I thought i was hacked. but ended up with a topic full of usefull information

finity · July 7, 2018, 1:12pm

The only devices I log in from should either be on my home network (so all starting with 192.168.1…) or from my work IP which is pretty much static or again will at least be in the same general subnet. I might occasionally login when connected to the LTE network on my phone so that wouldn’t be the same. So, home PC, work PC, my phone, wife’s phone, Amazon (for Alexa). That’s pretty much it. Most should be obvious what they are or be able to be figured out fairly easily.

The point being is that there should be a very limited number of locations attempting to log in to my HA instance. I should be able to fairly easily establish if they were legitimate attempts or not and if they were successful or not. But I can’t even get to the point of trying if I don’t know where those attempts/successes are logged.

bbrendon · July 7, 2018, 7:21pm

I have nginx in front of hass as well with a password set in hass. Now I’m nervous since I don’t see a root cause figured out, or did I miss something in the thread?

tmjpugh · July 7, 2018, 8:50pm

SMB share with guest access and port forwarded
This is problem for most.

Nginx misconfigured. Possible but no known cases.
Other proxy misconfiguration

So far NO evidence of actual hack by Exploit of code or other non trivial means

EDIT
I saw 4 thread of people claim to be hack I think.
3/4 are SMB
1/4 I think still unclear if even hack

bbrendon · July 7, 2018, 11:22pm

Thank you for doing some analysis on past issues. In the past I’ve always assumed people got hacked because of their own fault. Based on your analysis it sounds like that’s true. This thread is the most credible “hack” so far.

I just spent the last two hours improving my front-end security and increased logging retention so I can have a larger sample size for analysis in the future to possibly tune things even further.

ReneTode · July 7, 2018, 11:25pm

sorry @bbrendon indeed i havent found a cause.
so i myselve stay away from that kind of setup for a while untill i know more and in the meantime i just use a VPN for my mobile and tablet.

@tmjpugh i dont have smb. nginx was the only thing revealed.
and i am 100% sure that it was a hack.

tmjpugh · July 7, 2018, 11:48pm

Yes @ReneTode. You are 1/4 but maybe I unintentional suggest cause for you (Not sure) .

I did not do deep dive analysis if complaints just what I notice. I think @ReneTode is only unresolved but cannot be point to HA as you have other potential vector so it unclear. I use “unclear” because although you highly suspect it still not verified by proof. This is not to lessen your claim, just not assume so as not to ignore any cause.

ReneTode · July 8, 2018, 12:03am

untill now i have found no explenation or possibility of what else could have happened.
all other known possibilities can be ruled out, so unless someone can come up with an explenation of what could also have happened, i must presume it was a hack.

the only thing that bugs me is that i cant find evidence and that can have 3 causes:

the hacker knows how to avoid leaving evidence (but the way i got hacked i doubt that)
i got to little logging to record an attempt
i got some evidence somewhere but i have no knowledge of it. (which can very well be, because there is a lot of logging that i am unfamiliar with on linux)

and dont forget that there is an option that the others were not SMB breach at all.
if the password for the frontend somehow can be bypassed, then all 4 cases could be the same.
the only difference is that they had hassio and most likely have the option to edit the config trough the frontend. which in that case would explain the changed config.

i also thought it was smb at first, but i cant be sure about that anymore. thats why i hoped that someone could point me to a direction where i might find evidence.

tmjpugh · July 8, 2018, 12:41am

All 3 had smb + port open + guest+UPnP if I remember correctly

If you allow this you entire infrastructure is highly questionable.

ReneTode · July 8, 2018, 12:55am

thats right. but there is as much evidence that the hacker(s) did use that entrypoint as there is how they got to me.
so we cant rule out that the hacker(s) did use the same way to enter in all 4 cases.

remember that even though a front door is wide open you cant rule out that a burgler did enter trough a closed basement window unless you examine that window

danielperna84 · July 8, 2018, 2:20am

Then, for all I know about HTTP requests, there MUST be a log entry in the access log of your nginx. Even if the HASS API has an authentication bug, as long as the request goes through nginx, it WILL be logged. And by just bypassing the authentication an attacker most likely is not able to delete single entries from the nginx logfile. Hence all entries in your logfile ARE relevant in that timeframe. If none of them point to an access attempt, then nginx was not the cause.

As an example, here’s how my Apache reverse proxy logs a successful, direct call of the HASS API:
xx.xxx.xx.xx - - [08/Jul/2018:04:08:03 +0200] "POST /api/services/light/toggle?api_password=redacted HTTP/1.1" 200 4345 "-" "Dalvik/2.1.0 (Linux; U; Android 8.0.0; SM-G930F Build/R16NW)" "redacted.example.com"
And accessing the frontend via browser generates well over 50 logged requests in my case.

One additional question: did you have a look at the “logbook” of HASS itself? The one in the UI in the menu on the left where all State changes and events are logged. Just for completeness it would be nice to have a confirmation that there was no state, automation or event that triggered what happened.

finity · July 8, 2018, 4:51am

I guess I need to ask again…

Is there a place that hass logs the IP of attempted/successful logins?

That information would be good to know; especially in this case.

ReneTode · July 8, 2018, 8:59am

yeah its bugging me too that there is nothing in the nginx access log.
it was also the first thing that i looked at.

i dont have history and logbook from HA activated, so there are no state changes recorded.
and i have no automations in HA at all. and 2 of the input_booleans that were changed are in no AD apps at all.

so the only other option is that HA istself decided to change the state from input_booleans.

danielperna84 · July 8, 2018, 10:46am

One more question: are you able to somehow reproduce what has happened during the attack? You have posted a list of stuff happening earlier and mentioned some input_booleans. To track down what caused your issue it would help if you yourself are able to trigger exactly what has happened (not especially timing, but all entities whose state did change). So if for instance these input_booleans that were involved all are in a group, the homeassistant.turn_on group could be used to turn on all entities at once. It would be helpful to know if a single service call would be capable of producing the state changes you have experienced.

tmjpugh · July 8, 2018, 2:48pm

Can HA API be used to brute force password or is it treated as login attempt?

ReneTode · July 8, 2018, 3:43pm

there is no single service that would be able to trigger this for several reasons:

the input booleans were changed to on with a delay from 0.5 to 1 second apart.
if a general service would have been triggered 250 or more entities would also have changed state. (i got over 200 input_booleans and only a few those that are on 1 page were triggered, but not all that are on that page)

i can reproduce it. but the only way how is when i start the HA gui, go to my switches page and switch on those input_booleans by hand. i also can automate that but it would be an automation that mimics that.
so something like:

turn_on input_boolean.livingroom
delay 0.5 secs
turn_on input_boolean.attic
delay 1 sec
turn_on input_boolean cellar
etc.

RitteT · July 8, 2018, 6:06pm

Should be pretty easy to test if no onw answers you?

keithh666 · July 9, 2018, 3:48pm

So about an hour ago I got hacked too - I know I was hacked as the lights and switches started going on and off by themselves and out of google home came a very loud msg stating that “YOUR PLACE IS A MESS” over and over. I had 443 and 1883 open at the time (I’m running HA 0.72.1 WIN 10 and HASSIO on a RPI 3), it was the Win 10 HA that was compromised tho as that’s where the tts msg was stored. These are the logs that I have…

2018-07-09 15:11:16 ERROR (MainThread) [frontend.js.latest.201807080] http://my_ext_ip_addr:443/api/panel_custom/alarm:248:47 Uncaught TypeError: Cannot read property 'LocalizeMixin' of undefined
2018-07-09 15:11:21 ERROR (MainThread) [frontend.js.latest.201807080] http://my_ext_ip_addr:443/local/custom_ui/floorplan/ha-floorplan.html:375:25 Uncaught TypeError: Polymer.dom is not a function
2018-07-09 15:11:24 ERROR (MainThread) [frontend.js.latest.201807080] http://my_ext_ip_addr:443/local/custom_ui/floorplan/ha-floorplan.html:375:25 Uncaught TypeError: Polymer.dom is not a function
2018-07-09 15:11:29 ERROR (MainThread) [frontend.js.latest.201807080] http://my_ext_ip_addr:443/local/custom_ui/floorplan/ha-floorplan.html:375:25 Uncaught TypeError: Polymer.dom is not a function
2018-07-09 15:11:30 ERROR (MainThread) [frontend.js.latest.201807080] http://my_ext_ip_addr:443/local/custom_ui/floorplan/ha-floorplan.html:375:25 Uncaught TypeError: Polymer.dom is not a function
2018-07-09 15:11:41 ERROR (MainThread) [frontend.js.latest.201807080] http://my_ext_ip_addr:443/local/custom_ui/floorplan/ha-floorplan.html:375:25 Uncaught TypeError: Polymer.dom is not a function
2018-07-09 15:11:42 ERROR (MainThread) [frontend.js.latest.201807080] http://my_ext_ip_addr:443/local/custom_ui/floorplan/ha-floorplan.html:375:25 Uncaught TypeError: Polymer.dom is not a function
2018-07-09 15:11:49 ERROR (MainThread) [frontend.js.latest.201807080] http://my_ext_ip_addr:443/local/custom_ui/floorplan/ha-floorplan.html:375:25 Uncaught TypeError: Polymer.dom is not a function
2018-07-09 15:11:52 ERROR (MainThread) [frontend.js.latest.201807080] http://my_ext_ip_addr:443/local/custom_ui/floorplan/ha-floorplan.html:375:25 Uncaught TypeError: Polymer.dom is not a function
2018-07-09 15:11:53 ERROR (MainThread) [frontend.js.latest.201807080] http://my_ext_ip_addr:443/local/custom_ui/floorplan/ha-floorplan.html:375:25 Uncaught TypeError: Polymer.dom is not a function
2018-07-09 15:11:55 ERROR (MainThread) [frontend.js.latest.201807080] http://my_ext_ip_addr:443/local/custom_ui/floorplan/ha-floorplan.html:375:25 Uncaught TypeError: Polymer.dom is not a function
2018-07-09 15:11:57 ERROR (MainThread) [frontend.js.latest.201807080] http://my_ext_ip_addr:443/api/panel_custom/alarm:248:47 Uncaught TypeError: Cannot read property 'LocalizeMixin' of undefined
'python3' is not recognized as an internal or external command,
operable program or batch file.
2018-07-09 15:15:26 ERROR (SyncWorker_15) [homeassistant.components.switch.command_line] Command failed: python3 "/config/python_scripts/SayOff.py"
'python3' is not recognized as an internal or external command,
operable program or batch file.
2018-07-09 15:15:35 ERROR (SyncWorker_15) [homeassistant.components.switch.command_line] Command failed: python3 "/config/python_scripts/SayOn.py"
2018-07-09 15:15:57 ERROR (MainThread) [homeassistant.components.camera.generic] Error parsing template <homeassistant.helpers.template.Template object at 0x07E0A390>: UndefinedError: 'None' has no attribute 'attributes'
2018-07-09 15:16:12 ERROR (MainThread) [homeassistant.components.camera.generic] Error parsing template <homeassistant.helpers.template.Template object at 0x07E0A390>: UndefinedError: 'None' has no attribute 'attributes'
2018-07-09 15:16:12 ERROR (MainThread) [homeassistant.components.camera.generic] Error parsing template <homeassistant.helpers.template.Template object at 0x07E0A390>: UndefinedError: 'None' has no attribute 'attributes'
2018-07-09 15:16:13 ERROR (MainThread) [aiohttp.server] Unhandled exception
Traceback (most recent call last):
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\site-packages\aiohttp\web_protocol.py", line 398, in start
    await resp.prepare(request)
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\site-packages\aiohttp\web_response.py", line 300, in prepare
    return await self._start(request)
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\site-packages\aiohttp\web_response.py", line 605, in _start
    return await super()._start(request)
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\site-packages\aiohttp\web_response.py", line 367, in _start
    await writer.write_headers(status_line, headers)
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\site-packages\aiohttp\http_writer.py", line 100, in write_headers
    self._write(buf)
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\site-packages\aiohttp\http_writer.py", line 57, in _write
    raise ConnectionResetError('Cannot write to closing transport')
ConnectionResetError: Cannot write to closing transport
2018-07-09 15:16:23 ERROR (MainThread) [homeassistant.components.camera.generic] Error parsing template <homeassistant.helpers.template.Template object at 0x07E0A390>: UndefinedError: 'None' has no attribute 'attributes'
2018-07-09 15:16:32 ERROR (MainThread) [homeassistant.components.camera.generic] Error parsing template <homeassistant.helpers.template.Template object at 0x07E0A390>: UndefinedError: 'None' has no attribute 'attributes'
2018-07-09 15:16:42 ERROR (MainThread) [homeassistant.components.camera.generic] Error parsing template <homeassistant.helpers.template.Template object at 0x07E0A390>: UndefinedError: 'None' has no attribute 'attributes'
2018-07-09 15:16:52 ERROR (MainThread) [homeassistant.components.camera.generic] Error parsing template <homeassistant.helpers.template.Template object at 0x07E0A390>: UndefinedError: 'None' has no attribute 'attributes'
2018-07-09 15:18:13 ERROR (MainThread) [aiohttp.server] Unhandled exception
Traceback (most recent call last):
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\site-packages\aiohttp\web_protocol.py", line 398, in start
    await resp.prepare(request)
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\site-packages\aiohttp\web_response.py", line 300, in prepare
    return await self._start(request)
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\site-packages\aiohttp\web_response.py", line 605, in _start
    return await super()._start(request)
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\site-packages\aiohttp\web_response.py", line 367, in _start
    await writer.write_headers(status_line, headers)
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\site-packages\aiohttp\http_writer.py", line 100, in write_headers
    self._write(buf)
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\site-packages\aiohttp\http_writer.py", line 57, in _write
    raise ConnectionResetError('Cannot write to closing transport')
ConnectionResetError: Cannot write to closing transport
2018-07-09 15:18:43 ERROR (MainThread) [homeassistant.components.camera.generic] Error parsing template <homeassistant.helpers.template.Template object at 0x07E0A390>: UndefinedError: 'None' has no attribute 'attributes'
2018-07-09 15:18:53 ERROR (MainThread) [homeassistant.components.camera.generic] Error parsing template <homeassistant.helpers.template.Template object at 0x07E0A390>: UndefinedError: 'None' has no attribute 'attributes'
2018-07-09 15:20:16 ERROR (MainThread) [homeassistant.components.camera.generic] Error parsing template <homeassistant.helpers.template.Template object at 0x07E0A390>: UndefinedError: 'None' has no attribute 'attributes'
2018-07-09 15:20:38 ERROR (MainThread) [homeassistant.components.camera.generic] Error parsing template <homeassistant.helpers.template.Template object at 0x07E0A390>: UndefinedError: 'None' has no attribute 'attributes'
2018-07-09 15:20:38 ERROR (MainThread) [homeassistant.core] Error doing job: Exception in callback _ProactorReadPipeTransport._loop_reading(<_OverlappedF...op_reading()]>)
Traceback (most recent call last):
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\asyncio\events.py", line 145, in _run
    self._callback(*self._args)
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\asyncio\proactor_events.py", line 190, in _loop_reading
    data = fut.result()  # deliver data later in "finally" clause
asyncio.base_futures.InvalidStateError: Result is not set.
2018-07-09 15:20:48 ERROR (MainThread) [homeassistant.components.camera.generic] Error parsing template <homeassistant.helpers.template.Template object at 0x07E0A390>: UndefinedError: 'None' has no attribute 'attributes'
2018-07-09 15:20:58 ERROR (MainThread) [homeassistant.components.camera.generic] Error parsing template <homeassistant.helpers.template.Template object at 0x07E0A390>: UndefinedError: 'None' has no attribute 'attributes'
2018-07-09 15:21:08 ERROR (MainThread) [homeassistant.components.camera.generic] Error parsing template <homeassistant.helpers.template.Template object at 0x07E0A390>: UndefinedError: 'None' has no attribute 'attributes'
2018-07-09 15:21:09 ERROR (MainThread) [homeassistant.components.camera.generic] Error parsing template <homeassistant.helpers.template.Template object at 0x07E0A390>: UndefinedError: 'None' has no attribute 'attributes'
2018-07-09 15:21:09 ERROR (MainThread) [aiohttp.server] Unhandled exception
Traceback (most recent call last):
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\site-packages\aiohttp\web_protocol.py", line 398, in start
    await resp.prepare(request)
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\site-packages\aiohttp\web_response.py", line 300, in prepare
    return await self._start(request)
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\site-packages\aiohttp\web_response.py", line 605, in _start
    return await super()._start(request)
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\site-packages\aiohttp\web_response.py", line 367, in _start
    await writer.write_headers(status_line, headers)
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\site-packages\aiohttp\http_writer.py", line 100, in write_headers
    self._write(buf)
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\site-packages\aiohttp\http_writer.py", line 57, in _write
    raise ConnectionResetError('Cannot write to closing transport')
ConnectionResetError: Cannot write to closing transport
2018-07-09 15:21:18 ERROR (MainThread) [homeassistant.core] Error doing job: Exception in callback _ProactorReadPipeTransport._loop_reading(<_OverlappedF...op_reading()]>)
Traceback (most recent call last):
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\asyncio\events.py", line 145, in _run
    self._callback(*self._args)
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\asyncio\proactor_events.py", line 190, in _loop_reading
    data = fut.result()  # deliver data later in "finally" clause
asyncio.base_futures.InvalidStateError: Result is not set.
2018-07-09 15:21:18 ERROR (MainThread) [homeassistant.core] Error doing job: Exception in callback _ProactorReadPipeTransport._loop_reading(<_OverlappedF...88d\xd5r\xac'>)
Traceback (most recent call last):
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\asyncio\events.py", line 145, in _run
    self._callback(*self._args)
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\asyncio\proactor_events.py", line 188, in _loop_reading
    self._closing)
AssertionError
2018-07-09 15:21:18 ERROR (MainThread) [homeassistant.components.camera.generic] Error parsing template <homeassistant.helpers.template.Template object at 0x07E0A390>: UndefinedError: 'None' has no attribute 'attributes'
2018-07-09 15:21:22 ERROR (MainThread) [homeassistant.components.camera.generic] Error parsing template <homeassistant.helpers.template.Template object at 0x07E0A390>: UndefinedError: 'None' has no attribute 'attributes'
2018-07-09 15:21:24 ERROR (Thread-14) [pychromecast.socket_client] Failed to connect, retrying in 5.0s
2018-07-09 15:21:28 ERROR (MainThread) [aiohttp.server] Unhandled exception
Traceback (most recent call last):
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\site-packages\aiohttp\web_protocol.py", line 398, in start
    await resp.prepare(request)
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\site-packages\aiohttp\web_response.py", line 300, in prepare
    return await self._start(request)
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\site-packages\aiohttp\web_response.py", line 605, in _start
    return await super()._start(request)
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\site-packages\aiohttp\web_response.py", line 367, in _start
    await writer.write_headers(status_line, headers)
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\site-packages\aiohttp\http_writer.py", line 100, in write_headers
    self._write(buf)
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\site-packages\aiohttp\http_writer.py", line 57, in _write
    raise ConnectionResetError('Cannot write to closing transport')
ConnectionResetError: Cannot write to closing transport
2018-07-09 15:21:37 ERROR (SyncWorker_14) [homeassistant.components.sensor.rest] Error fetching data: <PreparedRequest [GET]> from http://192.168.178.30:8080/sensors.json?sense=motion_active failed with HTTPConnectionPool(host='192.168.178.30', port=8080): Max retries exceeded with url: /sensors.json?sense=motion_active (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x0CDCFC70>, 'Connection to 192.168.178.30 timed out. (connect timeout=10)'))
2018-07-09 15:21:48 ERROR (MainThread) [homeassistant.core] Error doing job: Exception in callback _ProactorReadPipeTransport._loop_reading(<_OverlappedF...\x1d\xd8\xc1'>)
Traceback (most recent call last):
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\asyncio\events.py", line 145, in _run
    self._callback(*self._args)
  File "C:\Users\Keith\AppData\Local\Programs\Python\Python36-32\lib\asyncio\proactor_events.py", line 188, in _loop_reading
    self._closing)
AssertionError
2018-07-09 15:21:55 ERROR (MainThread) [pydroid_ipcam] Failed to communicate with IP Webcam: Cannot connect to host 192.168.178.30:8080 ssl:None [The semaphore timeout period has expired]
2018-07-09 15:22:08 ERROR (SyncWorker_6) [homeassistant.components.sensor.rest] Error fetching data: <PreparedRequest [GET]> from http://192.168.178.30:8080/sensors.json?sense=motion_active failed with HTTPConnectionPool(host='192.168.178.30', port=8080): Max retries exceeded with url: /sensors.json?sense=motion_active (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x07B647D0>, 'Connection to 192.168.178.30 timed out. (connect timeout=10)'))
2018-07-09 15:22:10 ERROR (MainThread) [homeassistant.components.camera.generic] Error parsing template <homeassistant.helpers.template.Template object at 0x07E0A390>: UndefinedError: 'None' has no attribute 'attributes'
2018-07-09 15:22:20 ERROR (MainThread) [homeassistant.components.camera.mjpeg] Timeout getting camera image
2018-07-09 15:22:27 ERROR (MainThread) [pydroid_ipcam] Failed to communicate with IP Webcam: Cannot connect to host 192.168.178.30:8080 ssl:None [The semaphore timeout period has expired]
2018-07-09 15:22:39 ERROR (SyncWorker_8) [homeassistant.components.sensor.rest] Error fetching data: <PreparedRequest [GET]> from http://192.168.178.30:8080/sensors.json?sense=motion_active failed with HTTPConnectionPool(host='192.168.178.30', port=8080): Max retries exceeded with url: /sensors.json?sense=motion_active (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x0AFF91B0>, 'Connection to 192.168.178.30 timed out. (connect timeout=10)'))
2018-07-09 15:22:59 ERROR (MainThread) [pydroid_ipcam] Failed to communicate with IP Webcam: Cannot connect to host 192.168.178.30:8080 ssl:None [The semaphore timeout period has expired]
2018-07-09 15:23:02 ERROR (MainThread) [homeassistant.components.camera.generic] Error parsing template <homeassistant.helpers.template.Template object at 0x07E0A390>: UndefinedError: 'None' has no attribute 'attributes'
2018-07-09 15:23:10 ERROR (SyncWorker_17) [homeassistant.components.sensor.rest] Error fetching data: <PreparedRequest [GET]> from http://192.168.178.30:8080/sensors.json?sense=motion_active failed with HTTPConnectionPool(host='192.168.178.30', port=8080): Max retries exceeded with url: /sensors.json?sense=motion_active (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x0A0309D0>, 'Connection to 192.168.178.30 timed out. (connect timeout=10)'))

Not sure if the above will help or not, both of my HA’s are password protected.

ReneTode · July 9, 2018, 3:59pm

to what points the 433 and 1883 in your router?
at what time started the lightchanging? (because your log shows 12 mins)
how did it stop? did you do anything to stop it?

awarecan · July 9, 2018, 4:03pm

This line catch my interesting, seems someone try to explorer to execute script through api and command line switch

Did you configured such command line switch? To execute python3 "/config/python_scripts/SayOff.py"

keithh666 · July 9, 2018, 4:04pm

433 was pointing to HA on my PC and 1883 was pointing to my Chip running Mosquitto. About 15:15 was when I started noticing that some of the lights and other switches were going on and off, and then the google home started the above, I realised I’d been hacked so I then pulled the plug on HA (ctrl-C in the dos command line) and turned off camera and reset the ports on the router.