[DashboardServlet] WARNING - YOUR HOME IS EXPOSED!

Have no idea what category to put this in. It has been a few months since my OH2 migration and everything is working well.

Went back in today to make a change or two and noticed in the log the following message as I was tail’ng:

22:13:41.089 [ERROR] [i.dashboard.internal.DashboardServlet] - WARNING - YOUR HOME IS EXPOSED! It is accessible from the Internet without authentication - please take immediate action!

I did remember that I had port 8080 forwarded on my router, but I was testing some remote access things that I ultimately didn’t use, but never turned off the port forwarding. Thought this might be what picked it up. Apparently, not as it still is giving me this error. I have searched Google and here and interestingly enough, I could find a single reference to this error.

What is this, and how do I fix it. It is in RED and it is scary :wink:

what about 8443? Have you tried an online access of your system that’s not on your lan to verify that it’s open or not?

As it should be. It’s like leaving the doors unlocked and the keys in the car in a bad neighborhood.

I actually think it is awesome that OH detects this and warns you.

There are a number of ports that OH uses that you might have exposed beyond just 8080. Like psyciknz suggests, make sure 8443 isn’t also forwarded. Port 8101 is the ssh login port for the karaf console. Port 5007 is the Language Server Protocol port (how VSCode checks your code as you type).

Once you have verified that these ports are no longer being forwarded, restart OH and see if the error goes away. If not verify that it is indeed not accessible from the Internet. If it isn’t and the error remains there is a bug and we need to file an issue. I’m not sure where the issue belongs though.

2 Likes

I tried canyouseeme and it is not picking up on any of those ports. I will do some other checking a few other ways and see what I come up with.

It has been quite few months since I have actually been on my OH2 install and as you can see from my last responses, I didn’t see any open ports, so not sure why it is saying this. As weather has had its way over the summer, the power has gone out several times, so OH has restarted
several times as well.

I logged on today to do some configuration and still get this error message and it is driving me crazy and filling up my logfile. I am not sure what else to check to see why I am getting this warning when it doesn’t seem to be the case.

I’m not sure how this is being detected but I suppose you can run a scan of your publicly facing IP address and see if indeed you do have something OH exposed to the internet.

Go to http://whatsmyip.org which will tell you what your public IP address is.

Then on any machine on your network install nmap. On Linux run apt install nmap.

Once installed run nmap <ip address> where <ip address> is the IP address discovered above. This will show what ports appear to be open to the Internet from your network. Check the list to make sure that there are no openHAB ports in the list. For that matter, make sure you don’t have any unexpected ports in the list.

I’m glad I ran this because I have a few ports that make no sense to me that appear in the nmap scan that I need to review including 8443. Connections are being accepted but nothing is being returned so it doesn’t seem to be a major risk but seeing them is a surprise.

The only thing I see on nmap is:
22/tcp open ssh
23/tcp open telnet
53/tcp open domain
80/tcp open http
443/tcp open https
4567/tcp open tram
5431/tcp open park-agent

I am not sure where 22 & 23 are being seen as open because they are certain closed on my network firewall. I just checked. In any event. I am still seeing the warning indicated in the OP. I am at a loss at this point, so I guess I will just ignore it. Though, I’d really like to find the source (even if a bug) so that I can use this feature correctly in the future. i.e. I will get alerted correctly if something is indeed open.

I ran some experiments of my own and I may have mislead you. Depending on how your gateway is configured, it might translate your external IP address to it’s internal address so what you end up getting is a scan of your gateway from inside. Those are probably just the ports that are exposed on your internal network so you can adminster your gateway.

Plan B, search for your IP on shodan.io. That will be a better test anyway as it will show that a third party sees as open.

@rlkoshak … don’t laugh but I think that this is yet another stale config :slight_smile:
Your https://github.com/openhab/openhab-distro/issues/396 will never be really closed for a long time :stuck_out_tongue:

@shelzmike : stop OH2, copy the contents of /var/lib/openhab2/config/org/openhab/dashboard.config and paste them here. Then delete the file or edit its contents and remove the exposed config parameter. Start OH2… this warning should disappear now.

If it doesn’t… this means that the code is checking and finding you exposed and will re-populate dashboard.config with the exposed flag. Then you need to dig deeper and scan your OH2 system for open ports.

It has been a really long time since I last responded, but was working with my installation and realized this was still an issue. @Dim, your suggestion seems to have worked.

Here is what the file said before:

xposed=B"true"
service.pid=“org.openhab.dashboard”

And here is what it says now, and I am no longer getting the message:

felix_.cm.newConfiguration=B"true"
service.pid=“org.openhab.dashboard”

Thanks for the assistance!