diy solar

diy solar

No issue. Hacked account. 20k phantom load and lost all settings and lost AC Couple on 18kpv

@millsan1 A while back, I thought my account had been hacked too, but it turns out I was trying to record a video.. I played it back, and realized I had done it myself. I suspect the likelyhood of someone hacking your account to mess with you, is pretty low. Occams razor would sugest that.. like my scenario, you likely did it without realizing it.
 
@millsan1 A while back, I thought my account had been hacked too, but it turns out I was trying to record a video.. I played it back, and realized I had done it myself. I suspect the likelyhood of someone hacking your account to mess with you, is pretty low. Occams razor would sugest that.. like my scenario, you likely did it without realizing it.
Yeah, I just checked my cameras. I was driving back from lunch when it happened. Maybe a pocket dial thing? Anything is possible. But me, going in and setting all settings to default is not something I would have done purposely.
 
Sorry, didn't catch that the name matched. Guess the way you said this is the user, my brain assumed it was different.
my best bet its either the account is compromised or the user reset to default accidently, because looking at the logs there's to many setting changed by a single user name which is the owner account. any settings that changed is being recorded except if the setting is done on the inverter screen.
 

Attachments

  • eg42.png
    eg42.png
    163.4 KB · Views: 34
my best bet its either the account is compromised or the user reset to default accidently, because looking at the logs there's to many setting changed by a single user name which is the owner account. any settings that changed is being recorded except if the setting is done on the inverter screen.
Yeah, that is me fixing the problem.
 
my best bet its either the account is compromised or the user reset to default accidently, because looking at the logs there's to many setting changed by a single user name which is the owner account. any settings that changed is being recorded except if the setting is done on the inverter screen.
Are you sure you should be posting details from people's logs like this? I would not be happy if you did that to me that's for sure.
 
Another easy way the system can be breached is through local connect. But I recognize someone would have to be close to the unit.
 
1000000916-png.216390
you posted your serial number here. and its useless to anyone unless you have a super admin account with luxpower or EG4.
 
There are freely available lists IPs with the device type on the net, just a result of NMAP scans with fingerprinting turned on. My neighbor had their baby camera hacked until they switched it to an internal only wifi SSID.

I run 3 SSID on my wifi - The one we use in the house, the one I give to visitors when they want to use wifi, and the one of IoT devices. I have the internet of things devices segmented out so they can't see or access my lan devices.
 
So Gilbert is pointing a finger at "user error" Quite possible but a chat with the OP would have been nice to see if he was ok with his data being posted and being "ratted out". We have all made mistakes in the past.

BTW my new wireless router has guest and IoT networks, very nice.
 
I think the key would be the access log verse when the user was able to log in and change things. If the changes were made when he was fiddling then I vote user error..... if it was while he was on planes, trains, or away from home that is far less likely
 
If the system logs IPs obviously that could be confirmed with the OP via PM.

But again this is a common thing with password reuse (not saying that happened as I have no clue about millsan1s "opsec").
 
besides my serial number and station name?
Serial number not a privacy concern to anything or any device other than how inner systems operate and what employees have access to from there.
E.g. certain ISP employees can identify you via device serials
similar with the IMEI / IMSI numbers of a phone. Anyone with those numbers can uniquely track your device globally but they need access to the systems in the first place.. And that type of access they could be doing that tracking already regardless.

Anyway if these were unique keys they'd be random generated strings, not anything close sequential numbers like serials are.
*cough except for social security lmao


If the system logs IPs obviously that could be confirmed with the OP via PM.

But again this is a common thing with password reuse (not saying that happened as I have no clue about millsan1s "opsec").
he already has app / web access on that list so he's using multiple devices to reset his settings. Assuming it's all under the same IP it'd be easier
but yea I agree, a list of all sessions and their IPs is easiest method to see what is logged in. Sessions list being far superior.
Google, netflix, facebook and some other places usually make that available and let you see whom currently has an unexpired session key and can login.

In order to access accounts in many online systems you don't need username or password at all, you just need a valid key. This is why browser addons are dangerous as they can just steal that. Hence the heavy crack down on them last several years.
 
Lastpass is my friend - a bazzilion passwords - not one the same and none less than 12 characters unless the stupid webste won't allow complex and longer.
 
Serial number not a privacy concern to anything or any device other than how inner systems operate and what employees have access to from there.
E.g. certain ISP employees can identify you via device serials
similar with the IMEI / IMSI numbers of a phone. Anyone with those numbers can uniquely track your device globally but they need access to the systems in the first place.. And that type of access they could be doing that tracking already regardless.

Anyway if these were unique keys they'd be random generated strings, not anything close sequential numbers like serials are.
*cough except for social security lmao



he already has app / web access on that list so he's using multiple devices to reset his settings. Assuming it's all under the same IP it'd be easier
but yea I agree, a list of all sessions and their IPs is easiest method to see what is logged in. Sessions list being far superior.
Google, netflix, facebook and some other places usually make that available and let you see whom currently has an unexpired session key and can login.

In order to access accounts in many online systems you don't need username or password at all, you just need a valid key. This is why browser addons are dangerous as they can just steal that. Hence the heavy crack down on them last several years.

Yeah but those session attacks need "physical" (obviously could happen without being physically there) access and in this case it's simply trying to track down whodunnit and an IP would generally be sufficient as most attacks aren't going to originate from legit sources but mostly from datacenter blocks that are known to not care who runs what (I love those, they are my most favorite thing in the world when one of our users does the bad thing).
 
Yeah but those session attacks need "physical" (obviously could happen without being physically there) access and in this case it's simply trying to track down whodunnit and an IP would generally be sufficient as most attacks aren't going to originate from legit sources but mostly from datacenter blocks that are known to not care who runs what (I love those, they are my most favorite thing in the world when one of our users does the bad thing).
What do you mean by physical?
Any compromise to a computer/phone can take the session key from it and login on their own device
It's the most common "hack" method today.
The only other one is of course social engineering.. just asking for the info, most people give it out lmao

Lastpass is my friend - a bazzilion passwords - not one the same and none less than 12 characters unless the stupid webste won't allow complex and longer.
yep password managers are good, I definitely wouldn't trust an online one though
but regardless, when these big sites get compromised, it's nice to not have to change 500 passwords because they all were the same.
It's more likely a bank or website leaks your pass today and hackers try that password on all your other accounts, than it is they "guess" it
"stupid website that won't allow complex and longer"
*cries for the bad banks on 50 year old systems*
 
Serial number not a privacy concern to anything or any device other than how inner systems operate and what employees have access to from there.
E.g. certain ISP employees can identify you via device serials
similar with the IMEI / IMSI numbers of a phone. Anyone with those numbers can uniquely track your device globally but they need access to the systems in the first place.. And that type of access they could be doing that tracking already regardless.

Anyway if these were unique keys they'd be random generated strings, not anything close sequential numbers like serials are.
*cough except for social security lmao



he already has app / web access on that list so he's using multiple devices to reset his settings. Assuming it's all under the same IP it'd be easier
but yea I agree, a list of all sessions and their IPs is easiest method to see what is logged in. Sessions list being far superior.
Google, netflix, facebook and some other places usually make that available and let you see whom currently has an unexpired session key and can login.

In order to access accounts in many online systems you don't need username or password at all, you just need a valid key. This is why browser addons are dangerous as they can just steal that. Hence the heavy crack down on them last several years.


Ideally these devices would require a button push when setting up devices so only someone with physical access and the original password could add things. Then store a 4096 or similar key for future use.

Then the only way they get accessed is if someone physically has access of your device is hacked.

And if they supported MFA
 
Back
Top