Malicious activity?

chrisaxe21 · February 1, 2022, 10:11am

Hi

I’ve seen these in the logs. Is it a malicious attempt?

Logger: homeassistant.components.http.security_filter
Source: components/http/security_filter.py:54
Integration: HTTP (documentation, issues)
First occurred: 01:52:56 (1 occurrences)
Last logged: 01:52:56

Filtered a request with a potential harmful query string: ///remote/fgt_lang?lang=/…/…/…/…//////////dev/

And

Logger: homeassistant.components.http.security_filter
Source: components/http/security_filter.py:48
Integration: HTTP (documentation, issues)
First occurred: 31 January 2022, 13:31:56 (2 occurrences)
Last logged: 10:54:55

Filtered a potential harmful request to: /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh

tom_l · February 1, 2022, 10:15am

Yes but home assistant blocked it.

chrisaxe21 · February 1, 2022, 10:56am

Does HA usually block most attempts? Worth putting an OWASP filter in front too?

tom_l · February 1, 2022, 11:07am

All, in my experience. When I had an open port.

pedolsky · February 1, 2022, 11:10am

Interesting. Is a security issue automatically logged or must I adjust my logger?

tom_l · February 1, 2022, 11:11am

Automatically. No configuration required.