search

albertogeniola / MerossIot

Async Python library for controlling Meross devices
https://albertogeniola.github.io/MerossIot/
MIT License
477 stars 88 forks source link

Meross cloud - "high frequency" requests #112

Closed martinpeniak closed 4 years ago

martinpeniak commented 4 years ago

Hi guys I just wanted to share this message I just got from Meross in case it's useful to someone. I know this is not the place to leave it but I could not think of a better place to reach people who might find it of interest.

I really can't stand going through the cloud....anyone knows if the version 4 supports local-only mode? Cloud sucks, and even more so if you want to be off the grid and self-reliant...

Dear Customer,

This is meross cloud security team contacting you. First of all, thanks for purchasing meross and we hope that you enjoy life with our smart products. Recently our cloud security system has noticed that your devices are communicating with the could server at an extremely high frequency. We consider these behaviors abnormal and are concerned about the security of your devices. Due to the security concerns and the intent to avoid any further potential damage, we will terminate the cloud services of these devices for now. If you are sure that your devices are safe, NOT hacked, and are performing as expected. Please first lower your periodic request rate to no more than one message every ten seconds and then send an email to cloudservice@meross.com. We will resume cloud service for you within 24 hours. Please note that any abnormal high cloud request frequency will cause cloud service termination again. Should you have any information you would like to provide us with or would like to offer us any clarification, please contact us within 24 hours.

Thanks! meross Cloud Security Team

Hi,

It is not a security issue. I am using meross iot from github to monitor my system. Please avoid removing my account...I depend on it. I can change the query to one minute if that helps. Let me know as soon as possible.

Also, I do wait 10 seconds currently...but can extend this to 60 if that helps.

    time.sleep(10);

If you are interested to see more about my offgrid system using your plugs in a dashboard then check out these vids:

https://www.youtube.com/playlist?list=PLnP6LBf3AV6IJdCJbSVTpB0VxSdcgbPnM

Right now I have 9 plugs and 3 temperature and humidity sensors. This will be growing.

Cheers,

albertogeniola commented 4 years ago

Hi @martinpeniak ,

as you can see, this is something that depends on Meross MQTT broker. If they decide to implement anti-flooding, well there's little we can do to mitigate that. Of course adding some "delay" among calls might help, but certainly won't be the most robust approach on the long term. What's even worse is that the API does not seem to return any response code that tells us "ehy, slow down your queries", but they just block the accounts.

There are some side-projects implementing local-only checks, some of them can be implemented relatively easily with simple HTTP polling requests. Last time I checked, the Meross devices would allow any LAN device to "contact them" via HTTP but I haven't had time to develop such library extension (LAN-only support). This might be a valid feature request candidate, feel free to open it on this GitHub repository.