Rogue inputs in emoncms

"Rogue inputs in emoncms" is a term that hasn't made an appearance for a while and we have always attributed them to rogue devices on the RFM networks. That may well be the case for many and the way emonhub filters nodes now may have helped reduce these from appearing but I still get them randomly.

I had stopped looking into them sometime ago and just delete them, but today I happen to notice something of great significance. I have recently helped someone setup emoncms for one of their clients. The result of that is one emonhub reporting to 3 emoncms accounts. Mine, theirs and the clients. 

Today I found a single new node with a new node id and also around 16 additional inputs tagged on to an existing node, the additional inputs were not updating although the first few inputs of that node were still updating with valid data.

The crucial part is that this only occurred on one of the 3 emoncms accounts, this means the data did not originate from the emonhub feeding all 3 accounts with identical data.

Either someone has posted data to that account by getting their own apikey wrong and stumbling onto this one or the data has "leaked" into that account from within emoncms.

At this time I do not know how to prove either theory, but I am interested in whether we need to extend the apikey or introduce another layer of identification eg using the account name in the url for example.  

This is less of a problem for single user/account servers but as I am currently trying to sell a company on the idea of their own emoncms server for their own clientbase I would like to figure out the cause.

Paul