Tentatives de hacks ou pas...?

Bonjour,

Dans mes logs jeedomconnect, j’ai ces warnings à n’en plus finir…
Est-ce des tentatives de hacks ou pas ?
Si oui, comment s’en protéger ?
Merci.

1807|[2023-10-19 07:06:10,069]WARNING : [E-01] Client tried to connect but not with a websocket protocol - connexion aborted ('167.99.223.199', 48066)
1808|UnicodeDecodeError: 'utf-8' codec can't decode byte 0xee in position 4: invalid continuation byte
1809|----------------------------------------
1810|----------------------------------------
1811|Exception occurred during processing of request from ('192.241.198.9', 47318)
1812|Traceback (most recent call last):
1813|File "/usr/lib/python3.9/socketserver.py", line 650, in process_request_thread
1814|self.finish_request(request, client_address)
1815|File "/usr/lib/python3.9/socketserver.py", line 360, in finish_request
1816|self.RequestHandlerClass(request, client_address, self)
1817|File "/var/www/html/plugins/JeedomConnect/resources/JeedomConnectd/websocket_server/websocket_server.py", line 358, in __init__
1818|StreamRequestHandler.__init__(self, socket, addr, server)
1819|File "/usr/lib/python3.9/socketserver.py", line 720, in __init__
1820|self.handle()
1821|File "/var/www/html/plugins/JeedomConnect/resources/JeedomConnectd/websocket_server/websocket_server.py", line 369, in handle
1822|self.handshake()
1823|File "/var/www/html/plugins/JeedomConnect/resources/JeedomConnectd/websocket_server/websocket_server.py", line 530, in handshake
1824|headers = self.read_http_headers()
1825|File "/var/www/html/plugins/JeedomConnect/resources/JeedomConnectd/websocket_server/websocket_server.py", line 519, in read_http_headers
1826|assert http_get.upper().startswith("GET")
1827|AssertionError
1828|----------------------------------------
1829|----------------------------------------
1830|Exception occurred during processing of request from ('162.216.149.37', 63288)
1831|Traceback (most recent call last):
1832|File "/usr/lib/python3.9/socketserver.py", line 650, in process_request_thread
1833|self.finish_request(request, client_address)
1834|File "/usr/lib/python3.9/socketserver.py", line 360, in finish_request
1835|self.RequestHandlerClass(request, client_address, self)
1836|File "/var/www/html/plugins/JeedomConnect/resources/JeedomConnectd/websocket_server/websocket_server.py", line 358, in __init__
1837|StreamRequestHandler.__init__(self, socket, addr, server)
1838|File "/usr/lib/python3.9/socketserver.py", line 720, in __init__
1839|self.handle()
1840|File "/var/www/html/plugins/JeedomConnect/resources/JeedomConnectd/websocket_server/websocket_server.py", line 369, in handle
1841|self.handshake()
1842|File "/var/www/html/plugins/JeedomConnect/resources/JeedomConnectd/websocket_server/websocket_server.py", line 530, in handshake
1843|headers = self.read_http_headers()
1844|File "/var/www/html/plugins/JeedomConnect/resources/JeedomConnectd/websocket_server/websocket_server.py", line 518, in read_http_headers
1845|http_get = self.rfile.readline().decode().strip()
1846|UnicodeDecodeError: 'utf-8' codec can't decode byte 0xee in position 4: invalid continuation byte
1847|----------------------------------------
1848|----------------------------------------
1849|Exception occurred during processing of request from ('162.216.149.37', 63304)
1850|Traceback (most recent call last):
1851|File "/usr/lib/python3.9/socketserver.py", line 650, in process_request_thread
1852|self.finish_request(request, client_address)
1853|File "/usr/lib/python3.9/socketserver.py", line 360, in finish_request
1854|self.RequestHandlerClass(request, client_address, self)
1855|File "/var/www/html/plugins/JeedomConnect/resources/JeedomConnectd/websocket_server/websocket_server.py", line 358, in __init__
1856|StreamRequestHandler.__init__(self, socket, addr, server)
1857|File "/usr/lib/python3.9/socketserver.py", line 720, in __init__
1858|self.handle()
1859|File "/var/www/html/plugins/JeedomConnect/resources/JeedomConnectd/websocket_server/websocket_server.py", line 369, in handle
1860|self.handshake()
1861|File "/var/www/html/plugins/JeedomConnect/resources/JeedomConnectd/websocket_server/websocket_server.py", line 530, in handshake
1862|headers = self.read_http_headers()
1863|File "/var/www/html/plugins/JeedomConnect/resources/JeedomConnectd/websocket_server/websocket_server.py", line 518, in read_http_headers
1864|http_get = self.rfile.readline().decode().strip()
1865|UnicodeDecodeError: 'utf-8' codec can't decode byte 0xca in position 4: invalid continuation byte
1866|----------------------------------------
1867|[2023-10-19 14:25:30,273]WARNING : [E-01] Client tried to connect but not with a websocket protocol - connexion aborted ('193.42.33.176', 40746)
1868|----------------------------------------
1869|Exception occurred during processing of request from ('193.42.33.176', 40748)
1870|Traceback (most recent call last):
1871|File "/usr/lib/python3.9/socketserver.py", line 650, in process_request_thread
1872|self.finish_request(request, client_address)
1873|File "/usr/lib/python3.9/socketserver.py", line 360, in finish_request
1874|self.RequestHandlerClass(request, client_address, self)
1875|File "/var/www/html/plugins/JeedomConnect/resources/JeedomConnectd/websocket_server/websocket_server.py", line 358, in __init__
1876|StreamRequestHandler.__init__(self, socket, addr, server)
1877|File "/usr/lib/python3.9/socketserver.py", line 720, in __init__
1878|self.handle()
1879|File "/var/www/html/plugins/JeedomConnect/resources/JeedomConnectd/websocket_server/websocket_server.py", line 369, in handle
1880|self.handshake()
1881|File "/var/www/html/plugins/JeedomConnect/resources/JeedomConnectd/websocket_server/websocket_server.py", line 530, in handshake
1882|headers = self.read_http_headers()
1883|File "/var/www/html/plugins/JeedomConnect/resources/JeedomConnectd/websocket_server/websocket_server.py", line 518, in read_http_headers
1884|http_get = self.rfile.readline().decode().strip()
1885|UnicodeDecodeError: 'utf-8' codec can't decode byte 0xbb in position 12: invalid start byte
1886|----------------------------------------
1887|[2023-10-19 16:15:48,833]WARNING : [E-01] Client tried to connect but not with a websocket protocol - connexion aborted ('81.161.229.27', 59892)
1888|----------------------------------------
1889|Exception occurred during processing of request from ('81.161.229.27', 59904)
1890|Traceback (most recent call last):
1891|File "/usr/lib/python3.9/socketserver.py", line 650, in process_request_thread
1892|self.finish_request(request, client_address)
1893|File "/usr/lib/python3.9/socketserver.py", line 360, in finish_request
1894|self.RequestHandlerClass(request, client_address, self)
1895|File "/var/www/html/plugins/JeedomConnect/resources/JeedomConnectd/websocket_server/websocket_server.py", line 358, in __init__
1896|StreamRequestHandler.__init__(self, socket, addr, server)
1897|File "/usr/lib/python3.9/socketserver.py", line 720, in __init__
1898|self.handle()
1899|File "/var/www/html/plugins/JeedomConnect/resources/JeedomConnectd/websocket_server/websocket_server.py", line 369, in handle
1900|self.handshake()
1901|File "/var/www/html/plugins/JeedomConnect/resources/JeedomConnectd/websocket_server/websocket_server.py", line 530, in handshake
1902|headers = self.read_http_headers()
1903|File "/var/www/html/plugins/JeedomConnect/resources/JeedomConnectd/websocket_server/websocket_server.py", line 518, in read_http_headers
1904|http_get = self.rfile.readline().decode().strip()
1905|UnicodeDecodeError: 'utf-8' codec can't decode byte 0x8f in position 13: invalid start byte
1906|----------------------------------------

Hello,

N’oublie pas de partager tes infos JC !

Non, ce ne sont pas de réelles tentatives de « hacking », plus de simples scans.
Tu peux t’en convaincre en consultant AbuseIpDb sur les 4 IPs présentes :

• https://www.abuseipdb.com/check/167.99.223.199
• https://www.abuseipdb.com/check/162.216.149.37
• https://www.abuseipdb.com/check/193.42.33.176
• https://www.abuseipdb.com/check/81.161.229.27

En soit, ce n’est pas bien grave et assez normal si ton Jeedom est directement exposé sur Internet, car JC voit que la connexion n’est pas valide, tu devrais d’ailleurs retrouver des connexions de la part de ces IP directement sur Jeedom aussi (dans les logs de connexion http).

(Une amélioration sur Jeedom Connect serait de réduire la verbosité de ces messages.)

Bad

à toi de nous dire …?

image1185×389 60.9 KB

la trace « exception » est voulue, pour justement avoir du détail et s’assurer dans quel cas on est

Ca vaudrait peut-être d’ailleurs le coup de supprimer ces logs qui n’apportent pas grand chose.
il s’agit de scans sur ton port externe 8090 (qui est un port massivement scanné, au meme titre que le 80 ou le 8080). J’imagine que tu l’as laissé par defaut.
Je pense que tu auras beaucoup moins de scan si tu mets un port ésotérique (entre 10000 et 64000) sur l’adresse WS externe (modifier les règles NAT de la box en conséquence)

Norbert

Si la box le permet
(Partage free)

Merci à tous pour vos réponses.

penses à clôturer