HELP! Odd issue with nightly "resets"

I have an installation running on Rpi 4. I believe current version of OpenHAB. Things have been running quite well for many months. Other than small oddities, all has been fine.

Suddenly, without any changes, OpenHAB seems to run amuck during the night. It turns things on (things that are not in any rules). This includes changing the switch to “turn on security”, which triggers a plethora of annoying things (which would be good if there was something real going on but since it is an error, all it does is wake me up). I turned off all rules, just in case I did it. No avail, it is still happening. Even the times when this happens is variable – sometimes at 12:30, sometimes at 4:30 and sometimes at 5:00. A reboot fixes it, until it runs amuck again. I have not witnessed it doing this during the day.

I checked for any RPi scheduled jobs. There are none.

Please advise as to next steps. Clearly something is wrong, but I am not sure where/how to find it. Thanks, in advance.

Please provide information on your setup. Exact openHAB version? Java version? How old is the SD-card?

OpenHAB level openHAB 3.2.0

Java Runtime: 11.0.13 (Zulu11.52+13-CA)

SD card is actually a HHD. It is less than a year old.

One particular switch that is being turned on can only be accessed via a page. There are no rules, no automation using this switch. But yet, it is being turned on in this whole mystery.

It was stable until roughly 3 days ago when it went crazy (without ANY changes to the system)

Is your OH instance accessible via open ports on the internet so that anyone could play around and turn things on / off ?

Perhaps but I don’t think its likely. My DNS name is obscure and the externally facing IP isn’t obvious.
What would be your suggestion to restrict it?

what does that mean ?
There are tools/services available on the internet like shodan.io where you just need to enter a keyword and it will show all found instances. you even can search by country etc.
So as long as the port is open that search engine will find your service earlier or later.
In case you don’t have access restrictions at all then everyone can play with the stuff that is availlable.
In case there is even a webcam available one can turn on/off stuff and watch the people wondering why the light turned on /off …

Good point. I have not set up restrictions – where would I do that…only my router or on my PI? Sorry, I am in need of guidance on this.

Thanks so much for assistance. This has been WAY too strange.

First check if you have any port open with a scanner like: Port Scanner - Netzwerk, Domain und DNS-Tools
There are others as well. Make sure that you use a tool that can scan all ports.
Check your router configuration for ports that are opened and re-routed to your OH instance or any other computer.
In case you have a fixed IP adress you can use shodan.io to search for your IP address and see the open ports being listed there. In case your ISP assigns changing IP DHCP addresses the results on sodan.io might not be reliable.
In case you don’t have an open port being reported by the tools nothing to worry about then.
You then should use the openhab cloud connector. This is a way to get acces to your items in case you need them on the internet without opening a port.
In case you have opened a port on your router but you do not need it close it.

At one point, I set up the cloud piece…how would I use it to access my installation? Sorry, I never was clear on that part.

Never mind…I figured that out. What I did was to make sure that cloud access was working (it is) and then I turned off port forwarding on my router for port 8080 (which I had been using). I confirmed that access via cloud was now behaving (it is). At this point, I believe the only way outside my secure home network to access OpenHAB is through the cloud tool. All my testing has shown this to be true.

How likely is it that this was the problem – malicious intent?

if the instance was exposed to the internet, it is at least possible. You need to examine the openHAB logs. There should be clues in there as to what is going on

The proof will be in whether or not things stay off all night. Since this started, I had noticed unexplained oddities. For example, I am controlling greenhouse cooling fans. The temperature for them to come on/off are stored as number items and are maintained via a page. At the point when all this craziness started, the values seem to have been altered (not as I had been using them). While it is true that I occasionally adjust the settings, but only by a few degrees. And certainly not at 5AM. These were BIG changes, which I would not have done, regardless of the odd time. I initially chalked it up to some oddity in the storage or retrieval of the numbers, but this seemed suspect since it had been working well. Also, my Roomba would suddenly start running, even though I do not ever initiate action from OpenHAB, but let the tool that came with it handle it. It is only connected to OpenHAB as I thought I might someday want a rule to run it. At any rate, the Roomba would suddenly take off at odd times.

All of these could have been done by access to the web interface. Why would anybody bother? No idea, but fingers crossed that stopping unauthorized access will fix the problem.

I will update as I determine whether or not this has fixed the issue.

Because they can? Exposing any service directly to the internet means someone (or something) will find it, and start messing around with it.

For those who haven’t: please consult this page if you want to remotely access your openHAB instance.

@amray77

possible route…
I had the same issue for a few weeks now, random lights going on at random times.
all credit to @Mherwege who provided a url where you can check exposed devices.

https://community.openhab.org/t/items-randomly-turning-on/135870/15?u=peacemaker

My device was on the list! i had some portforward setup on my router to my RPI.
So disabled these ports again.
I tested this and it does not connect to my device anymore.

Wonder if there is a way to leave a message to those exposed devices to warn them…

Turn their lights on and off randomly - they’ll soon get the message…

(Don’t do this)

1 Like

It sure appears the problem is solved. THANK YOU for the assistance. Last night I got a full night’s sleep (the first since this started), my greenhouse controls stayed as they should and Roomba didn’t start cleaning in the middle of the night. I will continue to monitor, but given this is the longest stretch without oddity since this whole thing started, I am hopeful this was indeed caused by unsecured access to the web interface. The only down side is that my security camera is no longer connecting — but t will carve out some time to figure that out. Since the RPi is on the same internal network as the camera, the port change shouldn’t have done it so I will have to dig deeper. Who knows what I may have gunked up on the RPi in my efforts to stop the insanity! (yep, I assume full responsibility for that part).

Again, thanks to all. VERY much appreciated.

2 Likes