WEB Zugriff nicht geschütz?

[Rolfg]

Hallo,
ich bekomme nach einem Neustart folgende Meldung:

Code Auswählen Erweitern


SecurityCheck:
  telnetPort is not password protected
  WEBphone is not password protected
  WEB is not password protected

Protect this FHEM installation by configuring the allowed device allowedWEB
You can disable this message with attr global motd none



Habe für WEB, WEB Hook und WEB Tablet ein Allowed mit Passwortschutz. Für Telenet nicht. Dachte wenn ich kein allowed mache ist das auch gesperrt. Kann mir da jemand helfen?

Hier Versucht wohl jemand zu Hacken oder?

Code Auswählen Erweitern


2019.11.22 17:47:04 3: WEBhook_122.228.208.113_58866: unsupported HTTP method CONNECT, rejecting it.
2019.11.22 17:47:14 3: WEBhook_122.228.208.113_37982: unsupported HTTP method CONNECT, rejecting it.
2019.11.22 17:47:19 3: WEBhook_122.228.208.113_48564: unsupported HTTP method CONNECT, rejecting it.
2019.11.22 17:47:21 3: WEBhook_122.228.208.113_47648: unsupported HTTP method CONNECT, rejecting it.
2019.11.22 17:47:35 3: WEBhook_122.228.208.113_39602: unsupported HTTP method CONNECT, rejecting it.



Von mir ist das nicht.

Danke und Gruß
Rolf

[Wernieman]

Ist Dein FHEM aus dem Netz (also I-Net) erreichbar?

Ohne Allow ist telnet "normal offen" ... siehe Doku
https://www.fhem.de/commandref.html#telnet

[Rolfg]

Ja mein Fhem ist über das Inet erreichbar.  Kann ich das telnet nicht löschen oder brauche ich das? Muss ich für alles allowed setzen um es zu schützen? Ich dachte es ist andersrum. Um Zugriff zu erhalten muss ich allowed setzen.

[CoolTux]

FHEM seine Sicherheitsmechanismen sind nicht für die direkte Freigabe ins Internet ausgelegt.
Bitte deaktiviere die Freigabe wieder und suche nach sicheren alternativen. Oder lebe mit einer etwaigen späteren Konsequenz.

[Rolfg]

@CoolTux

Habe mal allowed komplett rausgenommen. Von aussen kann ich jetzt nicht mehr zugreifen. Fhem meldet jetzt das:

Code Auswählen Erweitern


SecurityCheck:
  WEBhook is not password protected
  WEBtablet is not password protected
  WEBphone is not password protected
  telnetPort is not password protected
  WEB is not password protected



Das ist für mich irgendwie irreführend. Ist es jetzt sicher oder nicht. Für Telnet muss ich es aber setzen oder? Oder kann ich Telnet löschen? Ich wüsste nicht wofür ich das brauche. Putty ist ja SSH.

Danke und Gruß Rolf

[CoolTux]

Die Meldung kommt aus älteren Zeiten. Du hast bestimmt vergessen im global Device das Attribut modt an zu passen.

[Wernieman]

Wenn Du kein Script hat, was per Telnet Befehle an FHEM sendet, kannst Du es löschen.

Hat übrigens nichts mit ssh zu tuen. Mit ssh kommst Du af das System, mit "telnet" auf fhem. Also FHEM<> System (shell) Ebene.

[Rolfg]

Werde mal mit Fritzbox VPN probieren. Ist das denn sicher? Hier mal der LOG der letzten Nacht:

Code Auswählen Erweitern


2019.11.22 21:11:41 1: Connection refused from the non-local address 80.90.153.73:40980, as there is no working allowed instance defined for it
2019.11.22 21:11:41 1: Connection refused from the non-local address 80.90.153.73:40982, as there is no working allowed instance defined for it
2019.11.22 21:11:41 1: Connection refused from the non-local address 80.90.153.73:40984, as there is no working allowed instance defined for it
2019.11.22 21:11:41 1: Connection refused from the non-local address 80.90.153.73:40986, as there is no working allowed instance defined for it
2019.11.22 21:11:41 1: Connection refused from the non-local address 80.90.153.73:40988, as there is no working allowed instance defined for it
2019.11.22 21:11:46 1: Connection refused from the non-local address 80.90.153.73:40990, as there is no working allowed instance defined for it
2019.11.22 21:11:46 1: Connection refused from the non-local address 80.90.153.73:40992, as there is no working allowed instance defined for it

2019.11.22 21:25:35 1: Connection refused from the non-local address 80.90.153.73:41034, as there is no working allowed instance defined for it
2019.11.22 21:25:35 1: Connection refused from the non-local address 80.90.153.73:41036, as there is no working allowed instance defined for it
2019.11.22 21:25:36 1: Connection refused from the non-local address 80.90.153.73:41038, as there is no working allowed instance defined for it
2019.11.22 21:25:36 1: Connection refused from the non-local address 80.90.153.73:41040, as there is no working allowed instance defined for it
2019.11.22 21:25:41 1: Connection refused from the non-local address 80.90.153.73:41042, as there is no working allowed instance defined for it
2019.11.22 21:25:41 1: Connection refused from the non-local address 80.90.153.73:41044, as there is no working allowed instance defined for it
2019.11.22 21:25:46 1: Connection refused from the non-local address 80.90.153.73:41046, as there is no working allowed instance defined for it
2019.11.22 21:25:46 1: Connection refused from the non-local address 80.90.153.73:41048, as there is no working allowed instance defined for it

2019.11.23 04:12:34 1: Connection refused from the non-local address 122.228.208.113:39338, as there is no working allowed instance defined for it
2019.11.23 04:12:36 1: Connection refused from the non-local address 122.228.208.113:49426, as there is no working allowed instance defined for it
2019.11.23 04:12:36 1: Connection refused from the non-local address 122.228.208.113:53440, as there is no working allowed instance defined for it
2019.11.23 04:12:37 1: Connection refused from the non-local address 122.228.208.113:55242, as there is no working allowed instance defined for it
2019.11.23 04:12:43 1: Connection refused from the non-local address 122.228.208.113:56404, as there is no working allowed instance defined for it
2019.11.23 04:12:43 1: Connection refused from the non-local address 122.228.208.113:45498, as there is no working allowed instance defined for it
2019.11.23 04:12:56 1: Connection refused from the non-local address 122.228.208.113:59680, as there is no working allowed instance defined for it
2019.11.23 04:12:57 1: Connection refused from the non-local address 122.228.208.113:49882, as there is no working allowed instance defined for it
2019.11.23 04:12:58 1: Connection refused from the non-local address 122.228.208.113:53654, as there is no working allowed instance defined for it
2019.11.23 04:13:04 1: Connection refused from the non-local address 122.228.208.113:57540, as there is no working allowed instance defined for it

2019.11.23 04:13:53 1: Connection refused from the non-local address 122.228.208.113:35038, as there is no working allowed instance defined for it
2019.11.23 04:13:54 1: Connection refused from the non-local address 122.228.208.113:37800, as there is no working allowed instance defined for it
2019.11.23 04:13:55 1: Connection refused from the non-local address 122.228.208.113:40230, as there is no working allowed instance defined for it
2019.11.23 04:13:56 1: Connection refused from the non-local address 122.228.208.113:43044, as there is no working allowed instance defined for it
2019.11.23 04:14:53 1: Connection refused from the non-local address 122.228.208.113:51944, as there is no working allowed instance defined for it
2019.11.23 04:14:54 1: Connection refused from the non-local address 122.228.208.113:47204, as there is no working allowed instance defined for it
2019.11.23 04:15:37 1: Connection refused from the non-local address 122.228.208.113:60204, as there is no working allowed instance defined for it
2019.11.23 04:16:29 1: Connection refused from the non-local address 122.228.208.113:51528, as there is no working allowed instance defined for it
2019.11.23 04:16:30 1: Connection refused from the non-local address 122.228.208.113:57958, as there is no working allowed instance defined for it
2019.11.23 04:16:31 1: Connection refused from the non-local address 122.228.208.113:44524, as there is no working allowed instance defined for it
2019.11.23 04:16:46 1: Connection refused from the non-local address 122.228.208.113:44280, as there is no working allowed instance defined for it
2019.11.23 04:16:47 1: Connection refused from the non-local address 122.228.208.113:35812, as there is no working allowed instance defined for it
2019.11.23 04:16:47 1: Connection refused from the non-local address 122.228.208.113:37100, as there is no working allowed instance defined for it
2019.11.23 04:16:48 1: Connection refused from the non-local address 122.228.208.113:39796, as there is no working allowed instance defined for it
2019.11.23 04:16:49 1: Connection refused from the non-local address 122.228.208.113:45224, as there is no working allowed instance defined for it
2019.11.23 04:16:50 1: Connection refused from the non-local address 122.228.208.113:49550, as there is no working allowed instance defined for it
2019.11.23 04:16:51 1: Connection refused from the non-local address 122.228.208.113:52794, as there is no working allowed instance defined for it
2019.11.23 04:16:58 1: Connection refused from the non-local address 122.228.208.113:56128, as there is no working allowed instance defined for it
2019.11.23 04:17:20 1: Connection refused from the non-local address 122.228.208.113:53660, as there is no working allowed instance defined for it
2019.11.23 04:17:21 1: Connection refused from the non-local address 122.228.208.113:36520, as there is no working allowed instance defined for it
2019.11.23 04:17:27 1: [TradfriGateway] Can't write, connection is not opened!
2019.11.23 04:17:27 1: [TradfriGateway] Can't write, connection is not opened!
2019.11.23 04:17:27 1: Connection refused from the non-local address 122.228.208.113:37592, as there is no working allowed instance defined for it
2019.11.23 04:17:31 1: Connection refused from the non-local address 122.228.208.113:54022, as there is no working allowed instance defined for it
2019.11.23 04:17:35 1: Connection refused from the non-local address 122.228.208.113:35350, as there is no working allowed instance defined for it
2019.11.23 04:17:44 1: Connection refused from the non-local address 122.228.208.113:46626, as there is no working allowed instance defined for it
2019.11.23 04:17:47 1: Connection refused from the non-local address 122.228.208.113:38548, as there is no working allowed instance defined for it
2019.11.23 04:17:50 1: Connection refused from the non-local address 122.228.208.113:47074, as there is no working allowed instance defined for it
2019.11.23 04:17:54 1: Connection refused from the non-local address 122.228.208.113:56610, as there is no working allowed instance defined for it
2019.11.23 04:17:58 1: Connection refused from the non-local address 122.228.208.113:38636, as there is no working allowed instance defined for it
2019.11.23 04:17:59 1: Connection refused from the non-local address 122.228.208.113:52582, as there is no working allowed instance defined for it
2019.11.23 04:18:04 1: Connection refused from the non-local address 122.228.208.113:44506, as there is no working allowed instance defined for it
2019.11.23 04:18:05 1: Connection refused from the non-local address 122.228.208.113:45694, as there is no working allowed instance defined for it
2019.11.23 04:18:35 1: Connection refused from the non-local address 122.228.208.113:33960, as there is no working allowed instance defined for it
2019.11.23 04:18:37 1: Connection refused from the non-local address 122.228.208.113:36134, as there is no working allowed instance defined for it
2019.11.23 04:18:37 1: Connection refused from the non-local address 122.228.208.113:39434, as there is no working allowed instance defined for it
2019.11.23 04:18:39 1: Connection refused from the non-local address 122.228.208.113:41946, as there is no working allowed instance defined for it
2019.11.23 04:18:39 1: Connection refused from the non-local address 122.228.208.113:44338, as there is no working allowed instance defined for it
2019.11.23 04:18:39 1: Connection refused from the non-local address 122.228.208.113:46638, as there is no working allowed instance defined for it




Habt ihr sowas auch?

Danke und Gruß Rolf

[CoolTux]

VPN wäre auf jeden Fall das beste.

Nein Sowas habe ich nicht in meinem Log, meine Instanz ist auch nicht direkt mit dem Internet verbunden.

[Rolfg]

So. VPN geht. Port Freigabe noch aus der FritzBox entfernt. Telnet entfernt weil ich es nicht brauche. Damit sollte doch jetzt alles im grünen Bereich sein oder?

Gruß Rolf