Cookie or other attacks?

[Frode Fuglestad]

Hey,

I recently enabled my.openhab.org in my openhab 1.6.2 installation on port 8080.

Today I went through some log entries in openhab.log and found some suspicious lines:

2015-07-08 20:43:07.712 [ERROR] [.myopenhab.internal.MyOHClient] - Socket.IO error: com.github.nkzawa.engineio.client.EngineIOException: xhr post error

2015-07-08 20:43:07.722 [INFO ] [.myopenhab.internal.MyOHClient] - Disconnected from my.openHAB service (UUID = 1ac4b23c-96ef-49b8-8330-XXXXXXX, base URL = http://localhost:8080)

2015-07-08 20:45:01.354 [ERROR] [.myopenhab.internal.MyOHClient] - Socket.IO error: not authorized

2015-07-08 20:45:36.233 [ERROR] [.myopenhab.internal.MyOHClient] - Socket.IO error: com.github.nkzawa.engineio.client.EngineIOException: xhr post error

2015-07-08 20:45:36.242 [INFO ] [.myopenhab.internal.MyOHClient] - Disconnected from my.openHAB service (UUID = 1ac4b23c-96ef-49b8-8330-XXXXXXX, base URL = http://localhost:8080)

2015-07-08 20:47:23.848 [ERROR] [.myopenhab.internal.MyOHClient] - Socket.IO error: not authorized

2015-07-09 08:37:30.797 [WARN ] [org.eclipse.jetty.io.nio      ] - javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

2015-07-09 08:37:39.408 [WARN ] [org.eclipse.jetty.io.nio      ] - javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

2015-07-09 08:37:40.433 [WARN ] [org.eclipse.jetty.io.nio      ] - javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

2015-07-09 08:37:43.343 [WARN ] [org.eclipse.jetty.io.nio      ] - javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

2015-07-09 08:38:26.833 [WARN ] [org.eclipse.jetty.io.nio      ] - javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

2015-07-09 08:38:26.834 [WARN ] [org.eclipse.jetty.io.nio      ] - javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

2015-07-09 18:28:04.888 [WARN ] [ipse.jetty.server.CookieCutter] - java.lang.IllegalArgumentException: Cookie name "Greetz to M, st0n3d, Jorgee, CoLdZeRo and justa" is a reserved token

PS I changed the last part of my UUID for this reference..

Anyone know what happend here?

-Frode

[Victor Belov]

Hi,

Just noticed I didn't copy the group while discussing it with you :-( So the explanation is that you have a directly opened ports of openHAB to the internet and somebody was scanning your openhab for shell venerability. The main idea of my.openHAB is that you really don't need to open any ports at all to get remote access to your openHAB to protect it from such stuff.

--
You received this message because you are subscribed to the Google Groups "my.openHAB" group.
To unsubscribe from this group and stop receiving emails from it, send an email to myopenhab+...@googlegroups.com.
To post to this group, send email to myop...@googlegroups.com.
Visit this group at http://groups.google.com/group/myopenhab.
To view this discussion on the web visit https://groups.google.com/d/msgid/myopenhab/01f48d97-a65f-48bc-b186-9fae04dd8359%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[rw8...@gmail.com]

Hi,

i'm getting the same log entries while using (mainly starting/closing) the openhab iOS native app

maybe your're using it, too?