I have an installation running on Rpi 4. I believe current version of OpenHAB. Things have been running quite well for many months. Other than small oddities, all has been fine.
Suddenly, without any changes, OpenHAB seems to run amuck during the night. It turns things on (things that are not in any rules). This includes changing the switch to “turn on security”, which triggers a plethora of annoying things (which would be good if there was something real going on but since it is an error, all it does is wake me up). I turned off all rules, just in case I did it. No avail, it is still happening. Even the times when this happens is variable – sometimes at 12:30, sometimes at 4:30 and sometimes at 5:00. A reboot fixes it, until it runs amuck again. I have not witnessed it doing this during the day.
I checked for any RPi scheduled jobs. There are none.
Please advise as to next steps. Clearly something is wrong, but I am not sure where/how to find it. Thanks, in advance.
SD card is actually a HHD. It is less than a year old.
One particular switch that is being turned on can only be accessed via a page. There are no rules, no automation using this switch. But yet, it is being turned on in this whole mystery.
It was stable until roughly 3 days ago when it went crazy (without ANY changes to the system)
what does that mean ?
There are tools/services available on the internet like shodan.io where you just need to enter a keyword and it will show all found instances. you even can search by country etc.
So as long as the port is open that search engine will find your service earlier or later.
In case you don’t have access restrictions at all then everyone can play with the stuff that is availlable.
In case there is even a webcam available one can turn on/off stuff and watch the people wondering why the light turned on /off …
First check if you have any port open with a scanner like: Port Scanner - Netzwerk, Domain und DNS-Tools
There are others as well. Make sure that you use a tool that can scan all ports.
Check your router configuration for ports that are opened and re-routed to your OH instance or any other computer.
In case you have a fixed IP adress you can use shodan.io to search for your IP address and see the open ports being listed there. In case your ISP assigns changing IP DHCP addresses the results on sodan.io might not be reliable.
In case you don’t have an open port being reported by the tools nothing to worry about then.
You then should use the openhab cloud connector. This is a way to get acces to your items in case you need them on the internet without opening a port.
In case you have opened a port on your router but you do not need it close it.
Never mind…I figured that out. What I did was to make sure that cloud access was working (it is) and then I turned off port forwarding on my router for port 8080 (which I had been using). I confirmed that access via cloud was now behaving (it is). At this point, I believe the only way outside my secure home network to access OpenHAB is through the cloud tool. All my testing has shown this to be true.
How likely is it that this was the problem – malicious intent?
if the instance was exposed to the internet, it is at least possible. You need to examine the openHAB logs. There should be clues in there as to what is going on
The proof will be in whether or not things stay off all night. Since this started, I had noticed unexplained oddities. For example, I am controlling greenhouse cooling fans. The temperature for them to come on/off are stored as number items and are maintained via a page. At the point when all this craziness started, the values seem to have been altered (not as I had been using them). While it is true that I occasionally adjust the settings, but only by a few degrees. And certainly not at 5AM. These were BIG changes, which I would not have done, regardless of the odd time. I initially chalked it up to some oddity in the storage or retrieval of the numbers, but this seemed suspect since it had been working well. Also, my Roomba would suddenly start running, even though I do not ever initiate action from OpenHAB, but let the tool that came with it handle it. It is only connected to OpenHAB as I thought I might someday want a rule to run it. At any rate, the Roomba would suddenly take off at odd times.
All of these could have been done by access to the web interface. Why would anybody bother? No idea, but fingers crossed that stopping unauthorized access will fix the problem.
I will update as I determine whether or not this has fixed the issue.
possible route…
I had the same issue for a few weeks now, random lights going on at random times.
all credit to @Mherwege who provided a url where you can check exposed devices.
My device was on the list! i had some portforward setup on my router to my RPI.
So disabled these ports again.
I tested this and it does not connect to my device anymore.
Wonder if there is a way to leave a message to those exposed devices to warn them…
It sure appears the problem is solved. THANK YOU for the assistance. Last night I got a full night’s sleep (the first since this started), my greenhouse controls stayed as they should and Roomba didn’t start cleaning in the middle of the night. I will continue to monitor, but given this is the longest stretch without oddity since this whole thing started, I am hopeful this was indeed caused by unsecured access to the web interface. The only down side is that my security camera is no longer connecting — but t will carve out some time to figure that out. Since the RPi is on the same internal network as the camera, the port change shouldn’t have done it so I will have to dig deeper. Who knows what I may have gunked up on the RPi in my efforts to stop the insanity! (yep, I assume full responsibility for that part).