Hallo,
ich bekomme nach einem Neustart folgende Meldung:
SecurityCheck:
telnetPort is not password protected
WEBphone is not password protected
WEB is not password protected
Protect this FHEM installation by configuring the allowed device allowedWEB
You can disable this message with attr global motd none
Habe für WEB, WEB Hook und WEB Tablet ein Allowed mit Passwortschutz. Für Telenet nicht. Dachte wenn ich kein allowed mache ist das auch gesperrt. Kann mir da jemand helfen?
Hier Versucht wohl jemand zu Hacken oder?
2019.11.22 17:47:04 3: WEBhook_122.228.208.113_58866: unsupported HTTP method CONNECT, rejecting it.
2019.11.22 17:47:14 3: WEBhook_122.228.208.113_37982: unsupported HTTP method CONNECT, rejecting it.
2019.11.22 17:47:19 3: WEBhook_122.228.208.113_48564: unsupported HTTP method CONNECT, rejecting it.
2019.11.22 17:47:21 3: WEBhook_122.228.208.113_47648: unsupported HTTP method CONNECT, rejecting it.
2019.11.22 17:47:35 3: WEBhook_122.228.208.113_39602: unsupported HTTP method CONNECT, rejecting it.
Von mir ist das nicht.
Danke und Gruß
Rolf
Ist Dein FHEM aus dem Netz (also I-Net) erreichbar?
Ohne Allow ist telnet "normal offen" ... siehe Doku
https://www.fhem.de/commandref.html#telnet (https://www.fhem.de/commandref.html#telnet)
Ja mein Fhem ist über das Inet erreichbar. Kann ich das telnet nicht löschen oder brauche ich das? Muss ich für alles allowed setzen um es zu schützen? Ich dachte es ist andersrum. Um Zugriff zu erhalten muss ich allowed setzen.
FHEM seine Sicherheitsmechanismen sind nicht für die direkte Freigabe ins Internet ausgelegt.
Bitte deaktiviere die Freigabe wieder und suche nach sicheren alternativen. Oder lebe mit einer etwaigen späteren Konsequenz.
@CoolTux
Habe mal allowed komplett rausgenommen. Von aussen kann ich jetzt nicht mehr zugreifen. Fhem meldet jetzt das:
SecurityCheck:
WEBhook is not password protected
WEBtablet is not password protected
WEBphone is not password protected
telnetPort is not password protected
WEB is not password protected
Das ist für mich irgendwie irreführend. Ist es jetzt sicher oder nicht. Für Telnet muss ich es aber setzen oder? Oder kann ich Telnet löschen? Ich wüsste nicht wofür ich das brauche. Putty ist ja SSH.
Danke und Gruß Rolf
Die Meldung kommt aus älteren Zeiten. Du hast bestimmt vergessen im global Device das Attribut modt an zu passen.
Wenn Du kein Script hat, was per Telnet Befehle an FHEM sendet, kannst Du es löschen.
Hat übrigens nichts mit ssh zu tuen. Mit ssh kommst Du af das System, mit "telnet" auf fhem. Also FHEM<> System (shell) Ebene.
Werde mal mit Fritzbox VPN probieren. Ist das denn sicher? Hier mal der LOG der letzten Nacht:
2019.11.22 21:11:41 1: Connection refused from the non-local address 80.90.153.73:40980, as there is no working allowed instance defined for it
2019.11.22 21:11:41 1: Connection refused from the non-local address 80.90.153.73:40982, as there is no working allowed instance defined for it
2019.11.22 21:11:41 1: Connection refused from the non-local address 80.90.153.73:40984, as there is no working allowed instance defined for it
2019.11.22 21:11:41 1: Connection refused from the non-local address 80.90.153.73:40986, as there is no working allowed instance defined for it
2019.11.22 21:11:41 1: Connection refused from the non-local address 80.90.153.73:40988, as there is no working allowed instance defined for it
2019.11.22 21:11:46 1: Connection refused from the non-local address 80.90.153.73:40990, as there is no working allowed instance defined for it
2019.11.22 21:11:46 1: Connection refused from the non-local address 80.90.153.73:40992, as there is no working allowed instance defined for it
2019.11.22 21:25:35 1: Connection refused from the non-local address 80.90.153.73:41034, as there is no working allowed instance defined for it
2019.11.22 21:25:35 1: Connection refused from the non-local address 80.90.153.73:41036, as there is no working allowed instance defined for it
2019.11.22 21:25:36 1: Connection refused from the non-local address 80.90.153.73:41038, as there is no working allowed instance defined for it
2019.11.22 21:25:36 1: Connection refused from the non-local address 80.90.153.73:41040, as there is no working allowed instance defined for it
2019.11.22 21:25:41 1: Connection refused from the non-local address 80.90.153.73:41042, as there is no working allowed instance defined for it
2019.11.22 21:25:41 1: Connection refused from the non-local address 80.90.153.73:41044, as there is no working allowed instance defined for it
2019.11.22 21:25:46 1: Connection refused from the non-local address 80.90.153.73:41046, as there is no working allowed instance defined for it
2019.11.22 21:25:46 1: Connection refused from the non-local address 80.90.153.73:41048, as there is no working allowed instance defined for it
2019.11.23 04:12:34 1: Connection refused from the non-local address 122.228.208.113:39338, as there is no working allowed instance defined for it
2019.11.23 04:12:36 1: Connection refused from the non-local address 122.228.208.113:49426, as there is no working allowed instance defined for it
2019.11.23 04:12:36 1: Connection refused from the non-local address 122.228.208.113:53440, as there is no working allowed instance defined for it
2019.11.23 04:12:37 1: Connection refused from the non-local address 122.228.208.113:55242, as there is no working allowed instance defined for it
2019.11.23 04:12:43 1: Connection refused from the non-local address 122.228.208.113:56404, as there is no working allowed instance defined for it
2019.11.23 04:12:43 1: Connection refused from the non-local address 122.228.208.113:45498, as there is no working allowed instance defined for it
2019.11.23 04:12:56 1: Connection refused from the non-local address 122.228.208.113:59680, as there is no working allowed instance defined for it
2019.11.23 04:12:57 1: Connection refused from the non-local address 122.228.208.113:49882, as there is no working allowed instance defined for it
2019.11.23 04:12:58 1: Connection refused from the non-local address 122.228.208.113:53654, as there is no working allowed instance defined for it
2019.11.23 04:13:04 1: Connection refused from the non-local address 122.228.208.113:57540, as there is no working allowed instance defined for it
2019.11.23 04:13:53 1: Connection refused from the non-local address 122.228.208.113:35038, as there is no working allowed instance defined for it
2019.11.23 04:13:54 1: Connection refused from the non-local address 122.228.208.113:37800, as there is no working allowed instance defined for it
2019.11.23 04:13:55 1: Connection refused from the non-local address 122.228.208.113:40230, as there is no working allowed instance defined for it
2019.11.23 04:13:56 1: Connection refused from the non-local address 122.228.208.113:43044, as there is no working allowed instance defined for it
2019.11.23 04:14:53 1: Connection refused from the non-local address 122.228.208.113:51944, as there is no working allowed instance defined for it
2019.11.23 04:14:54 1: Connection refused from the non-local address 122.228.208.113:47204, as there is no working allowed instance defined for it
2019.11.23 04:15:37 1: Connection refused from the non-local address 122.228.208.113:60204, as there is no working allowed instance defined for it
2019.11.23 04:16:29 1: Connection refused from the non-local address 122.228.208.113:51528, as there is no working allowed instance defined for it
2019.11.23 04:16:30 1: Connection refused from the non-local address 122.228.208.113:57958, as there is no working allowed instance defined for it
2019.11.23 04:16:31 1: Connection refused from the non-local address 122.228.208.113:44524, as there is no working allowed instance defined for it
2019.11.23 04:16:46 1: Connection refused from the non-local address 122.228.208.113:44280, as there is no working allowed instance defined for it
2019.11.23 04:16:47 1: Connection refused from the non-local address 122.228.208.113:35812, as there is no working allowed instance defined for it
2019.11.23 04:16:47 1: Connection refused from the non-local address 122.228.208.113:37100, as there is no working allowed instance defined for it
2019.11.23 04:16:48 1: Connection refused from the non-local address 122.228.208.113:39796, as there is no working allowed instance defined for it
2019.11.23 04:16:49 1: Connection refused from the non-local address 122.228.208.113:45224, as there is no working allowed instance defined for it
2019.11.23 04:16:50 1: Connection refused from the non-local address 122.228.208.113:49550, as there is no working allowed instance defined for it
2019.11.23 04:16:51 1: Connection refused from the non-local address 122.228.208.113:52794, as there is no working allowed instance defined for it
2019.11.23 04:16:58 1: Connection refused from the non-local address 122.228.208.113:56128, as there is no working allowed instance defined for it
2019.11.23 04:17:20 1: Connection refused from the non-local address 122.228.208.113:53660, as there is no working allowed instance defined for it
2019.11.23 04:17:21 1: Connection refused from the non-local address 122.228.208.113:36520, as there is no working allowed instance defined for it
2019.11.23 04:17:27 1: [TradfriGateway] Can't write, connection is not opened!
2019.11.23 04:17:27 1: [TradfriGateway] Can't write, connection is not opened!
2019.11.23 04:17:27 1: Connection refused from the non-local address 122.228.208.113:37592, as there is no working allowed instance defined for it
2019.11.23 04:17:31 1: Connection refused from the non-local address 122.228.208.113:54022, as there is no working allowed instance defined for it
2019.11.23 04:17:35 1: Connection refused from the non-local address 122.228.208.113:35350, as there is no working allowed instance defined for it
2019.11.23 04:17:44 1: Connection refused from the non-local address 122.228.208.113:46626, as there is no working allowed instance defined for it
2019.11.23 04:17:47 1: Connection refused from the non-local address 122.228.208.113:38548, as there is no working allowed instance defined for it
2019.11.23 04:17:50 1: Connection refused from the non-local address 122.228.208.113:47074, as there is no working allowed instance defined for it
2019.11.23 04:17:54 1: Connection refused from the non-local address 122.228.208.113:56610, as there is no working allowed instance defined for it
2019.11.23 04:17:58 1: Connection refused from the non-local address 122.228.208.113:38636, as there is no working allowed instance defined for it
2019.11.23 04:17:59 1: Connection refused from the non-local address 122.228.208.113:52582, as there is no working allowed instance defined for it
2019.11.23 04:18:04 1: Connection refused from the non-local address 122.228.208.113:44506, as there is no working allowed instance defined for it
2019.11.23 04:18:05 1: Connection refused from the non-local address 122.228.208.113:45694, as there is no working allowed instance defined for it
2019.11.23 04:18:35 1: Connection refused from the non-local address 122.228.208.113:33960, as there is no working allowed instance defined for it
2019.11.23 04:18:37 1: Connection refused from the non-local address 122.228.208.113:36134, as there is no working allowed instance defined for it
2019.11.23 04:18:37 1: Connection refused from the non-local address 122.228.208.113:39434, as there is no working allowed instance defined for it
2019.11.23 04:18:39 1: Connection refused from the non-local address 122.228.208.113:41946, as there is no working allowed instance defined for it
2019.11.23 04:18:39 1: Connection refused from the non-local address 122.228.208.113:44338, as there is no working allowed instance defined for it
2019.11.23 04:18:39 1: Connection refused from the non-local address 122.228.208.113:46638, as there is no working allowed instance defined for it
Habt ihr sowas auch?
Danke und Gruß Rolf
VPN wäre auf jeden Fall das beste.
Nein Sowas habe ich nicht in meinem Log, meine Instanz ist auch nicht direkt mit dem Internet verbunden.
So. VPN geht. Port Freigabe noch aus der FritzBox entfernt. Telnet entfernt weil ich es nicht brauche. Damit sollte doch jetzt alles im grünen Bereich sein oder?
Gruß Rolf