 passwords because they all were the same.
It's more likely a bank or website leaks your pass today and hackers try that password on all your other accounts, than it is they "guess" it
"stupid website that won't allow complex and longer"
*cries for the bad banks on 50 year old systems*
robbob2112
Doing more research, mosty harmless
Ideally these devices would require a button push when setting up devices so only someone with physical access and the original password could add things. Then store a 4096 or similar key for future use.
Then the only way they get accessed is if someone physically has access of your device is hacked.
And if they supported MFA
