Geisterhaus

n1ck1355 · 27. April 2020 um 10:55

„Abends“ und „fast genau zum selben Zeitpunkt“ hört sich für mich
erstmal nach Ereignis bei Tag/Nachtwechsel bzw Location Modul an…

Hagbard235 · 28. April 2020 um 18:17

Hilft vielleicht nicht, aber eine Anekdote, damit man an das unmögliche denkt…

Meine Geisterhaus-Erfahrung war, das alle Lichter ausgingen, Rollos runter gefahren sind und sich die Türen verschlossen haben…
Immer passiert, wenn ich mich Abends auf das Sofa gelegt habe…

Was war passiert? Ich hatte mir die „Haus verlassen“-Funktion auf einen HomeMatic-Keysender gelegt, den ich in der Hosentasche hatte und beim Lümmeln aufs Sofa immer der selbe Knopf gedrückt wurde…

Also auch mal an anderes als nur den Angriff von außén denken.

remote-it · 28. Mai 2020 um 22:24

Hi Jungs,

heute hat es mich auch erwischt. Punkt 19:26 von derselben IP 176.198.173.35.
Plugwise größtenteils betroffen (überwiegend die wichtigen / kritischen),
3 von 6 z-wave Shutter haben zugemacht.
1 Wallplug war aus

Bisher kein brauchbares Muster erkennbar.

Hatte auch erst Alexa im Verdacht - aber so ein Globalscript / Szene habe ich genau deswegen NICHT.

Und absolut keine Idee was es war - dummerweise hatte ich das System rebootet ohne vorher die Logs zu sichern

Lediglich das Access-Log gibt was her:

176.198.173.35 - - [05/28/2020:19:26:44 +0200] "GET / HTTP/1.1" 200 3236
176.198.173.35 - - [05/28/2020:19:26:44 +0200] "GET /css/webfront.css HTTP/1.1" 200 8728
176.198.173.35 - - [05/28/2020:19:26:44 +0200] "GET /img/logo.svg HTTP/1.1" 200 2977
176.198.173.35 - - [05/28/2020:19:26:44 +0200] "GET /img/spinner.svg HTTP/1.1" 200 336
176.198.173.35 - - [05/28/2020:19:26:44 +0200] "GET /favicon.ico HTTP/1.1" 200 5430
176.198.173.35 - - [05/28/2020:19:26:44 +0200] "GET /js/webfront.js HTTP/1.1" 200 178957
176.198.173.35 - - [05/28/2020:19:26:45 +0200] "POST /api/WFC_GetConfigurators HTTP/1.1" 200 218
176.198.173.35 - - [05/28/2020:19:26:45 +0200] "GET /img/icons/IPS.svg HTTP/1.1" 200 508
176.198.173.35 - - [05/28/2020:19:26:45 +0200] "GET /img/icons/Edit.svg HTTP/1.1" 200 493
176.198.173.35 - - [05/28/2020:19:26:45 +0200] "GET /img/icons/Warning.svg HTTP/1.1" 200 504
176.198.173.35 - - [05/28/2020:19:26:47 +0200] "POST /api/WFC_GetSnapshot HTTP/1.1" 200 225600
176.198.173.35 - - [05/28/2020:19:26:48 +0200] "GET /img/icons/HollowArrowLeft.svg HTTP/1.1" 200 433
176.198.173.35 - - [05/28/2020:19:26:48 +0200] "GET /img/icons/HollowArrowRight.svg HTTP/1.1" 200 434
176.198.173.35 - - [05/28/2020:19:26:48 +0200] "GET /img/icons/Script.svg HTTP/1.1" 200 474
176.198.173.35 - - [05/28/2020:19:26:48 +0200] "GET /img/icons/Return.svg HTTP/1.1" 200 456
176.198.173.35 - - [05/28/2020:19:26:48 +0200] "GET /img/icons/Database.svg HTTP/1.1" 200 484
176.198.173.35 - - [05/28/2020:19:26:53 +0200] "GET / HTTP/1.1" 200 3236
176.198.173.35 - - [05/28/2020:19:26:53 +0200] "GET /css/webfront.css HTTP/1.1" 200 8728
176.198.173.35 - - [05/28/2020:19:26:53 +0200] "GET /img/spinner.svg HTTP/1.1" 200 336
176.198.173.35 - - [05/28/2020:19:26:53 +0200] "GET /img/logo.svg HTTP/1.1" 200 2977
176.198.173.35 - - [05/28/2020:19:26:53 +0200] "GET /js/webfront.js HTTP/1.1" 200 178957
176.198.173.35 - - [05/28/2020:19:26:53 +0200] "POST /api/WFC_GetConfigurators HTTP/1.1" 200 219
176.198.173.35 - - [05/28/2020:19:26:53 +0200] "GET /img/icons/IPS.svg HTTP/1.1" 200 508
176.198.173.35 - - [05/28/2020:19:26:53 +0200] "GET /img/icons/Warning.svg HTTP/1.1" 200 504
176.198.173.35 - - [05/28/2020:19:26:53 +0200] "GET /img/icons/Edit.svg HTTP/1.1" 200 493
176.198.173.35 - - [05/28/2020:19:26:55 +0200] "POST /api/WFC_GetSnapshot HTTP/1.1" 200 228639
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/webfront.css HTTP/1.1" 200 316
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons.css HTTP/1.1" 200 1168
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 667
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /img/icons/HollowArrowRight.svg HTTP/1.1" 200 434
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /img/icons/HollowArrowLeft.svg HTTP/1.1" 200 433
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /img/icons/Wave.svg HTTP/1.1" 200 555
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /img/icons/Bulb.svg HTTP/1.1" 200 622
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/IPS.png HTTP/1.1" 200 5130
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /img/icons/Mail.svg HTTP/1.1" 200 504
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Warning.png HTTP/1.1" 200 4530
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Mail32.png HTTP/1.1" 200 1150
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Observationcamera32.png HTTP/1.1" 200 1045
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Fire32.png HTTP/1.1" 200 2039
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Bulb.png HTTP/1.1" 200 4471
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Battery32.png HTTP/1.1" 200 919
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Socket32.png HTTP/1.1" 200 1003
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Laptop32.png HTTP/1.1" 200 1127
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Electricmeter32.png HTTP/1.1" 200 1412
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/TemperaturePlus32.png HTTP/1.1" 200 1135
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Lawnmower_32.png HTTP/1.1" 200 843
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Sun_Cloud2_32.png HTTP/1.1" 200 1596
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Headphone1_32.png HTTP/1.1" 200 2254
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Mail.png HTTP/1.1" 200 4596
35.237.4.214 - - [05/28/2020:19:27:02 +0200] "GET / HTTP/1.1" 200 7392
176.198.173.35 - - [05/28/2020:19:27:03 +0200] "GET /user/skins/DarkSkin/icons/Script.png HTTP/1.1" 200 4732
176.198.173.35 - - [05/28/2020:19:27:03 +0200] "GET /user/skins/DarkSkin/icons/Graph.png HTTP/1.1" 200 4312
176.198.173.35 - - [05/28/2020:19:27:03 +0200] "GET /img/icons/Return.svg HTTP/1.1" 200 456
176.198.173.35 - - [05/28/2020:19:27:03 +0200] "GET /user/skins/DarkSkin/icons/Image.png HTTP/1.1" 200 4552
176.198.173.35 - - [05/28/2020:19:27:12 +0200] "GET /user/skins/DarkSkin/icons/Motion.png HTTP/1.1" 200 4462
176.198.173.35 - - [05/28/2020:19:27:12 +0200] "GET /user/skins/DarkSkin/icons/Distance.png HTTP/1.1" 200 4994
176.198.173.35 - - [05/28/2020:19:27:20 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 667
176.198.173.35 - - [05/28/2020:19:27:24 +0200] "GET /img/icons/Paintbrush.svg HTTP/1.1" 200 540
176.198.173.35 - - [05/28/2020:19:27:29 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:34 +0200] "GET /img/icons/Intensity-0.svg HTTP/1.1" 200 463
176.198.173.35 - - [05/28/2020:19:27:34 +0200] "GET /img/icons/Intensity-50.svg HTTP/1.1" 200 471
176.198.173.35 - - [05/28/2020:19:27:34 +0200] "GET /img/icons/Intensity-75.svg HTTP/1.1" 200 476
176.198.173.35 - - [05/28/2020:19:27:34 +0200] "GET /img/icons/Intensity-25.svg HTTP/1.1" 200 468
176.198.173.35 - - [05/28/2020:19:27:37 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:38 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:39 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:41 +0200] "GET /user/skins/DarkSkin/icons/Sun.png HTTP/1.1" 200 5002
176.198.173.35 - - [05/28/2020:19:27:41 +0200] "GET /user/skins/DarkSkin/icons/Power.png HTTP/1.1" 200 5268
176.198.173.35 - - [05/28/2020:19:27:41 +0200] "GET /img/icons/TurnRight.svg HTTP/1.1" 200 768
176.198.173.35 - - [05/28/2020:19:27:41 +0200] "GET /user/skins/DarkSkin/icons/ArrowRight.png HTTP/1.1" 200 4514
176.198.173.35 - - [05/28/2020:19:27:41 +0200] "GET /img/icons/Intensity-100.svg HTTP/1.1" 200 478
176.198.173.35 - - [05/28/2020:19:27:43 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 65
176.198.173.35 - - [05/28/2020:19:27:44 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 65
176.198.173.35 - - [05/28/2020:19:27:46 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 65
176.198.173.35 - - [05/28/2020:19:27:46 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 65
176.198.173.35 - - [05/28/2020:19:27:47 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 65
176.198.173.35 - - [05/28/2020:19:27:49 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 64
176.198.173.35 - - [05/28/2020:19:27:49 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 63
176.198.173.35 - - [05/28/2020:19:27:50 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 65
176.198.173.35 - - [05/28/2020:19:27:50 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 65
176.198.173.35 - - [05/28/2020:19:27:54 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:55 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:55 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:56 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:56 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:57 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:57 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:58 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:58 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 65
176.198.173.35 - - [05/28/2020:19:27:59 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:59 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:00 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:00 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:00 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:01 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:04 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:05 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:07 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:07 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:08 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:08 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:08 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:09 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:10 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:11 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:11 +0200] "GET /user/skins/DarkSkin/icons/Speaker.png HTTP/1.1" 200 4883
176.198.173.35 - - [05/28/2020:19:28:13 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 65
176.198.173.35 - - [05/28/2020:19:28:15 +0200] "GET /user/skins/DarkSkin/icons/Shutter.png HTTP/1.1" 200 4798
176.198.173.35 - - [05/28/2020:19:28:15 +0200] "GET /user/skins/DarkSkin/icons/Shutter00032.png HTTP/1.1" 200 1606
176.198.173.35 - - [05/28/2020:19:28:15 +0200] "GET /user/skins/DarkSkin/icons/Arrow2_Up_32.png HTTP/1.1" 200 544
176.198.173.35 - - [05/28/2020:19:28:15 +0200] "GET /user/skins/DarkSkin/icons/Flag.png HTTP/1.1" 200 4556
176.198.173.35 - - [05/28/2020:19:28:16 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:16 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:16 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:16 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:24 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 136
176.198.173.35 - - [05/28/2020:19:28:24 +0200] "GET /img/icons/Close.svg HTTP/1.1" 200 445
176.198.173.35 - - [05/28/2020:19:28:25 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 111
176.198.173.35 - - [05/28/2020:19:28:25 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:25 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:29 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 117
176.198.173.35 - - [05/28/2020:19:28:29 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:34 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:37 +0200] "GET /user/IPS-Highcharts.php?ScriptId=22827 HTTP/1.1" 200 3401
176.198.173.35 - - [05/28/2020:19:28:37 +0200] "GET /user/IPS-Highcharts.php?ScriptId=30544 HTTP/1.1" 200 2676
176.198.173.35 - - [05/28/2020:19:28:37 +0200] "GET /user/IPS-Highcharts.php?ScriptId=17307 HTTP/1.1" 200 20976
176.198.173.35 - - [05/28/2020:19:28:37 +0200] "GET /user/IPS-Highcharts.php?ScriptId=30547 HTTP/1.1" 200 38971
176.198.173.35 - - [05/28/2020:19:28:42 +0200] "GET /user/skins/DarkSkin/icons/Clock.png HTTP/1.1" 200 5187
176.198.173.35 - - [05/28/2020:19:28:42 +0200] "GET /img/icons/clock/Clock-23-00.svg HTTP/1.1" 200 1319
176.198.173.35 - - [05/28/2020:19:28:42 +0200] "GET /img/icons/Gauge.svg HTTP/1.1" 200 492
176.198.173.35 - - [05/28/2020:19:28:42 +0200] "GET /img/icons/clock/Clock-12-00.svg HTTP/1.1" 200 1326
176.198.173.35 - - [05/28/2020:19:28:42 +0200] "GET /img/icons/clock/Clock-17-30.svg HTTP/1.1" 200 1319
176.198.173.35 - - [05/28/2020:19:28:43 +0200] "GET /user/skins/DarkSkin/icons/Database.png HTTP/1.1" 200 4495
176.198.173.35 - - [05/28/2020:19:28:46 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:47 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:47 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:48 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 98
176.198.173.35 - - [05/28/2020:19:28:48 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 98
176.198.173.35 - - [05/28/2020:19:28:55 +0200] "GET /img/icons/clock/Clock-20-00.svg HTTP/1.1" 200 1322
176.198.173.35 - - [05/28/2020:19:29:19 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 91
176.198.173.35 - - [05/28/2020:19:29:21 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:30:45 +0200] "GET /user/skins/DarkSkin/icons/Shift.png HTTP/1.1" 200 4498
176.198.173.35 - - [05/28/2020:19:30:47 +0200] "GET /api/ HTTP/1.1" 200 64
176.198.173.35 - - [05/28/2020:19:30:47 +0200] "GET / HTTP/1.1" 200 3236
176.198.173.35 - - [05/28/2020:19:30:47 +0200] "GET /css/webfront.css HTTP/1.1" 200 8728
176.198.173.35 - - [05/28/2020:19:30:47 +0200] "GET /img/logo.svg HTTP/1.1" 200 2977
176.198.173.35 - - [05/28/2020:19:30:47 +0200] "GET /img/spinner.svg HTTP/1.1" 200 336
176.198.173.35 - - [05/28/2020:19:30:48 +0200] "GET /js/webfront.js HTTP/1.1" 200 178957
176.198.173.35 - - [05/28/2020:19:30:48 +0200] "POST /api/WFC_GetSnapshot HTTP/1.1" 200 228394
176.198.173.35 - - [05/28/2020:19:30:49 +0200] "GET /user/skins/DarkSkin/webfront.css HTTP/1.1" 200 316
176.198.173.35 - - [05/28/2020:19:30:49 +0200] "GET /user/skins/DarkSkin/icons.css HTTP/1.1" 200 1168
176.198.173.35 - - [05/28/2020:19:30:49 +0200] "GET /img/icons/HollowArrowRight.svg HTTP/1.1" 200 434
176.198.173.35 - - [05/28/2020:19:30:49 +0200] "GET /img/icons/HollowArrowLeft.svg HTTP/1.1" 200 433
176.198.173.35 - - [05/28/2020:19:30:49 +0200] "GET /img/icons/Wave.svg HTTP/1.1" 200 555
176.198.173.35 - - [05/28/2020:19:30:49 +0200] "GET /img/icons/TurnRight.svg HTTP/1.1" 200 768
176.198.173.35 - - [05/28/2020:19:30:49 +0200] "GET /img/icons/Bulb.svg HTTP/1.1" 200 622
176.198.173.35 - - [05/28/2020:19:30:49 +0200] "GET /img/icons/Shift.svg HTTP/1.1" 200 466
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/Mail32.png HTTP/1.1" 200 1150
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/Observationcamera32.png HTTP/1.1" 200 1045
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/Fire32.png HTTP/1.1" 200 2039
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/Socket32.png HTTP/1.1" 200 1003
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/Battery32.png HTTP/1.1" 200 919
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/Bulb.png HTTP/1.1" 200 4471
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/Laptop32.png HTTP/1.1" 200 1127
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/Electricmeter32.png HTTP/1.1" 200 1412
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/TemperaturePlus32.png HTTP/1.1" 200 1135
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/Lawnmower_32.png HTTP/1.1" 200 843
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/Sun_Cloud2_32.png HTTP/1.1" 200 1596
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/Headphone1_32.png HTTP/1.1" 200 2254
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/Shift.png HTTP/1.1" 200 4498
176.198.173.35 - - [05/28/2020:19:31:05 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 69
176.198.173.35 - - [05/28/2020:19:31:05 +0200] "GET /user/skins/DarkSkin/icons/Mail.png HTTP/1.1" 200 4596
176.198.173.35 - - [05/28/2020:19:31:06 +0200] "GET /user/skins/DarkSkin/icons/Graph.png HTTP/1.1" 200 4312
176.198.173.35 - - [05/28/2020:19:31:06 +0200] "GET /img/icons/Paintbrush.svg HTTP/1.1" 200 540
176.198.173.35 - - [05/28/2020:19:31:10 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 65
176.198.173.35 - - [05/28/2020:19:31:14 +0200] "GET /img/icons/Intensity-0.svg HTTP/1.1" 200 463
176.198.173.35 - - [05/28/2020:19:31:14 +0200] "GET /img/icons/Intensity-50.svg HTTP/1.1" 200 471
176.198.173.35 - - [05/28/2020:19:31:14 +0200] "GET /img/icons/Intensity-75.svg HTTP/1.1" 200 476
176.198.173.35 - - [05/28/2020:19:31:14 +0200] "GET /img/icons/Intensity-25.svg HTTP/1.1" 200 468
176.198.173.35 - - [05/28/2020:19:31:14 +0200] "GET /user/skins/DarkSkin/icons/Script.png HTTP/1.1" 200 4732
176.198.173.35 - - [05/28/2020:19:31:14 +0200] "GET /img/icons/Return.svg HTTP/1.1" 200 456
176.198.173.35 - - [05/28/2020:19:31:19 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 106
176.198.173.35 - - [05/28/2020:19:31:19 +0200] "GET /img/icons/Close.svg HTTP/1.1" 200 445
176.198.173.35 - - [05/28/2020:19:31:20 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 106
176.198.173.35 - - [05/28/2020:19:31:21 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:25 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 188
176.198.173.35 - - [05/28/2020:19:31:26 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 188
176.198.173.35 - - [05/28/2020:19:31:28 +0200] "GET /user/skins/DarkSkin/icons/Sun.png HTTP/1.1" 200 5002
176.198.173.35 - - [05/28/2020:19:31:28 +0200] "GET /user/skins/DarkSkin/icons/Power.png HTTP/1.1" 200 5268
176.198.173.35 - - [05/28/2020:19:31:28 +0200] "GET /user/skins/DarkSkin/icons/ArrowRight.png HTTP/1.1" 200 4514
176.198.173.35 - - [05/28/2020:19:31:28 +0200] "GET /img/icons/Intensity-100.svg HTTP/1.1" 200 478
176.198.173.35 - - [05/28/2020:19:31:31 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:31 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:32 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:33 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:33 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:34 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:35 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:35 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:40 +0200] "GET /user/skins/DarkSkin/icons/Shutter.png HTTP/1.1" 200 4798
176.198.173.35 - - [05/28/2020:19:31:40 +0200] "GET /user/skins/DarkSkin/icons/Shutter00032.png HTTP/1.1" 200 1606
176.198.173.35 - - [05/28/2020:19:31:40 +0200] "GET /user/skins/DarkSkin/icons/Flag.png HTTP/1.1" 200 4556
176.198.173.35 - - [05/28/2020:19:31:40 +0200] "GET /user/skins/DarkSkin/icons/Arrow2_Up_32.png HTTP/1.1" 200 544
176.198.173.35 - - [05/28/2020:19:31:40 +0200] "GET /user/skins/DarkSkin/icons/Image.png HTTP/1.1" 200 4552
176.198.173.35 - - [05/28/2020:19:31:41 +0200] "GET /user/IPS-Highcharts.php?ScriptId=22827 HTTP/1.1" 200 3401
176.198.173.35 - - [05/28/2020:19:31:41 +0200] "GET /user/IPS-Highcharts.php?ScriptId=30544 HTTP/1.1" 200 2676
176.198.173.35 - - [05/28/2020:19:31:41 +0200] "GET /user/IPS-Highcharts.php?ScriptId=17307 HTTP/1.1" 200 20976
176.198.173.35 - - [05/28/2020:19:31:41 +0200] "GET /user/IPS-Highcharts.php?ScriptId=30547 HTTP/1.1" 200 38971
176.198.173.35 - - [05/28/2020:19:31:42 +0200] "GET /user/skins/DarkSkin/icons/Clock.png HTTP/1.1" 200 5187
176.198.173.35 - - [05/28/2020:19:31:42 +0200] "GET /img/icons/clock/Clock-17-30.svg HTTP/1.1" 200 1319
176.198.173.35 - - [05/28/2020:19:31:42 +0200] "GET /img/icons/clock/Clock-23-00.svg HTTP/1.1" 200 1319
176.198.173.35 - - [05/28/2020:19:31:42 +0200] "GET /img/icons/clock/Clock-12-00.svg HTTP/1.1" 200 1326
176.198.173.35 - - [05/28/2020:19:31:42 +0200] "GET /img/icons/Gauge.svg HTTP/1.1" 200 492
176.198.173.35 - - [05/28/2020:19:31:42 +0200] "GET /user/skins/DarkSkin/icons/Database.png HTTP/1.1" 200 4495
176.198.173.35 - - [05/28/2020:19:31:43 +0200] "GET /user/skins/DarkSkin/icons/Brightness32.png HTTP/1.1" 200 1086
176.198.173.35 - - [05/28/2020:19:31:44 +0200] "GET /img/icons/clock/Clock-20-00.svg HTTP/1.1" 200 1322
176.198.173.35 - - [05/28/2020:19:31:45 +0200] "GET /user/skins/DarkSkin/icons/Speaker.png HTTP/1.1" 200 4883
176.198.173.35 - - [05/28/2020:19:31:46 +0200] "GET /user/IPS-Highcharts.php?ScriptId=30544 HTTP/1.1" 200 2676
176.198.173.35 - - [05/28/2020:19:31:46 +0200] "GET /user/IPS-Highcharts.php?ScriptId=22827 HTTP/1.1" 200 3401
176.198.173.35 - - [05/28/2020:19:31:46 +0200] "GET /user/IPS-Highcharts.php?ScriptId=17307 HTTP/1.1" 200 20976
176.198.173.35 - - [05/28/2020:19:31:46 +0200] "GET /user/IPS-Highcharts.php?ScriptId=30547 HTTP/1.1" 200 38971
176.198.173.35 - - [05/28/2020:19:31:52 +0200] "GET /user/IPS-Highcharts.php?ScriptId=30544 HTTP/1.1" 200 2676
176.198.173.35 - - [05/28/2020:19:31:52 +0200] "GET /user/IPS-Highcharts.php?ScriptId=22827 HTTP/1.1" 200 3401
176.198.173.35 - - [05/28/2020:19:31:52 +0200] "GET /user/IPS-Highcharts.php?ScriptId=30547 HTTP/1.1" 200 38971
176.198.173.35 - - [05/28/2020:19:31:52 +0200] "GET /user/IPS-Highcharts.php?ScriptId=17307 HTTP/1.1" 200 20976
176.198.173.35 - - [05/28/2020:19:31:54 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:56 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:56 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:56 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:56 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:56 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:57 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:57 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:57 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:57 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:57 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:57 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:57 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:58 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:58 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:58 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:58 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:58 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:59 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:59 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:59 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:59 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:59 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:59 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:32:00 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:32:05 +0200] "GET / HTTP/1.1" 200 3236
176.198.173.35 - - [05/28/2020:19:32:05 +0200] "GET /css/webfront.css HTTP/1.1" 200 8728
176.198.173.35 - - [05/28/2020:19:32:05 +0200] "GET /img/logo.svg HTTP/1.1" 200 2977
176.198.173.35 - - [05/28/2020:19:32:05 +0200] "GET /img/spinner.svg HTTP/1.1" 200 336
176.198.173.35 - - [05/28/2020:19:32:05 +0200] "GET /js/webfront.js HTTP/1.1" 200 178957
176.198.173.35 - - [05/28/2020:19:32:05 +0200] "POST /api/WFC_GetSnapshot HTTP/1.1" 200 228282
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/webfront.css HTTP/1.1" 200 316
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons.css HTTP/1.1" 200 1168
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /img/icons/HollowArrowRight.svg HTTP/1.1" 200 434
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /img/icons/HollowArrowLeft.svg HTTP/1.1" 200 433
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /img/icons/Graph.svg HTTP/1.1" 200 450
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /img/icons/Image.svg HTTP/1.1" 200 815
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Observationcamera32.png HTTP/1.1" 200 1045
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Fire32.png HTTP/1.1" 200 2039
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Mail32.png HTTP/1.1" 200 1150
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Bulb.png HTTP/1.1" 200 4471
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Battery32.png HTTP/1.1" 200 919
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Socket32.png HTTP/1.1" 200 1003
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Electricmeter32.png HTTP/1.1" 200 1412
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /img/icons/Wave.svg HTTP/1.1" 200 555
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /img/icons/Bulb.svg HTTP/1.1" 200 622
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /img/icons/Script.svg HTTP/1.1" 200 474
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /img/icons/Return.svg HTTP/1.1" 200 456
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Laptop32.png HTTP/1.1" 200 1127
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Lawnmower_32.png HTTP/1.1" 200 843
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Sun_Cloud2_32.png HTTP/1.1" 200 1596
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/TemperaturePlus32.png HTTP/1.1" 200 1135
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Headphone1_32.png HTTP/1.1" 200 2254
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Script.png HTTP/1.1" 200 4732
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Graph.png HTTP/1.1" 200 4312
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Image.png HTTP/1.1" 200 4552
176.198.173.35 - - [05/28/2020:19:32:10 +0200] "GET /user/skins/DarkSkin/icons/Speaker.png HTTP/1.1" 200 4883
176.198.173.35 - - [05/28/2020:19:32:31 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 69
176.198.173.35 - - [05/28/2020:19:32:31 +0200] "GET /user/skins/DarkSkin/icons/Mail.png HTTP/1.1" 200 4596
176.198.173.35 - - [05/28/2020:19:32:35 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 188
176.198.173.35 - - [05/28/2020:19:32:35 +0200] "GET /img/icons/Close.svg HTTP/1.1" 200 445
176.198.173.35 - - [05/28/2020:19:32:36 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 188
176.198.173.35 - - [05/28/2020:19:32:36 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 188
176.198.173.35 - - [05/28/2020:19:32:36 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 188
176.198.173.35 - - [05/28/2020:19:32:37 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 188
176.198.173.35 - - [05/28/2020:19:32:37 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 188
176.198.173.35 - - [05/28/2020:19:32:38 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 187
176.198.173.35 - - [05/28/2020:19:32:38 +0200] "GET / HTTP/1.1" 200 3236
176.198.173.35 - - [05/28/2020:19:32:38 +0200] "GET /css/webfront.css HTTP/1.1" 200 8728
176.198.173.35 - - [05/28/2020:19:32:38 +0200] "GET /img/spinner.svg HTTP/1.1" 200 336
176.198.173.35 - - [05/28/2020:19:32:38 +0200] "GET /img/logo.svg HTTP/1.1" 200 2977
176.198.173.35 - - [05/28/2020:19:32:38 +0200] "GET /favicon.ico HTTP/1.1" 200 5430
176.198.173.35 - - [05/28/2020:19:32:38 +0200] "GET /js/webfront.js HTTP/1.1" 200 178957
176.198.173.35 - - [05/28/2020:19:32:39 +0200] "POST /api/WFC_GetSnapshot HTTP/1.1" 200 228229
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/webfront.css HTTP/1.1" 200 316
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons.css HTTP/1.1" 200 1168
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /img/icons/Wave.svg HTTP/1.1" 200 555
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /img/icons/HollowArrowLeft.svg HTTP/1.1" 200 433
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /img/icons/HollowArrowRight.svg HTTP/1.1" 200 434
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /img/icons/Bulb.svg HTTP/1.1" 200 622
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /img/icons/Graph.svg HTTP/1.1" 200 450
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/Fire32.png HTTP/1.1" 200 2039
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/Mail32.png HTTP/1.1" 200 1150
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/Battery32.png HTTP/1.1" 200 919
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/Bulb.png HTTP/1.1" 200 4471
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/Observationcamera32.png HTTP/1.1" 200 1045
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/Socket32.png HTTP/1.1" 200 1003
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/Electricmeter32.png HTTP/1.1" 200 1412
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/TemperaturePlus32.png HTTP/1.1" 200 1135
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/Lawnmower_32.png HTTP/1.1" 200 843
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/Graph.png HTTP/1.1" 200 4312
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/Laptop32.png HTTP/1.1" 200 1127
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/Sun_Cloud2_32.png HTTP/1.1" 200 1596
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/Headphone1_32.png HTTP/1.1" 200 2254
176.198.173.35 - - [05/28/2020:19:32:42 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 189
176.198.173.35 - - [05/28/2020:19:32:42 +0200] "GET /img/icons/Close.svg HTTP/1.1" 200 445
176.198.173.35 - - [05/28/2020:19:32:42 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 188

Any ideas ?

LG Tom

paresy · 28. Mai 2020 um 22:33

Hast du korrekt ein Kennwort gesetzt? Denn derjenige darf das WebFront auf jeden Fall laden! Ich glauben nicht, dass er das können soll, oder?

EDIT: Auf deiner Connect Adresse sehe ich mindestens zwei WebFronts ohne Kennwort!


176.198.173.35 - - [05/28/2020:19:26:47 +0200] "POST /api/WFC_GetSnapshot HTTP/1.1" 200 225600

paresy

remote-it · 29. Mai 2020 um 09:42

Hi Paresy,

für den externen Zugriff auf das betroffene WF war bzw. ist ein Kennwort gesetzt, die anderen beiden WebFronts sind ohne aktive Funktion bzw. leer.

LG Tom

remote-it · 3. Juni 2020 um 15:56

Tja,

Mea culpa - ein „altes“ vergessenes Test-WF ohne PWD … und dazu noch auf einem Fast-Standard Port, sehr sträflich und nachlässig von mir :eek:

Aber es hat die Sinne geschärft und die Disziplin wieder nach vorne gerückt :rolleyes:

@Paresy: Danke für die Antwort

@Lupo2003: da hat uns definitv DERSELBE gefoppt - wenn mir das im Fernurlaub passiert wäre … schauder

LG Tom

volkerm · 3. Juni 2020 um 15:59

Wie war denn der Zugriffsweg auf eure Installationen, war das über den Symcon Connect-Dienst oder anderweitig?

ralf · 3. Juni 2020 um 16:24

Es gibt da leider immer wieder „Vergesslichkeiten“, „Unwissen“ oder „Leichtsinn“, wenn ihr bei Shodan nach symcon sucht, dann gibt es immer mal wieder interessante Treffer :(.

Der „Weg“ ist nicht so spannend, da letztendlich IP Ranges, gern auch die dynamischen der verschiedenen Provider, gescannt werden. Dadurch ändert sich natürlich auch immer wieder etwas bei shodan, man bekommt ja nicht immer und bei jedem Provider die gleiche IP bei einem Reconnect. Und wie man dort erkennen kann, werden auch „nicht standard“ Ports gefunden ;).

Beim connect funktioniert der Zugriff „anders“.

volkerm · 3. Juni 2020 um 17:57

Hallo Ralf,

ich habe deine Antwort nicht verstanden, daher nochmal die Frage:
War es hier ein direkter Zugriff über geöffnete Ports oder über den Symcon Connect-Dienst?

DerStandart · 3. Juni 2020 um 18:22

Es ist völlig egal, worüber der Zugriff erfolgte. Ein WebFront ohne Passwort steht für jedermann, der entsprechende Suchmaschinen oder Tools bedienen kann, offen wie ein Scheunentor.

Eine nicht ganz unbekannte Juwelierkette hatte auch mal ein ungesichertes WebFront. Da hätte man aber zum Glück nur Einfluss auf die Klimaanlage nehmen können.

Daher: immer schön das Widget „Sicherheit“ anzeigen lassen.

Bayaro · 3. Juni 2020 um 18:24

Es ist nicht völlig egal wie der Zugriff stattgefunden ht … der Zugriff über eine Portweiterleitung wurde gescannt und ist einfach - aber einen Zugriff über Connect kann man eher schlecht scannen und würde mich deutlich mehr „irritieren“!

Grüße,
Chris

ralf · 3. Juni 2020 um 18:38

Ich hatte ja geschrieben „connect macht das anders“.

Zugriff über connect halte ich für sehr unwahrscheinlich, wenn auch nicht für absolut unmöglich, da mit einem slow brute force Angriff die Buchstaben durchgetestet werden könnten und vorhandene Sicherheitsmaßnahmen unterlaufen werden könnten.

Das würde aber (sehr) lange dauern und hoffentlich meist zu einem passwortgeschützten Webfront führen, bei dem dann noch das Passwort durchprobiert werden müsste.

Nichts ist im Security Bereich unmöglich, deshalb müssen die Hürden möglichst hoch sein.

Bayaro · 3. Juni 2020 um 18:43

Ich arbeite im IT-Bereich, bin da also nicht ganz unbedarft…deshalb wäre die Zugriffsmethode schon interessant - auch wenn ich mir sicher bin, dass es über eine Portweiterleitung ging. Shodan lässt grüßen

Was auch interessant wäre - hat IPS im Connect Dienst auch eine „Sicherheit“ eingebaut? Zum Beispiel eine Überwachung, ob eine IP verschiedene Connects durchprobiert, oder allgemein, ob es „Auffälligkeiten“ beim Zugriffsverhalten über den Connect Dienst gibt - auch hier gibt es ja anonyme Analysemöglichkeiten.

-Chris-

DerStandart · 3. Juni 2020 um 18:45

Ich wollte mit meinem Beitrag ausdrücken, dass ein Webfront mit Passwort zu schützen ist … ohne wenn und aber. Wenn ein Kennwort gesetzt ist, ist es egal worüber der Angreifer kommt, denn er kommt nicht rein.

Aber ich weiß schon, woher der Wind weht …

volkerm · 3. Juni 2020 um 20:19

Im ersten Beitrag ja angeblich doch, trotz Passwort … Ich wollte auch gar nicht theoretisieren, sondern fragen wie hier der Zugriffsweg war. Oder kann man das gar nicht nachvollziehen?

paresy · 3. Juni 2020 um 21:43

Man kann am access.log leider nicht differenzieren zwischen Port Weiterleitung und dem Connect Dienst.

Die lange URL im Connect Dienst bietet jedoch niemals irgendeine Sicherheit. Darauf darf man nicht vertrauen.
Wie es so gerne heißt… Security by Obscurity ist nix

paresy

Bayaro · 3. Juni 2020 um 21:49

Passwort ist natürlich die Grundvoraussetzung und Pflicht Ob es auch mit Passwort eine Sicherheitslücke gibt die einen Zugriff ermöglicht - wer weiß das schon - nichts ist unmöglich

Wenn es eine Portweiterleitung gibt, weiß man das ja und kann sich schon denken wie der Zugriff erfolgte - wenn es keine Portweiterleitung gibt, bleibt nur der Connect.

-Chris-

paresy · 3. Juni 2020 um 22:07

Meiner Meinung nach auch vernachlässigen die Information. Der Connect Dienst ist im weitesten Sinne eine über uns geroutete Port-Weiterleitung. Somit ist der Angriffsvektor fast genau der selbe. Nur die Domain zu erraten ist etwas schwieriger. Wobei die IP zu erraten auch nicht simpel ist

paresy

Bayaro · 3. Juni 2020 um 22:10

Um die IP kümmert sich Shodan ganz von alleine Wenn man eine Firewall bei sich laufen hat, sieht man regelmäßig die Scans von denen

@paresy: Habt ihr im Connect irgendwelche Mechanismen die „aufpassen“, oder wird einfach alles ohne „Kontrolle“ weitergeleitet?

-Chris-

ralf · 3. Juni 2020 um 22:12

Die IP Bänder sind öffentlich dokumentiert, den jeweiligen Providern zugeordnet und jedes Script-Kiddie kann Software zum Portscan aufgerufen.

Oder „professioneller“ Kali-Linux mit allen notwendigen Tools und etwas mehr Know-how-Bedarf ;).