What's new

Was Your Wash Hacked?

soapy

Senior Member
Joined
Sep 1, 2007
Messages
2,894
Reaction score
855
Points
113
Location
Rocky Mountains
i do not have any of mine hooked up to the internet so I am not worried about this. I do know of one large chain that offered the monthly unlimited wash program where they bill customers credit cards at the beginning of every month that got hacked. All the credit cards where kept in a file for the monthly billing and this data based was hacked leading to a bunch of stolen information. I wondered how these washes remain PCI compliant when you are not supposed to retain CC information like this. If it proves they are not PCI compliant it could lead to a pretty hefty bill since they would be liable for the bogus charges on the cards.
 

BBE

Member
Joined
Nov 9, 2011
Messages
507
Reaction score
2
Points
16
Location
USA
Yes, I had a DDOS attack on port 80 of my tandem. If port 80 which is the standard HTTP port, was left forwarded to the tandems IP address it would flood the machine with remote control commands such as bridge forward, brdige backward, etc..
 

slash007

Well-known member
Joined
Jul 8, 2012
Messages
2,478
Reaction score
415
Points
83
Location
Lexington, Ky.
I had trouble accessing my server and finally figured out that my dns servers had be re-routed to somewhere in China! Got it fixed, but definitely kept me on guard for the future.
 

koliver

PDQ Sales Engineer
Joined
Sep 4, 2007
Messages
143
Reaction score
14
Points
18
Location
DePere, WI
A couple notes on this as it mentions PDQ specifically:

1) If you have a gateway from PDQ, it has the built in security of a firewall and a password protected VPN configuration. The default password on the VPN connection should be changed.

2) The default logins for the car wash that are printed in our manuals should be changed at your sites. There is a login for an owner and a tech. Both should be changed.

3) There is a remote control password that can be enabled on the owner information screen on most of our equipment. This would prevent the issuing of remote control commands without the use of this 4-digit pin.
 

BBE

Member
Joined
Nov 9, 2011
Messages
507
Reaction score
2
Points
16
Location
USA
A couple notes on this as it mentions PDQ specifically:

1) If you have a gateway from PDQ, it has the built in security of a firewall and a password protected VPN configuration. The default password on the VPN connection should be changed.

2) The default logins for the car wash that are printed in our manuals should be changed at your sites. There is a login for an owner and a tech. Both should be changed.

3) There is a remote control password that can be enabled on the owner information screen on most of our equipment. This would prevent the issuing of remote control commands without the use of this 4-digit pin.
Thanks Kris. I had wondered about the default logins being able to be changed, as I assumed that every machine had the same login, and that may not be the most secure thing. It is good to know that this can actually be done. Would this be something I would contact PDQ for, or can it be done on an user level?
 

koliver

PDQ Sales Engineer
Joined
Sep 4, 2007
Messages
143
Reaction score
14
Points
18
Location
DePere, WI
You should be able to make the changes yourself. If you have any questions, don't hesitate to give our tech service group a call and they can walk you through this.
 
Top