Seemingly random events occuring

Winsys11 · July 17, 2023, 11:40pm

i have OH3, LGTV Binding and Yamaha Musicast binding. Occasionally, perhaps every couple of months, the TV and Yamaha amplifier will turn on for no apparent reason. It may be in the middle of the night, or day or anytime (seemingly random). when this happens, i check the logs for any clues. but i don’t see anything strange. I have some rules that are astro triggered, but they don’t seem to coincide. here is the log from this morning


2023-07-18 07:41:40.397 [INFO ] [openhab.event.ItemCommandEvent      ] - Item 'LG_webOS_TV_OLED77CSPSA_Power' received command ON
2023-07-18 07:41:40.417 [INFO ] [penhab.event.ItemStatePredictedEvent] - Item ‘LG_webOS_TV_OLED77CSPSA_Power’ predicted to become OFF
==> /var/log/openhab/openhab.log <==
2023-07-18 07:41:41.267 [INFO ] [cast.internal.YamahaMusiccastHandler] - Scheduler task found!
==> /var/log/openhab/events.log <==
2023-07-18 07:41:41.205 [INFO ] [openhab.event.ItemCommandEvent      ] - Item ‘Yamaha_MusicCast_A6V_Power’ received command ON
2023-07-18 07:41:41.221 [INFO ] [penhab.event.ItemStatePredictedEvent] - Item ‘Yamaha_MusicCast_A6V_Power’ predicted to become ON
2023-07-18 07:41:41.236 [INFO ] [openhab.event.ItemStateChangedEvent ] - Item ‘Yamaha_MusicCast_A6V_Power’ changed from OFF to ON
2023-07-18 07:41:49.749 [INFO ] [ab.event.ThingStatusInfoChangedEvent] - Thing ‘lgwebos:WebOSTV:9597ce79-ea6b-ba53-094d-85d47776056e’ changed from OFFLINE: TV is off to ONLINE: Registering - You may need to confirm pairing on TV.
2023-07-18 07:41:49.849 [INFO ] [ab.event.ThingStatusInfoChangedEvent] - Thing ‘lgwebos:WebOSTV:9597ce79-ea6b-ba53-094d-85d47776056e’ changed from ONLINE: Registering - You may need to confirm pairing on TV. to ONLINE: Connected

2023-07-18 07:41:49.864 [INFO ] [openhab.event.ItemStateChangedEvent ] - Item ‘LG_webOS_TV_OLED77CSPSA_Power’ changed from OFF to ON

I dont understand what the “scheduler task found!” means. I do not have any sheduled tasks defined.

I also have a z-wave Aotec quad wall switch. shortly after the tv and amp turned on, so did all the lights that are controlled by the Aotec. the log says


2023-07-18 07:42:12.303 [INFO ] [openhab.event.ItemCommandEvent      ] - Item 'ZWave_Node_027_ZW130_WallMote_Quad_1_Button_Number_2' received command ON
2023-07-18 07:42:12.316 [INFO ] [penhab.event.ItemStatePredictedEvent] - Item ‘ZWave_Node_027_ZW130_WallMote_Quad_1_Button_Number_2’ predicted to become ON
2023-07-18 07:42:12.328 [INFO ] [openhab.event.ItemStateChangedEvent ] - Item ‘ZWave_Node_027_ZW130_WallMote_Quad_1_Button_Number_2’ changed from OFF to ON
2023-07-18 07:42:13.081 [INFO ] [openhab.event.ItemCommandEvent      ] - Item ‘ZWave_Node_027_ZW130_WallMote_Quad_1_Button_Number_1’ received command ON
2023-07-18 07:42:13.098 [INFO ] [penhab.event.ItemStatePredictedEvent] - Item ‘ZWave_Node_027_ZW130_WallMote_Quad_1_Button_Number_1’ predicted to become ON
2023-07-18 07:42:13.117 [INFO ] [openhab.event.ItemStateChangedEvent ] - Item ‘ZWave_Node_027_ZW130_WallMote_Quad_1_Button_Number_1’ changed from OFF to ON
2023-07-18 07:42:13.449 [INFO ] [openhab.event.ItemCommandEvent      ] - Item ‘ZWave_Node_027_ZW130_WallMote_Quad_1_Button_Number_4’ received command ON
==> /var/log/openhab/openhab.log <==

2023-07-18 07:42:13.473 [INFO ] [penhab.event.ItemStatePredictedEvent] - Item ‘ZWave_Node_027_ZW130_WallMote_Quad_1_Button_Number_4’ predicted to become ON
2023-07-18 07:42:13.486 [INFO ] [openhab.event.ItemStateChangedEvent ] - Item ‘ZWave_Node_027_ZW130_WallMote_Quad_1_Button_Number_4’ changed from OFF to ON
2023-07-18 07:42:13.772 [INFO ] [openhab.event.ItemCommandEvent      ] - Item ‘ZWave_Node_027_ZW130_WallMote_Quad_1_Button_Number_3’ received command ON
2023-07-18 07:42:13.782 [INFO ] [penhab.event.ItemStatePredictedEvent] - Item ‘ZWave_Node_027_ZW130_WallMote_Quad_1_Button_Number_3’ predicted to become ON
2023-07-18 07:42:13.791 [INFO ] [openhab.event.ItemStateChangedEvent ] - Item ‘ZWave_Node_027_ZW130_WallMote_Quad_1_Button_Number_3’ changed from OFF to ON

<\code>
The log seems to say that all 4 buttons on the Aotec were pressed, but no-one pressed them.
I’m at a loss to explain this behaviour. What things can i do to try to narrow this down? I could increase the logging level, but since it happens rarely I fear the log would get too huge. can i just increase the log level for the tv or amp? I tseems to happen to those devices most often.
appreciate any help or suggestions,

thanks,

Mark

Andrew_Rowe · July 18, 2023, 12:46am

This type of thread comes up every once in awhile lately and it is usually the result of the an insecure instance of openHAB being available on the internet. I forget the exact details (can someone help my memory?) but I think it is opening a port or using the cloud connector with a default password. There is a website that shows open connections.
Do you have your openHAB instance exposed to the internet? If so, how? Does the openHAB administrative user have the default password?
I’ll try to find one of the other threads that discuss this

ok, here is one from last year

here is another with link to website that shows unsecured instances

rlkoshak · July 18, 2023, 3:47pm

A basic reading of the binding seems to indicate it found one all the same. It’s I don’t know this binding so am limited in offering suggestions beyond look to see if you have a scheduled task now. Maybe one was added and then removed?

Ultimately, so what? Once you solve the problem you change it back. Something like this is the whole reason logs exist.

Yes, of course. See the docs. You can change the logging level on a binding by binding basis either through the karaf console or by editing log4j2.xml. In OH 4 you can change the logging level through MainUI as well.

But I don’t think increased logging is going to help here. The commands likely are not coming from the bindings themselves unless there is something to the whole schedular task thing beyond what’s built into the Yamaha device.

If you directly expose your OH instance to the internet by opening a port forward on your gateway router that’s a really bad idea. The website Shodan does a scan of the entire internet daily and has a database showing all the open ports on every computer connected to the internet. Search for your IP address and if you have no port forwards you won’t be in the database. If you do, it will likely show you not just that you have these ports exposed but exactly what’s running on those ports.

If you’ve exposed your OH to the internet, that’s the first suspect. Someone is messing with you. Just hope they are not malicious and haven’t tried to compromise your system.