Recovering a hacked ISY994i

[lhranch]

I rarely address my ISY994i directly, as the pushbutton controls and timed programs typically satisfy my day-to-day requirements. Today, I tried to manually open a gate for the first time in perhaps two weeks, and was refused with a "bad authentication" error message. Sure enough, I cannot login to the ISY using the proper name and password from either my phone or my computer. My ISY is exposed to the greater Internet, so it's quite possible someone brute forced the password and then reset it.

I do maintain backups, so no worries there.

I'd like to see if any password resets were logged and when. (Assuming those get logged at all, which I have no way to determine right now.)

1) If I factory reset the ISY, will I lose the log?

2) I can change out the SSD, factory reset it, power it off, and change it back.  If I do this, is my new password stored inside the ISY or on the SSD?

3) I can take out the SSD and try reading it on another device; will I be able to find the log?

4) I can use the monitor port and Putty into it, but can I read the log using serial commands? I can't seem to find a guide to the command repertoire for the monitor port.

Thanks.

Edited March 1, 2021 by lhranch

[Michel Kohanim]

Hi @lhranch,

1. No, factory reset does not clear logs
2. The password is on SSD
3. Yes, under /CONF
4. Yes, but it's going to be very painful since we don't have an editor in ISY. 3 would be easier

 

With kind regards,
Michel

[lhranch]

If the password is on the SSD, is there a serial command that would let me just reset it? That would be much easier than any of the alternatives.

Are the serial commands documented anywhere?

Thanks.

[lhranch]

Never mind. I mounted the SD card, and it was relatively simply to examine the authentication information.

There was no external incursion, just embarrassing user error.

Thank you Michael.

Edited March 1, 2021 by lhranch