rayg Posted November 9, 2020 Posted November 9, 2020 Hello, I would like to know what steps people would take if we found ISY was under attack from external hack either via portal / portal partner or directly from WAN? I am not a frequent user of the Admin module and would not want to pussy foot around the interface in case I needed to disconnect the ISY from the Web. I recall an option to turn off external access but that was before I became a portal users. And even if that checkbox were still there, I wonder if it would stop portal access. Thanks ...Ray
larryllix Posted November 9, 2020 Posted November 9, 2020 If you have a router with no port forwarding enabled, you just need a good virus and spyware scanner to eliminate these Trojan Horse style threats. If you were attacked via the ISY Portal, you would need to contact UDI and let them block the attack through the portal, including changing your passwords.
bmercier Posted November 10, 2020 Posted November 10, 2020 If you need to block access from ISY Portal: 1. Review your ISY Portal account users on the users tab. Remove those not needed, and change the passwords for those users you want to keep. This will block any access through the UI or APIs using "basic auth". 2. If you gave access to an Echo skill, Google Home and/or Polyglot, a change of password is not enough. If you want to block any access, including those you gave access, do this: a) Create a NEW user profile with admin rights b) Login with the new profile c) Delete the old one. Any oAuth access and refresh tokens issued to third party apps using the old profile will no longer work. Benoit 1
Recommended Posts