How to ensure hackers will not access my printer

1derman · April 17, 2021, 3:46pm

What is the problem?

OctoPrint setup wizard did not give me the option to keep access control enabled?

What did you already try to solve it?

Ran setup wizard again but still did not give me the option to keep access control.

Have you tried running in safe mode?

Don't know how safe mode could help?

Did running in safe mode solve the problem?

If running safe mode would help, I would definitely run it.

Complete Logs

octoprint.log, serial.log or output on terminal tab at a minimum, browser error console if UI issue ... no logs, no support! Not log excerpts, complete logs.)

The only logs I know of are tree logs. Let me know how "logs" would help me.

Additional information about your setup

OctoPrint version, OctoPi version, printer, firmware, browser, operating system, ... as much data as possible

After running the octoprint set up wizard, I was not given the option to keep access control to help protect my printer from hackers. Why was I not given the option to choose? I read on the link provided that having a publicly open interface connected to an online printer (status/state is "operational") will expose you to potential harm and to always enable access control. 3D Printers in The Wild, What Can Go Wrong? I noticed that if you click disconnect, then the status/state changes to offline. Will staying offline ensure a secure connection to my printer? How can I feel safe using octoprint without being afraid to use it? I need some peace of mind. Please can anyone help to address my concerns? I would be so grateful.

Ewald_Ikemann · April 17, 2021, 4:09pm

Do you plan to forward the port of the Pi to WWW?

1derman · April 17, 2021, 4:16pm

Hi Ewald, thanks the the prompt reply. What do you mean by forwarding the port? Sorry, I'm new to the lingo.

Ewald_Ikemann · April 17, 2021, 4:28pm

Every device in your local network has it own local IP address.
To communicate with the rest of the word, these devices have their own port addresses.

Some hardware and software is meant to access the WWW - like your PC with the browser.

Other hardware should not access the WWW, and also not be accessible from the WWW. Therefore the router has a firewall. This only allows connections from and to the WWW that are approved - like the connection to your internet browser.

Other devices inside your local network are protected.

The article you mentioned is a bout people who open the connection of their OctoPrint to the WWW. This is in no way recommended.

So if you keep your router closed, no one will get to your OctoPrint installation you have.

Charlie_Powell · April 17, 2021, 5:02pm

Access Control is no longer optional - it's mandatory. Did you enter a username and password for the admin account?

If you don't put your OctoPrint install on the internet, it is likely OK. By default this is how it comes, you don't have to do anything extra. However, if you choose to put it on the internet it should be secure.

david_g · April 23, 2021, 7:51am

hi,
If i want to be able to connect to it from outside my home. i would be reluctant to have it connected to the outside world. its far to easy to for your pi or whatever device you are using to be hacked. Mine was turned into a DDOS Zombie a few years ago, was a pain in the butt to find the issue and remove it.
So now i use Teamviewer on my desktop and then use it browser to monitor Octoprint.
As i did not want my pc on all the time, i have a Pi Zero i can connect to via SSH (strong passwords, encryption ect) and send a magic packet to the pc to turn it on remotely.
this option need to be enabled in the bios of the desktop pc.
Which only give a hacker the SSH to try hack. Which i guess is possible given enough time, but there are easier targets to get to so would likely move on.

oh and the other thing SSH on the Zero is not on port 22. so looking at the router from out side, it looks like port 22 (ssh port) is blocked. so spiders/bot will just move on.

1derman · April 28, 2021, 4:30am

Hi David,

Thank you so much for your response, I just saw your email today, as I've been focused on other projects and did not look. I really appreciate you reaching out to help give me some peace of mind. Currently I am using octoprint to mainly level my print bed, as my prints are tolerance sensitive and require a bed variance of at least 0.02 mm, I basically turn on the octoprint only when I level the print bed and then disconnect from the octoprint GUI/website and turn of the server. For now, this is the only strategy that helps me feel safe. I will consider other options as soon as I have time to do the research. Thanks for your suggestions with safety measures I can take to avoid any potential harm that can be done. You have been so helpful and I am very grateful for your advice.

Best,
1derman