Geisterhaus

Hallo,

hatte vorgestern und gestern Abend das Gefühl ein Geisterhaus zu haben
auf einmal ging eine Stehlampe aus - Alle Rollladen im Erdgeschoss fuhren herunter
Die Lichter im Wohnzimmer gingen auf 100%
Alle Temperurregler wurden auf Komfort umgestellt
etc.

Beim ersten Mal hatte ich Alexa im Verdacht - Schnittstelle deaktiviert - gestern das Gleiche (Fast zur gleichen Zeit) wieder

Im Logfile Steht eine IP Adresse176.198.173.35 - - [04/23/2020:21:51:19 +0200] „GET / HTTP/1.1“ 200 7457
176.198.173.35 - - [04/23/2020:21:51:19 +0200] „GET /css/webfront.css HTTP/1.1“ 200 61609
176.198.173.35 - - [04/23/2020:21:51:19 +0200] „GET /skins/DarkSkin/webfront.css HTTP/1.1“ 200 1600
176.198.173.35 - - [04/23/2020:21:51:19 +0200] „GET /img/spinner.svg HTTP/1.1“ 200 851
176.198.173.35 - - [04/23/2020:21:51:19 +0200] „GET /skins/DarkSkin/logo.svg HTTP/1.1“ 200 4793
176.198.173.35 - - [04/23/2020:21:51:19 +0200] „GET /favicon.ico HTTP/1.1“ 200 5430
176.198.173.35 - - [04/23/2020:21:51:19 +0200] „GET /js/webfront.js HTTP/1.1“ 200 838872
176.198.173.35 - - [04/23/2020:21:51:20 +0200] „POST /api/WFC_GetConfigurators HTTP/1.1“ 200 464
176.198.173.35 - - [04/23/2020:21:51:20 +0200] „GET /img/icons/IPS.svg HTTP/1.1“ 200 1067
176.198.173.35 - - [04/23/2020:21:51:25 +0200] „POST /api/WFC_GetSnapshot HTTP/1.1“ 200 588446
176.198.173.35 - - [04/23/2020:21:51:25 +0200] „GET /tzdata/2018c.tzf HTTP/1.1“ 200 359176
176.198.173.35 - - [04/23/2020:21:51:25 +0200] „GET /img/logo.svg HTTP/1.1“ 200 9348
176.198.173.35 - - [04/23/2020:21:51:25 +0200] „GET /img/dwd.svg HTTP/1.1“ 200 19670

Das Passwort für den Extern Zugriff habe ich gleich geändert

Kann mir jemand helfen?

Mit freundlichen Grüßen

Was sagt das Sicherheits-Widget in der Konsole?
Michael

MDT Spannungsversorgung? Miss mal die Busspannung.

Bei Sicherheit steht Passwort bei Externen Zugriff erforderlich

Spannungsversorgung ist von ABB und ca. 1 Jahr alt, werde mal messen

Mit freundlichen Grüßen

Von der Beschreibung klingt es so, als ob kurz die Busspannung weggebrochen sei und jedes Gerät dann den programmierten „Zustand nach Busspannungsausfall“ angenommen hat.

MDT hatte mal eine SV-Charge mit Problemen, aber kontrollieren würde ich es auch bei ABB SV.

Da auch zwei Hue Lampen betroffen sind ist e nicht nur der KNX Bus

Mit freundlichen Grüßen

Als erstes das Webfront checken, ob das vernünftig abgesichert ist.

Vielleicht die Anwesenheitssimulation installiert/aktiviert?

paresy

die Anwesenheitssimulation ist zwar installiert aber ohne Ereignisse

Du hast einen Logfile mitgeschickt. Hier wird von einer vmtl dynamischen IP-Adresse aus dem Unitiymedia Pool (Reverse DNS Lookup) das Webfront aufgerufen und innerhalb fünf Sekunden umgeschaltet von WFC_GetConfigurators (also anzeigen der möglichen Webfronts) auf WFC_GetSnapshot (also anzeigen aller Variablen des entsprechenden Webfronts).

Sieht also sehr danach aus, als hätte jemand das Webfront unter zuhilfenahme des passendes Kennworts aufgerufen.

Gibt es noch weitere Logs unmittelbar danach? Diese sind allerdings aufgrund der Websocket Nutzung vmtl eher nicht im Webserver Log, sondern im Symcon System Log zu suchen.

„Abends“ und „fast genau zum selben Zeitpunkt“ hört sich für mich
erstmal nach Ereignis bei Tag/Nachtwechsel bzw Location Modul an…

Hilft vielleicht nicht, aber eine Anekdote, damit man an das unmögliche denkt…

Meine Geisterhaus-Erfahrung war, das alle Lichter ausgingen, Rollos runter gefahren sind und sich die Türen verschlossen haben…
Immer passiert, wenn ich mich Abends auf das Sofa gelegt habe…

Was war passiert? Ich hatte mir die „Haus verlassen“-Funktion auf einen HomeMatic-Keysender gelegt, den ich in der Hosentasche hatte und beim Lümmeln aufs Sofa immer der selbe Knopf gedrückt wurde…

Also auch mal an anderes als nur den Angriff von außén denken.

Hi Jungs,

heute hat es mich auch erwischt. Punkt 19:26 von derselben IP 176.198.173.35.
Plugwise größtenteils betroffen (überwiegend die wichtigen / kritischen),
3 von 6 z-wave Shutter haben zugemacht.
1 Wallplug war aus

Bisher kein brauchbares Muster erkennbar.

Hatte auch erst Alexa im Verdacht - aber so ein Globalscript / Szene habe ich genau deswegen NICHT.

Und absolut keine Idee was es war - dummerweise hatte ich das System rebootet ohne vorher die Logs zu sichern :banghead:

Lediglich das Access-Log gibt was her:

176.198.173.35 - - [05/28/2020:19:26:44 +0200] "GET / HTTP/1.1" 200 3236
176.198.173.35 - - [05/28/2020:19:26:44 +0200] "GET /css/webfront.css HTTP/1.1" 200 8728
176.198.173.35 - - [05/28/2020:19:26:44 +0200] "GET /img/logo.svg HTTP/1.1" 200 2977
176.198.173.35 - - [05/28/2020:19:26:44 +0200] "GET /img/spinner.svg HTTP/1.1" 200 336
176.198.173.35 - - [05/28/2020:19:26:44 +0200] "GET /favicon.ico HTTP/1.1" 200 5430
176.198.173.35 - - [05/28/2020:19:26:44 +0200] "GET /js/webfront.js HTTP/1.1" 200 178957
176.198.173.35 - - [05/28/2020:19:26:45 +0200] "POST /api/WFC_GetConfigurators HTTP/1.1" 200 218
176.198.173.35 - - [05/28/2020:19:26:45 +0200] "GET /img/icons/IPS.svg HTTP/1.1" 200 508
176.198.173.35 - - [05/28/2020:19:26:45 +0200] "GET /img/icons/Edit.svg HTTP/1.1" 200 493
176.198.173.35 - - [05/28/2020:19:26:45 +0200] "GET /img/icons/Warning.svg HTTP/1.1" 200 504
176.198.173.35 - - [05/28/2020:19:26:47 +0200] "POST /api/WFC_GetSnapshot HTTP/1.1" 200 225600
176.198.173.35 - - [05/28/2020:19:26:48 +0200] "GET /img/icons/HollowArrowLeft.svg HTTP/1.1" 200 433
176.198.173.35 - - [05/28/2020:19:26:48 +0200] "GET /img/icons/HollowArrowRight.svg HTTP/1.1" 200 434
176.198.173.35 - - [05/28/2020:19:26:48 +0200] "GET /img/icons/Script.svg HTTP/1.1" 200 474
176.198.173.35 - - [05/28/2020:19:26:48 +0200] "GET /img/icons/Return.svg HTTP/1.1" 200 456
176.198.173.35 - - [05/28/2020:19:26:48 +0200] "GET /img/icons/Database.svg HTTP/1.1" 200 484
176.198.173.35 - - [05/28/2020:19:26:53 +0200] "GET / HTTP/1.1" 200 3236
176.198.173.35 - - [05/28/2020:19:26:53 +0200] "GET /css/webfront.css HTTP/1.1" 200 8728
176.198.173.35 - - [05/28/2020:19:26:53 +0200] "GET /img/spinner.svg HTTP/1.1" 200 336
176.198.173.35 - - [05/28/2020:19:26:53 +0200] "GET /img/logo.svg HTTP/1.1" 200 2977
176.198.173.35 - - [05/28/2020:19:26:53 +0200] "GET /js/webfront.js HTTP/1.1" 200 178957
176.198.173.35 - - [05/28/2020:19:26:53 +0200] "POST /api/WFC_GetConfigurators HTTP/1.1" 200 219
176.198.173.35 - - [05/28/2020:19:26:53 +0200] "GET /img/icons/IPS.svg HTTP/1.1" 200 508
176.198.173.35 - - [05/28/2020:19:26:53 +0200] "GET /img/icons/Warning.svg HTTP/1.1" 200 504
176.198.173.35 - - [05/28/2020:19:26:53 +0200] "GET /img/icons/Edit.svg HTTP/1.1" 200 493
176.198.173.35 - - [05/28/2020:19:26:55 +0200] "POST /api/WFC_GetSnapshot HTTP/1.1" 200 228639
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/webfront.css HTTP/1.1" 200 316
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons.css HTTP/1.1" 200 1168
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 667
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /img/icons/HollowArrowRight.svg HTTP/1.1" 200 434
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /img/icons/HollowArrowLeft.svg HTTP/1.1" 200 433
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /img/icons/Wave.svg HTTP/1.1" 200 555
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /img/icons/Bulb.svg HTTP/1.1" 200 622
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/IPS.png HTTP/1.1" 200 5130
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /img/icons/Mail.svg HTTP/1.1" 200 504
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Warning.png HTTP/1.1" 200 4530
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Mail32.png HTTP/1.1" 200 1150
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Observationcamera32.png HTTP/1.1" 200 1045
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Fire32.png HTTP/1.1" 200 2039
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Bulb.png HTTP/1.1" 200 4471
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Battery32.png HTTP/1.1" 200 919
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Socket32.png HTTP/1.1" 200 1003
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Laptop32.png HTTP/1.1" 200 1127
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Electricmeter32.png HTTP/1.1" 200 1412
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/TemperaturePlus32.png HTTP/1.1" 200 1135
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Lawnmower_32.png HTTP/1.1" 200 843
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Sun_Cloud2_32.png HTTP/1.1" 200 1596
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Headphone1_32.png HTTP/1.1" 200 2254
176.198.173.35 - - [05/28/2020:19:26:56 +0200] "GET /user/skins/DarkSkin/icons/Mail.png HTTP/1.1" 200 4596
35.237.4.214 - - [05/28/2020:19:27:02 +0200] "GET / HTTP/1.1" 200 7392
176.198.173.35 - - [05/28/2020:19:27:03 +0200] "GET /user/skins/DarkSkin/icons/Script.png HTTP/1.1" 200 4732
176.198.173.35 - - [05/28/2020:19:27:03 +0200] "GET /user/skins/DarkSkin/icons/Graph.png HTTP/1.1" 200 4312
176.198.173.35 - - [05/28/2020:19:27:03 +0200] "GET /img/icons/Return.svg HTTP/1.1" 200 456
176.198.173.35 - - [05/28/2020:19:27:03 +0200] "GET /user/skins/DarkSkin/icons/Image.png HTTP/1.1" 200 4552
176.198.173.35 - - [05/28/2020:19:27:12 +0200] "GET /user/skins/DarkSkin/icons/Motion.png HTTP/1.1" 200 4462
176.198.173.35 - - [05/28/2020:19:27:12 +0200] "GET /user/skins/DarkSkin/icons/Distance.png HTTP/1.1" 200 4994
176.198.173.35 - - [05/28/2020:19:27:20 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 667
176.198.173.35 - - [05/28/2020:19:27:24 +0200] "GET /img/icons/Paintbrush.svg HTTP/1.1" 200 540
176.198.173.35 - - [05/28/2020:19:27:29 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:34 +0200] "GET /img/icons/Intensity-0.svg HTTP/1.1" 200 463
176.198.173.35 - - [05/28/2020:19:27:34 +0200] "GET /img/icons/Intensity-50.svg HTTP/1.1" 200 471
176.198.173.35 - - [05/28/2020:19:27:34 +0200] "GET /img/icons/Intensity-75.svg HTTP/1.1" 200 476
176.198.173.35 - - [05/28/2020:19:27:34 +0200] "GET /img/icons/Intensity-25.svg HTTP/1.1" 200 468
176.198.173.35 - - [05/28/2020:19:27:37 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:38 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:39 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:41 +0200] "GET /user/skins/DarkSkin/icons/Sun.png HTTP/1.1" 200 5002
176.198.173.35 - - [05/28/2020:19:27:41 +0200] "GET /user/skins/DarkSkin/icons/Power.png HTTP/1.1" 200 5268
176.198.173.35 - - [05/28/2020:19:27:41 +0200] "GET /img/icons/TurnRight.svg HTTP/1.1" 200 768
176.198.173.35 - - [05/28/2020:19:27:41 +0200] "GET /user/skins/DarkSkin/icons/ArrowRight.png HTTP/1.1" 200 4514
176.198.173.35 - - [05/28/2020:19:27:41 +0200] "GET /img/icons/Intensity-100.svg HTTP/1.1" 200 478
176.198.173.35 - - [05/28/2020:19:27:43 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 65
176.198.173.35 - - [05/28/2020:19:27:44 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 65
176.198.173.35 - - [05/28/2020:19:27:46 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 65
176.198.173.35 - - [05/28/2020:19:27:46 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 65
176.198.173.35 - - [05/28/2020:19:27:47 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 65
176.198.173.35 - - [05/28/2020:19:27:49 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 64
176.198.173.35 - - [05/28/2020:19:27:49 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 63
176.198.173.35 - - [05/28/2020:19:27:50 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 65
176.198.173.35 - - [05/28/2020:19:27:50 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 65
176.198.173.35 - - [05/28/2020:19:27:54 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:55 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:55 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:56 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:56 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:57 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:57 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:58 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:58 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 65
176.198.173.35 - - [05/28/2020:19:27:59 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:27:59 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:00 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:00 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:00 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:01 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:04 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:05 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:07 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:07 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:08 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:08 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:08 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:09 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:10 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:11 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:11 +0200] "GET /user/skins/DarkSkin/icons/Speaker.png HTTP/1.1" 200 4883
176.198.173.35 - - [05/28/2020:19:28:13 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 65
176.198.173.35 - - [05/28/2020:19:28:15 +0200] "GET /user/skins/DarkSkin/icons/Shutter.png HTTP/1.1" 200 4798
176.198.173.35 - - [05/28/2020:19:28:15 +0200] "GET /user/skins/DarkSkin/icons/Shutter00032.png HTTP/1.1" 200 1606
176.198.173.35 - - [05/28/2020:19:28:15 +0200] "GET /user/skins/DarkSkin/icons/Arrow2_Up_32.png HTTP/1.1" 200 544
176.198.173.35 - - [05/28/2020:19:28:15 +0200] "GET /user/skins/DarkSkin/icons/Flag.png HTTP/1.1" 200 4556
176.198.173.35 - - [05/28/2020:19:28:16 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:16 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:16 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:16 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:24 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 136
176.198.173.35 - - [05/28/2020:19:28:24 +0200] "GET /img/icons/Close.svg HTTP/1.1" 200 445
176.198.173.35 - - [05/28/2020:19:28:25 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 111
176.198.173.35 - - [05/28/2020:19:28:25 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:25 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:29 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 117
176.198.173.35 - - [05/28/2020:19:28:29 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:34 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:37 +0200] "GET /user/IPS-Highcharts.php?ScriptId=22827 HTTP/1.1" 200 3401
176.198.173.35 - - [05/28/2020:19:28:37 +0200] "GET /user/IPS-Highcharts.php?ScriptId=30544 HTTP/1.1" 200 2676
176.198.173.35 - - [05/28/2020:19:28:37 +0200] "GET /user/IPS-Highcharts.php?ScriptId=17307 HTTP/1.1" 200 20976
176.198.173.35 - - [05/28/2020:19:28:37 +0200] "GET /user/IPS-Highcharts.php?ScriptId=30547 HTTP/1.1" 200 38971
176.198.173.35 - - [05/28/2020:19:28:42 +0200] "GET /user/skins/DarkSkin/icons/Clock.png HTTP/1.1" 200 5187
176.198.173.35 - - [05/28/2020:19:28:42 +0200] "GET /img/icons/clock/Clock-23-00.svg HTTP/1.1" 200 1319
176.198.173.35 - - [05/28/2020:19:28:42 +0200] "GET /img/icons/Gauge.svg HTTP/1.1" 200 492
176.198.173.35 - - [05/28/2020:19:28:42 +0200] "GET /img/icons/clock/Clock-12-00.svg HTTP/1.1" 200 1326
176.198.173.35 - - [05/28/2020:19:28:42 +0200] "GET /img/icons/clock/Clock-17-30.svg HTTP/1.1" 200 1319
176.198.173.35 - - [05/28/2020:19:28:43 +0200] "GET /user/skins/DarkSkin/icons/Database.png HTTP/1.1" 200 4495
176.198.173.35 - - [05/28/2020:19:28:46 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:47 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:47 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:28:48 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 98
176.198.173.35 - - [05/28/2020:19:28:48 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 98
176.198.173.35 - - [05/28/2020:19:28:55 +0200] "GET /img/icons/clock/Clock-20-00.svg HTTP/1.1" 200 1322
176.198.173.35 - - [05/28/2020:19:29:19 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 91
176.198.173.35 - - [05/28/2020:19:29:21 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:30:45 +0200] "GET /user/skins/DarkSkin/icons/Shift.png HTTP/1.1" 200 4498
176.198.173.35 - - [05/28/2020:19:30:47 +0200] "GET /api/ HTTP/1.1" 200 64
176.198.173.35 - - [05/28/2020:19:30:47 +0200] "GET / HTTP/1.1" 200 3236
176.198.173.35 - - [05/28/2020:19:30:47 +0200] "GET /css/webfront.css HTTP/1.1" 200 8728
176.198.173.35 - - [05/28/2020:19:30:47 +0200] "GET /img/logo.svg HTTP/1.1" 200 2977
176.198.173.35 - - [05/28/2020:19:30:47 +0200] "GET /img/spinner.svg HTTP/1.1" 200 336
176.198.173.35 - - [05/28/2020:19:30:48 +0200] "GET /js/webfront.js HTTP/1.1" 200 178957
176.198.173.35 - - [05/28/2020:19:30:48 +0200] "POST /api/WFC_GetSnapshot HTTP/1.1" 200 228394
176.198.173.35 - - [05/28/2020:19:30:49 +0200] "GET /user/skins/DarkSkin/webfront.css HTTP/1.1" 200 316
176.198.173.35 - - [05/28/2020:19:30:49 +0200] "GET /user/skins/DarkSkin/icons.css HTTP/1.1" 200 1168
176.198.173.35 - - [05/28/2020:19:30:49 +0200] "GET /img/icons/HollowArrowRight.svg HTTP/1.1" 200 434
176.198.173.35 - - [05/28/2020:19:30:49 +0200] "GET /img/icons/HollowArrowLeft.svg HTTP/1.1" 200 433
176.198.173.35 - - [05/28/2020:19:30:49 +0200] "GET /img/icons/Wave.svg HTTP/1.1" 200 555
176.198.173.35 - - [05/28/2020:19:30:49 +0200] "GET /img/icons/TurnRight.svg HTTP/1.1" 200 768
176.198.173.35 - - [05/28/2020:19:30:49 +0200] "GET /img/icons/Bulb.svg HTTP/1.1" 200 622
176.198.173.35 - - [05/28/2020:19:30:49 +0200] "GET /img/icons/Shift.svg HTTP/1.1" 200 466
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/Mail32.png HTTP/1.1" 200 1150
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/Observationcamera32.png HTTP/1.1" 200 1045
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/Fire32.png HTTP/1.1" 200 2039
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/Socket32.png HTTP/1.1" 200 1003
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/Battery32.png HTTP/1.1" 200 919
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/Bulb.png HTTP/1.1" 200 4471
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/Laptop32.png HTTP/1.1" 200 1127
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/Electricmeter32.png HTTP/1.1" 200 1412
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/TemperaturePlus32.png HTTP/1.1" 200 1135
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/Lawnmower_32.png HTTP/1.1" 200 843
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/Sun_Cloud2_32.png HTTP/1.1" 200 1596
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/Headphone1_32.png HTTP/1.1" 200 2254
176.198.173.35 - - [05/28/2020:19:30:50 +0200] "GET /user/skins/DarkSkin/icons/Shift.png HTTP/1.1" 200 4498
176.198.173.35 - - [05/28/2020:19:31:05 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 69
176.198.173.35 - - [05/28/2020:19:31:05 +0200] "GET /user/skins/DarkSkin/icons/Mail.png HTTP/1.1" 200 4596
176.198.173.35 - - [05/28/2020:19:31:06 +0200] "GET /user/skins/DarkSkin/icons/Graph.png HTTP/1.1" 200 4312
176.198.173.35 - - [05/28/2020:19:31:06 +0200] "GET /img/icons/Paintbrush.svg HTTP/1.1" 200 540
176.198.173.35 - - [05/28/2020:19:31:10 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 65
176.198.173.35 - - [05/28/2020:19:31:14 +0200] "GET /img/icons/Intensity-0.svg HTTP/1.1" 200 463
176.198.173.35 - - [05/28/2020:19:31:14 +0200] "GET /img/icons/Intensity-50.svg HTTP/1.1" 200 471
176.198.173.35 - - [05/28/2020:19:31:14 +0200] "GET /img/icons/Intensity-75.svg HTTP/1.1" 200 476
176.198.173.35 - - [05/28/2020:19:31:14 +0200] "GET /img/icons/Intensity-25.svg HTTP/1.1" 200 468
176.198.173.35 - - [05/28/2020:19:31:14 +0200] "GET /user/skins/DarkSkin/icons/Script.png HTTP/1.1" 200 4732
176.198.173.35 - - [05/28/2020:19:31:14 +0200] "GET /img/icons/Return.svg HTTP/1.1" 200 456
176.198.173.35 - - [05/28/2020:19:31:19 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 106
176.198.173.35 - - [05/28/2020:19:31:19 +0200] "GET /img/icons/Close.svg HTTP/1.1" 200 445
176.198.173.35 - - [05/28/2020:19:31:20 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 106
176.198.173.35 - - [05/28/2020:19:31:21 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:25 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 188
176.198.173.35 - - [05/28/2020:19:31:26 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 188
176.198.173.35 - - [05/28/2020:19:31:28 +0200] "GET /user/skins/DarkSkin/icons/Sun.png HTTP/1.1" 200 5002
176.198.173.35 - - [05/28/2020:19:31:28 +0200] "GET /user/skins/DarkSkin/icons/Power.png HTTP/1.1" 200 5268
176.198.173.35 - - [05/28/2020:19:31:28 +0200] "GET /user/skins/DarkSkin/icons/ArrowRight.png HTTP/1.1" 200 4514
176.198.173.35 - - [05/28/2020:19:31:28 +0200] "GET /img/icons/Intensity-100.svg HTTP/1.1" 200 478
176.198.173.35 - - [05/28/2020:19:31:31 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:31 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:32 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:33 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:33 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:34 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:35 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:35 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:40 +0200] "GET /user/skins/DarkSkin/icons/Shutter.png HTTP/1.1" 200 4798
176.198.173.35 - - [05/28/2020:19:31:40 +0200] "GET /user/skins/DarkSkin/icons/Shutter00032.png HTTP/1.1" 200 1606
176.198.173.35 - - [05/28/2020:19:31:40 +0200] "GET /user/skins/DarkSkin/icons/Flag.png HTTP/1.1" 200 4556
176.198.173.35 - - [05/28/2020:19:31:40 +0200] "GET /user/skins/DarkSkin/icons/Arrow2_Up_32.png HTTP/1.1" 200 544
176.198.173.35 - - [05/28/2020:19:31:40 +0200] "GET /user/skins/DarkSkin/icons/Image.png HTTP/1.1" 200 4552
176.198.173.35 - - [05/28/2020:19:31:41 +0200] "GET /user/IPS-Highcharts.php?ScriptId=22827 HTTP/1.1" 200 3401
176.198.173.35 - - [05/28/2020:19:31:41 +0200] "GET /user/IPS-Highcharts.php?ScriptId=30544 HTTP/1.1" 200 2676
176.198.173.35 - - [05/28/2020:19:31:41 +0200] "GET /user/IPS-Highcharts.php?ScriptId=17307 HTTP/1.1" 200 20976
176.198.173.35 - - [05/28/2020:19:31:41 +0200] "GET /user/IPS-Highcharts.php?ScriptId=30547 HTTP/1.1" 200 38971
176.198.173.35 - - [05/28/2020:19:31:42 +0200] "GET /user/skins/DarkSkin/icons/Clock.png HTTP/1.1" 200 5187
176.198.173.35 - - [05/28/2020:19:31:42 +0200] "GET /img/icons/clock/Clock-17-30.svg HTTP/1.1" 200 1319
176.198.173.35 - - [05/28/2020:19:31:42 +0200] "GET /img/icons/clock/Clock-23-00.svg HTTP/1.1" 200 1319
176.198.173.35 - - [05/28/2020:19:31:42 +0200] "GET /img/icons/clock/Clock-12-00.svg HTTP/1.1" 200 1326
176.198.173.35 - - [05/28/2020:19:31:42 +0200] "GET /img/icons/Gauge.svg HTTP/1.1" 200 492
176.198.173.35 - - [05/28/2020:19:31:42 +0200] "GET /user/skins/DarkSkin/icons/Database.png HTTP/1.1" 200 4495
176.198.173.35 - - [05/28/2020:19:31:43 +0200] "GET /user/skins/DarkSkin/icons/Brightness32.png HTTP/1.1" 200 1086
176.198.173.35 - - [05/28/2020:19:31:44 +0200] "GET /img/icons/clock/Clock-20-00.svg HTTP/1.1" 200 1322
176.198.173.35 - - [05/28/2020:19:31:45 +0200] "GET /user/skins/DarkSkin/icons/Speaker.png HTTP/1.1" 200 4883
176.198.173.35 - - [05/28/2020:19:31:46 +0200] "GET /user/IPS-Highcharts.php?ScriptId=30544 HTTP/1.1" 200 2676
176.198.173.35 - - [05/28/2020:19:31:46 +0200] "GET /user/IPS-Highcharts.php?ScriptId=22827 HTTP/1.1" 200 3401
176.198.173.35 - - [05/28/2020:19:31:46 +0200] "GET /user/IPS-Highcharts.php?ScriptId=17307 HTTP/1.1" 200 20976
176.198.173.35 - - [05/28/2020:19:31:46 +0200] "GET /user/IPS-Highcharts.php?ScriptId=30547 HTTP/1.1" 200 38971
176.198.173.35 - - [05/28/2020:19:31:52 +0200] "GET /user/IPS-Highcharts.php?ScriptId=30544 HTTP/1.1" 200 2676
176.198.173.35 - - [05/28/2020:19:31:52 +0200] "GET /user/IPS-Highcharts.php?ScriptId=22827 HTTP/1.1" 200 3401
176.198.173.35 - - [05/28/2020:19:31:52 +0200] "GET /user/IPS-Highcharts.php?ScriptId=30547 HTTP/1.1" 200 38971
176.198.173.35 - - [05/28/2020:19:31:52 +0200] "GET /user/IPS-Highcharts.php?ScriptId=17307 HTTP/1.1" 200 20976
176.198.173.35 - - [05/28/2020:19:31:54 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:56 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:56 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:56 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:56 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:56 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:57 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:57 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:57 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:57 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:57 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:57 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:57 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:58 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:58 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:58 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:58 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:58 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:59 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:59 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:59 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:59 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:59 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:31:59 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:32:00 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 67
176.198.173.35 - - [05/28/2020:19:32:05 +0200] "GET / HTTP/1.1" 200 3236
176.198.173.35 - - [05/28/2020:19:32:05 +0200] "GET /css/webfront.css HTTP/1.1" 200 8728
176.198.173.35 - - [05/28/2020:19:32:05 +0200] "GET /img/logo.svg HTTP/1.1" 200 2977
176.198.173.35 - - [05/28/2020:19:32:05 +0200] "GET /img/spinner.svg HTTP/1.1" 200 336
176.198.173.35 - - [05/28/2020:19:32:05 +0200] "GET /js/webfront.js HTTP/1.1" 200 178957
176.198.173.35 - - [05/28/2020:19:32:05 +0200] "POST /api/WFC_GetSnapshot HTTP/1.1" 200 228282
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/webfront.css HTTP/1.1" 200 316
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons.css HTTP/1.1" 200 1168
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /img/icons/HollowArrowRight.svg HTTP/1.1" 200 434
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /img/icons/HollowArrowLeft.svg HTTP/1.1" 200 433
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /img/icons/Graph.svg HTTP/1.1" 200 450
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /img/icons/Image.svg HTTP/1.1" 200 815
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Observationcamera32.png HTTP/1.1" 200 1045
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Fire32.png HTTP/1.1" 200 2039
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Mail32.png HTTP/1.1" 200 1150
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Bulb.png HTTP/1.1" 200 4471
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Battery32.png HTTP/1.1" 200 919
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Socket32.png HTTP/1.1" 200 1003
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Electricmeter32.png HTTP/1.1" 200 1412
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /img/icons/Wave.svg HTTP/1.1" 200 555
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /img/icons/Bulb.svg HTTP/1.1" 200 622
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /img/icons/Script.svg HTTP/1.1" 200 474
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /img/icons/Return.svg HTTP/1.1" 200 456
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Laptop32.png HTTP/1.1" 200 1127
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Lawnmower_32.png HTTP/1.1" 200 843
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Sun_Cloud2_32.png HTTP/1.1" 200 1596
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/TemperaturePlus32.png HTTP/1.1" 200 1135
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Headphone1_32.png HTTP/1.1" 200 2254
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Script.png HTTP/1.1" 200 4732
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Graph.png HTTP/1.1" 200 4312
176.198.173.35 - - [05/28/2020:19:32:06 +0200] "GET /user/skins/DarkSkin/icons/Image.png HTTP/1.1" 200 4552
176.198.173.35 - - [05/28/2020:19:32:10 +0200] "GET /user/skins/DarkSkin/icons/Speaker.png HTTP/1.1" 200 4883
176.198.173.35 - - [05/28/2020:19:32:31 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 69
176.198.173.35 - - [05/28/2020:19:32:31 +0200] "GET /user/skins/DarkSkin/icons/Mail.png HTTP/1.1" 200 4596
176.198.173.35 - - [05/28/2020:19:32:35 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 188
176.198.173.35 - - [05/28/2020:19:32:35 +0200] "GET /img/icons/Close.svg HTTP/1.1" 200 445
176.198.173.35 - - [05/28/2020:19:32:36 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 188
176.198.173.35 - - [05/28/2020:19:32:36 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 188
176.198.173.35 - - [05/28/2020:19:32:36 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 188
176.198.173.35 - - [05/28/2020:19:32:37 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 188
176.198.173.35 - - [05/28/2020:19:32:37 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 188
176.198.173.35 - - [05/28/2020:19:32:38 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 187
176.198.173.35 - - [05/28/2020:19:32:38 +0200] "GET / HTTP/1.1" 200 3236
176.198.173.35 - - [05/28/2020:19:32:38 +0200] "GET /css/webfront.css HTTP/1.1" 200 8728
176.198.173.35 - - [05/28/2020:19:32:38 +0200] "GET /img/spinner.svg HTTP/1.1" 200 336
176.198.173.35 - - [05/28/2020:19:32:38 +0200] "GET /img/logo.svg HTTP/1.1" 200 2977
176.198.173.35 - - [05/28/2020:19:32:38 +0200] "GET /favicon.ico HTTP/1.1" 200 5430
176.198.173.35 - - [05/28/2020:19:32:38 +0200] "GET /js/webfront.js HTTP/1.1" 200 178957
176.198.173.35 - - [05/28/2020:19:32:39 +0200] "POST /api/WFC_GetSnapshot HTTP/1.1" 200 228229
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/webfront.css HTTP/1.1" 200 316
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons.css HTTP/1.1" 200 1168
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /img/icons/Wave.svg HTTP/1.1" 200 555
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /img/icons/HollowArrowLeft.svg HTTP/1.1" 200 433
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /img/icons/HollowArrowRight.svg HTTP/1.1" 200 434
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /img/icons/Bulb.svg HTTP/1.1" 200 622
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /img/icons/Graph.svg HTTP/1.1" 200 450
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/Fire32.png HTTP/1.1" 200 2039
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/Mail32.png HTTP/1.1" 200 1150
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/Battery32.png HTTP/1.1" 200 919
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/Bulb.png HTTP/1.1" 200 4471
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/Observationcamera32.png HTTP/1.1" 200 1045
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/Socket32.png HTTP/1.1" 200 1003
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/Electricmeter32.png HTTP/1.1" 200 1412
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/TemperaturePlus32.png HTTP/1.1" 200 1135
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/Lawnmower_32.png HTTP/1.1" 200 843
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/Graph.png HTTP/1.1" 200 4312
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/Laptop32.png HTTP/1.1" 200 1127
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/Sun_Cloud2_32.png HTTP/1.1" 200 1596
176.198.173.35 - - [05/28/2020:19:32:40 +0200] "GET /user/skins/DarkSkin/icons/Headphone1_32.png HTTP/1.1" 200 2254
176.198.173.35 - - [05/28/2020:19:32:42 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 189
176.198.173.35 - - [05/28/2020:19:32:42 +0200] "GET /img/icons/Close.svg HTTP/1.1" 200 445
176.198.173.35 - - [05/28/2020:19:32:42 +0200] "POST /api/WFC_Execute HTTP/1.1" 200 188

Any ideas ?

LG Tom

Hast du korrekt ein Kennwort gesetzt? Denn derjenige darf das WebFront auf jeden Fall laden! Ich glauben nicht, dass er das können soll, oder?

EDIT: Auf deiner Connect Adresse sehe ich mindestens zwei WebFronts ohne Kennwort!


176.198.173.35 - - [05/28/2020:19:26:47 +0200] "POST /api/WFC_GetSnapshot HTTP/1.1" 200 225600

paresy

Hi Paresy,

für den externen Zugriff auf das betroffene WF war bzw. ist ein Kennwort gesetzt, die anderen beiden WebFronts sind ohne aktive Funktion bzw. leer.

LG Tom

Tja,

Mea culpa - ein „altes“ vergessenes Test-WF ohne PWD … und dazu noch auf einem Fast-Standard Port, sehr sträflich und nachlässig von mir :eek:

Aber es hat die Sinne geschärft und die Disziplin wieder nach vorne gerückt :rolleyes:

@Paresy: Danke für die Antwort :loveips:

@Lupo2003: da hat uns definitv DERSELBE gefoppt - wenn mir das im Fernurlaub passiert wäre … schauder

LG Tom

Wie war denn der Zugriffsweg auf eure Installationen, war das über den Symcon Connect-Dienst oder anderweitig?

Es gibt da leider immer wieder „Vergesslichkeiten“, „Unwissen“ oder „Leichtsinn“, wenn ihr bei Shodan nach symcon sucht, dann gibt es immer mal wieder interessante Treffer :(.

Der „Weg“ ist nicht so spannend, da letztendlich IP Ranges, gern auch die dynamischen der verschiedenen Provider, gescannt werden. Dadurch ändert sich natürlich auch immer wieder etwas bei shodan, man bekommt ja nicht immer und bei jedem Provider die gleiche IP bei einem Reconnect. Und wie man dort erkennen kann, werden auch „nicht standard“ Ports gefunden ;).

Beim connect funktioniert der Zugriff „anders“.

Hallo Ralf,

ich habe deine Antwort nicht verstanden, daher nochmal die Frage:
War es hier ein direkter Zugriff über geöffnete Ports oder über den Symcon Connect-Dienst?

Es ist völlig egal, worüber der Zugriff erfolgte. Ein WebFront ohne Passwort steht für jedermann, der entsprechende Suchmaschinen oder Tools bedienen kann, offen wie ein Scheunentor.

Eine nicht ganz unbekannte Juwelierkette hatte auch mal ein ungesichertes WebFront. Da hätte man aber zum Glück nur Einfluss auf die Klimaanlage nehmen können.

Daher: immer schön das Widget „Sicherheit“ anzeigen lassen.