Jump to content

Welcome to Smart Home Forum by FIBARO

Dear Guest,

 

as you can notice parts of Smart Home Forum by FIBARO is not available for you. You have to register in order to view all content and post in our community. Don't worry! Registration is a simple free process that requires minimal information for you to sign up. Become a part of of Smart Home Forum by FIBARO by creating an account.

 

As a member you can:

  •     Start new topics and reply to others
  •     Follow topics and users to get email updates
  •     Get your own profile page and make new friends
  •     Send personal messages
  •     ... and learn a lot about our system!

 

Regards,

Smart Home Forum by FIBARO Team


  • 0

Suspicious login attempts


Question

Posted

After upgrade to 4.520 I have received four email with suspicious login attempts from ip 34.244.43.224 and says that login is blocked for 30 minutes. I have HCL and in the email appear a logo from HC2.

anyone receiving this email?

Recommended Posts

  • 0
Posted

Yes with IFTTT calls...

  • 0
Posted

Hi

I am also receiving such e-mails around once a month but the IP address is different and I don't know what it is ?! Is someone really wants to hack into my HC2 ?!?

  • 0
Posted (edited)

Hi ! I have the same but it's not due to 4.520, unfortunately I have this issue since several weeks and it's alway coming from an IP based in Ireland on amazon servers.I've check last one and localisation/servers have changed...

In the french forum several peoples have raised the same issue, we have compared the IP and it's still the same. 

I would like to had that some people highlighting the problem doesn't have any alexa devices, no open ports ... so that one could be exclude.

I spent to much time before advising and yo've been faster then I, so thank @NunoMartins ! 

@I.Srodka does it make sens for your to escalate this issue ? thank you for your help  ! 

For info I've checked my mailbox (didn't check my spams yet) and I can find exactly 46 tentatives starting in 

Please login or register to see this spoiler.

 

Edited by Tony270570
  • 0
Posted

Hi!

 

Could you (and everyone involved) provide details about your plugins and virtual devices?

 

It would help us investigate it further.

 

  • 0
Posted

Yep I've been getting them often too now.

 

The IPs that have tried mine are:

 

52.214.70.130

34.241.63.69

34.241.63.69 again

 

Any ideas?

  • 0
Posted (edited)

Exactly the same:

52.214.70.130
34.241.63.69 (three times)

Edited by Alex
  • 0
Posted (edited)

Me too.

 

I Think it started after I merged google assistant with fibaro.

I get a mail every 30 minutes...

 

 

Please login or register to see this attachment.

Edited by Baloba
  • 0
Posted

hi 

I've got :

- ifttt, google home and alexa  accounts

-pluggins : the default ones , yr weather (default ?) + Hue, netatmo , fibaro intercom that's it.

Thank you very much for your help !

 

3 minutes ago, Baloba said:

I Think it started after I merged google assistant with fibaro.

 Hi, I was thinking the same, but some people I talked with in the french forum don't have any google or alexa devices. but you're right,  it must remains an axe of investigation.

  • 0
Posted

He,

 

Yes, also the same here after the integration of google home.

IP; 34.241.63.69

  • 0
Guest Turmoil
Posted

Me too! IP 34.241.63.69. I have HC2 (just installed 4.520) with Google Home and IFTTT integration.

 

Is this an exposure in "Fibaro Id" processing or is Google and/or IFTTT mixing up users (would not be the first time)?

  • 0
Posted

Two times today and one yesterday from 34.241.63.69, and several times from 52.214.70.130 some time ago. Otherwise a mail approx once a month or so before yesterday. 

It's possible it started when I connected Google Home with Fibaro...

Only standard plugins, Yr weather.

 

Is that coming from Fibaros remote login solution? I cannot login into the web GUI remotely now... So it would mean that the system is actually blocking the same IP as remote connection is coming from. 

  • 0
Posted

Dear Fibaro Support,

 

I have had numerous of the suspicious login attempts during the last few weeks from:

 

52.214.70.130
34.241.63.69

 

They both track back to AWS EC2 instances in Ireland.

 

My HC2 is running 4.510

 

Plugins:

DSC Alarm

Envisalink Alarm

HEOS Denon

HIKvision Ds2cd21

Modular Alarm

Samsung TV

Satel Alarm

YrWeather

 

Virtual devices:

VoiceAlertF9E8

MS checker v2

 

It would be helpful if Fibaro Support could provide some advice re these suspicious login attempts.

 

Thanks

  • 0
Posted

I have the same issue...using, Google home and IFTTT

 

Suspicious Login Attempts Prevented

We noticed 5 failed login attempts to your HC2-048748 that seemed suspicious. 
For your security, the following IP address: 34.241.63.69 has been locked for 30 minutes.

  • 0
Posted

I have disabled IFTTT now and check if I get any more mails.

Idon't think that it is because of Google (Google won't use any AWS server I guess ;) , but I might be wrong).

  • 0
  • Inquirer
  • Posted

    I use ifttt and yahoo weather plugin.

    ifttt is configured since 4.170.

    yahoo weather since 4.520 because the default plugin not works!

    • 0
    Posted

    I also have Security Alert messages with the topic "Suspicious Login Attempts Prevented".

    I use following extension (HC2 v4.510): 

    - ifttt, google home and alexa  accounts

    -pluggins : the default ones , netatmo, sonos, sony TV

     

    The first attemt was 20/11/2018 (11:00) from IP address: 52.214.70.130,

    after were:

    23/11/2018 (22:42) from IP address: 52.214.70.130

    - 29/11/2018  three times (12:50, 13:27, 14:05) from IP address: 34.241.63.69

    30/11/2018 two times (13:28, 14:05) from IP address: 34.255.120.42

     

    21/11/2018 I updated SW to version 4.5.10, all external accounts was connected earlier.

    As to date 23/11 not sure, maybe it was my attempts to rescan devices/scenes from google home or alexa app, but for 29 and 30 no ideas, during the day I didn't do any personal actions with HC2.

    • 0
    Posted

    After disabling all IFTTT s I did not get any more mails so far.

    (Also the IFTTT haven't been used while I got the mails)

    • 0
    Guest Turmoil
    Posted

    I backed-up then deleted my IFTTT account 5 days ago (only some tests at this stage). Since then the daily security alerts have stopped.

    • 0
    Posted (edited)

    I also had error messages from different addresses.

    But what is more worrying is that the local address' 192.168.0.xxx) of my PC generated the same message. But also in the same time my ip adresse from my internet router.

    Since I can not access my HC2 for 30 minutes. I hope it will work after 30 minutes.

    It is imperative that you find the origin of this problem. It becomes very disturbing.

    Edited by MAM78
    • 0
    Posted

    It's a disaster, I can not access my HC2 anymore. Each time he tells me that my login and password are wrong and that I have more than 4 attempts before blocking for 30 Min.

    Same if I access from Fibaro ID. I also tried to connect by my sharing the connection from my cellphone so as not to go through my internet router. But it's the same.

    But my HC2 continues to work. I have not dared for the moment to restart it.

    You would not have an idea of what's going on?

    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.

    Guest
    Answer this question...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×
    ×
    • Create New...