Sorry, here is the URL: http://www.securityweek.com/flaw-allows-hackers-find-ubiquiti-devices-exposed-web <http://www.securityweek.com/flaw-allows-hackers-find-ubiquiti-devices-exposed-web>
Sincerely, Joshaven Potter Google Hangouts: j...@g2wireless.co Cell & SMS: 1-517-607-9370 supp...@joshaven.com > On May 6, 2016, at 11:46 AM, That One Guy /sarcasm > <thatoneguyst...@gmail.com> wrote: > > whats the remote management thats enabled by default? or just the web > management? > > On Fri, May 6, 2016 at 10:41 AM, Joshaven Mailing Lists <lis...@joshaven.com > <mailto:lis...@joshaven.com>> wrote: > FYI… This is why you keep your firmware updated... :) > > <Flaw_Allows_Hackers_to_Find_Ubiquiti_Devices_Exposed_to_Web___SecurityWeek_Com.jpg> > > Sincerely, > Joshaven Potter > Google Hangouts: j...@g2wireless.co <mailto:j...@g2wireless.co> > Cell & SMS: 1-517-607-9370 <tel:1-517-607-9370> > supp...@joshaven.com <mailto:supp...@joshaven.com> > > >> On May 4, 2016, at 6:33 PM, Tushar Patel <tpa...@ecpi.com >> <mailto:tpa...@ecpi.com>> wrote: >> >> Radios could be put on private ip so nobody from outside world can access >> it. That is what we do. >> >> Tushar >> >> >> On May 4, 2016, at 5:22 PM, SmarterBroadband <li...@smarterbroadband.com >> <mailto:li...@smarterbroadband.com>> wrote: >> >>> I have received a number of emails for ab...@light-gap.net >>> <mailto:ab...@light-gap.net> saying certain of our IP address are being >>> used for attacks (see email text below). >>> >>> All IP addresses are in UBNT radios. We are unable to remote access any of >>> the these radios now. We see that the radio we are unable to access >>> rebooted a couple of days ago. A number of other radios show they rebooted >>> around the same time (in sequence) on the AP. We are unable to remote >>> access any of those either. Other radios with longer uptime on the AP’s are >>> fine. >>> >>> We have a tech on route to one of the customer sites. >>> >>> We think the radios are being made into bots. Anyone seen this or anything >>> like this? Do the hackers need a username and password to hack a radio? >>> I.E. Would a change of the password stop the changes being made to the >>> radios? Any other thoughts, suggestions or ideas? >>> >>> Thanks >>> >>> Adam >>> >>> Email Text below: >>> >>> “This is a semi-automated e-mail from the LG-Mailproxy authentication >>> system, all requests have been approved manually by the >>> system-administrators or are obviously unwanted (eg. requests to our >>> spamtraps). >>> For further questions or if additional information is needed please reply >>> to this email. >>> >>> The IP xxx.xxx.xxx.xxx has been banned for 48 hours due to suspicious >>> behaviour on our system. >>> This happened already 1 times. >>> It might be be part of a botnet, infected by a trojan/virus or running >>> brute-force attacks. >>> >>> Our affected destination servers: smtp.light-gap.net >>> <http://smtp.light-gap.net/>, imap.light-gap.net >>> <http://imap.light-gap.net/> >>> >>> Currently 7 failed/unauthorized logins attempts via SMTP/IMAP with 6 >>> different usernames and wrong password: >>> 2016-05-04T23:48:40+02:00 with username "downloads.openscience.or.at >>> <http://downloads.openscience.or.at/>" (spamtrap account) >>> 2016-05-04T22:47:19+02:00 with username "sp_woq" (spamtrap account) >>> 2016-05-04T14:55:11+02:00 with username "info" (spamtrap account) >>> 2016-05-03T21:24:22+02:00 with username "fips" (spamtrap account) >>> 2016-05-03T20:57:19+02:00 with username "downloads.openscience.or.at >>> <http://downloads.openscience.or.at/>" (spamtrap account) >>> 2016-05-03T10:13:59+02:00 with username "d10hw49WpH" (spamtrap account) >>> 2016-05-03T05:34:43+02:00 with username "12345678" (spamtrap account) >>> Ongoing failed/unauthorized logins attempts will be logged and sent to you >>> every 24h until the IP will be permanently banned from our systems after 72 >>> hours. >>> >>> The Light-Gap.net <http://light-gap.net/> Abuse Team.” > > > > > -- > If you only see yourself as part of the team but you don't see your team as > part of yourself you have already failed as part of the team.
