Incomming connection from 180.97.x.x

[Pierre1958]

hello,

In the log I found some incomming connections from an IP number that I not recognice.(different IP numbers!)

Is there somebody who knows why there is this incomming connection, I never saw this before.

Sinds I update to v3.4951 for two weeks Domoticz hangs every 2 days and I have to restart it to run.
Domoticz is running on Ubuntu 14.04.

Is this a problem in v3.4951 or is there someone who has this too?

I now overrule this by restarting Domoticz every night with Webmin.

regards,

Pierre

[woody4165]

Have you tried to access from outside network?

[jvdz]

Looks like you have some chinees guests.
Hope you have a "good set of locks" with encryption on your server as they are connecting to your domoticz server when you see this in your Domoticz log.

Jos

[woody4165]

How can we do "good set of locks" ?

[jvdz]

This is what I do to provide extra security as I do have the option to access it from the outside:

• use an none standard IP port on the public side which is natted to the raspberry on another none standard port.
• Run NGINX with ssl encryption and userid&password authentication to reverse proxy into Domoticz.
• Have the same userid&password in domoticz setup to allow for a single sign-on.
• Run fail2ban on the NGINX log and lock anybody immediately for a set period when trying to login without or with improper userid&password combination.
• Send an telegram notification anytime somebody is banned so I know when somebody is trying to hack me.

Jos

[woody4165]

Thanks!!

Should I follow all of some of the paragraph here?
http://www.domoticz.com/wiki/Secure_Nginx_Proxy_Setup

[jvdz]

That is indeed the part for the NGINX reverse proxy with ssl setup.

Jos

[woody4165]

Isn't it already active in the actual Domoticz version?

Please note! Domoticz now has native HTTPS / SSL support since Version 2.2563 (June 14th 2015)

[jvdz]

Yes, call me paranoid, but Domoticz is build for automating my house and NGINX is build to be a solid webserver. They are both damn good at it if I might add!
It also allows me to have a easy way of implementing fail2ban to scan for people trying to portscan the installation and ban them by simply monitoring the NGINX error log.

Jos

[woody4165]

Yes, call me paranoid, but Domoticz is build for automating my house and NGINX is build to be a solid webserver. They are both damn good at it if I might add!
It also allows me to have a easy way of implementing fail2ban to scan for people trying to portscan the installation and ban them by simply monitoring the NGINX error log.

Jos

I'm trying to follow instructions, but I get error when I launch nginx service.
I had also issue on installing nginx-full probably because it's already installed or it's partially installed.

I'll make another installation of domoticz on another SD card and try from scratch...

Inviato con Tapatalk

[jvdz]

Think you are right that is was installed in the past on the sd image distributed here, but not sure whether that is still the case.
I saw also the the Wiki is changed a little since I set it all up about a year ago, so don't remember all specifics anymore but know it was pretty strait forward at the time.

Jos

[manjh]

Any hints for Windows based Domoticz servers?

[manjh]

Does the fact that this incoming connection is logged mean that they got it, or does it show an atttempt?

[woody4165]

Can I get a notification when there is an incoming connection? Is it traceable?

Inviato con Tapatalk

[randytsuch]

I'm using http://weaved.com/ to make a connection to Domoticz when away from home.

With weaved, I don't have to port forward on my router, nothing is exposed to the outside world.

Weaved is probably a little more trouble to use to make a connection, but I don't expect to do it very often, so it seems like a reasonable way to access domoticz while keeping my home stuff save.

Randy

[pj-r]

It also allows me to have a easy way of implementing fail2ban to scan for people trying to portscan the installation and ban them by simply monitoring the NGINX error log.

Also domoticz is writing messages to log if someone tries to login with wrong user/pw combination. The log message contains IP so you can use fail2ban against this log also. Its working at least with basic authentication.

There's an example log message:

Code: Select all

2016-04-08 10:21:09.187 Error: [web:80] Failed authentication attempt, ignoring client request (remote address: 194.157.XX.XXX)

[manjh]

I'm still not sure if I should be worried.
Whichever port I open up in my router (I can NAT it to the defined port in Domoticz), a hacker could fiind it by simply trying all possible port numers and see what happens.
So at any point in time the hacker WILL find the port.
But then.... I have a userid/pw defined for all non-local logins. How likely is it that the hacker will actually break that barrier? Or is there a secret backdoor in Domoticz that I am not aware of?

[woody4165]

Do you thing is possible to write logs to an external NAS, since I am on RPi I don't wanto to have issues with the SD card...

[jvdz]

I am running a daily script which makes a backup of the Domoticz DB and all my written scripts and puts them into a zip file after which it's copied to my NAS.
This bash script also compiles a file with records from domoticz.log and NGINX access & error.logs, which is also copied to my NAS and allows em easy review of potential issues and security issues.

As to remote access options: MyDomoticz support is also buildin these days, so maybe that is a safe option too? I haven't closely looked at it yet so have no experience with it.

I'm still not sure if I should be worried.

There shouldn't be to much to worry about as long as you use HTTPS/SSL over a none standard ip port to limit the ports scans on the public side, with user authentication in NGINX/Domoticz and Fail2Ban to constantly check the activities.

Jos

[primaryinc]

Hi,

I have the same problem on v 3.5171 runing on Ubuntu 16.04 server.
Internally I had to setup Local Networks setting for Domoticz to work.
Remote access gives me:
2016-05-27 06:12:13.964 Error: [web:443] Failed authentication attempt, ignoring client request
2016-05-26 22:40:11.650 Error: [web:8080] Failed authentication attempt, ignoring client request
I see advice to install and configure NGINX so I´ll have a look at that.