#Hi all, not sure if you can help. we are

See https://www.home-assistant.io/docs/locked_out/

I think its also useful to see this as urgent as he now has a backdoor into your network

You'll also want then to check how they're remotely accessing this - the Nabu Casa Cloud service or a port forward

You can (and must) disconnect the cloud service if it's set up

You also should audit all port forwards

Thank you, the system is being remotely accessed via duckdns. we are currently logged into this but I'm unsure if we can change the password and email.

Thank you, the system is being remotely accessed via duckdns. we are currently logged into this but I'm unsure if we can change the password and email.

Just remove the port forward

It will be that simple

Then once you've got access using the link above you can disable the DuckDNS add-on

1. Remove port forward
2. Reset all passwords
3. Remove ssl_ lines from the http: section of configuration.yaml
4. Restart HA - all access will now be local and with http:
5. Remove the DuckDNS add-on

Next step would be to consult for guidance on sorting out your security and incident procedurers 😛

That's what I thought, my only concern is that if we stop port fowarding we will drop control too. He is the administrator and is not willing to give us a new password via Home Assistant.

Dude

Seriously

You've got somebody malicious on the network

Close the fucking door

Stop inviting them in

Follow the numbered steps above

Yep, I totally agree. This was not of my doing but I have been tasked with sorting it out

Then listen to us

I have no idea why they let this happen

Or don't and argue the point, but you'll be on your own

No I'm listening and I really appreciate your help

Then follow the steps above

Then audit the install to ensure they've not left you any surprises

Thank you for the guide, I'll let you know how I get on.

But step #1 right the fuck now is to remove the port forward

I have a feeling there will be surpirses. I'm gettin gon it now

I owe you one

Good luck, and do use this as an opportunity to push for some cyber security

Thank you, I'm new to this so I really appreciate the help.

Ah, the bosses have thrown you to the wolves...

Yes they have, but I'm willing to learn

The guy was an old school IT guy, so I'm positive that there will be a ton of stuff to sort out

I'm heading into the office shortly, I'm hopping that the router passwords haven't been changed.. I might just have to shut the lot down which the bosses will not be happy about

"Damage control"

At times like this you have to take the least bad option - and letting somebody malicious have full control is very bad

You can only begin mopping when you closed the valve

Also... I wonder what data they took out the door...

mopping when the floor is still being flooded isn't really practical

You've met my wife I see...

HAHAHA

Admittedly she was half asleep at the time, but she'll still never live that one down

I've seen cleaners at the office mopping carpet