I’ve used complex passwords, as well as enabled MFA, but this person consistently logs into my account, and after I sign him out he is able to access my account again and add devices inside my network. What’s going on here? Can anyone help me?
After he added the device, he was constantly changing IP addresses to access my NAS, and I had whitelist values enabled on my NAS to allow specific IPs to access it.
I noticed that in the account management interface there are two apps: “Account console” and “central”, can I revoke access of the “CENTRAL” one?
Does zerotier have a login log? How do I know how he logged into my account?
If you’re using MFA, it sounds like they have access to your password manager or the tool you’re using for MFA. I haven’t checked, but Zerotier does support passkeys so if you have a Yubikey, you could lock it down harder with that. But work from the assumption that they have access to your password manager given the behavior you’ve described.
You have a trace of the IP address they were using to open a session. Not very useful as it’s part of the Lumen managed range and they resell to everyone.
I’d be careful about revoking access as it seems like they’re using your account and you’ll be cutting yourself off as well.
Thanks for you advise, I use keepassXC to manage all my passwords as well as TOTP code generation with zerotier and my NAS passwords in it, I don’t think it’s too much like the password manager was compromised otherwise he could have just logged in to my NAS device with the correct password.
Thanks for you advise, I use keepassXC to manage all my passwords as well as TOTP code generation with zerotier and my NAS passwords in it, I don’t think it’s too much like the password manager was compromised otherwise he could have just logged in to my NAS device with the correct password.
