In 2016, somebody decided to write a worm that compromises Ubiquiti devices, change their hostnames to match how the system was compromised and close off the service. Years later the worm is still active with hundreds of compromised systems: https://trends.shodan.io/search?query=tag%3Acompromised+ubiquiti#overview

Want to get notified if your WAN IP starts exposing a service? Use Shodan Monitor to see what you're exposing to the Internet:

Shodan Monitor

(docs available at

Shodan Book

Overview

)

$5 Membership sale is live: https://account.shodan.io/billing/member