I have been using HomeAutomation 2.0.2 for about 2 years now on a Bubba 2 and it has worked very well. However this week I have experienced problems with scheduled events. The events show in the upcoming events, but they are not run. Instead they remain in scheduled event even though the time has passed.
I have tried to toggle the events on and off, but that did not help. I tried to edit the events and that made them work once, but now they have all stopped again. Turning on and off units manually works fine, it is only the scheduled events that does not seem to work.
Below is what is shown in the UI.
/Kristian
Nuvarande tid: 20:56
Soluppgång idag: 07:25 (06:47)
Solnedgång idag: 16:16 (16:55)
Kommande händelser:
Morgon vardag, på 05:30 Kör nu
Tänd hela natten, av 07:55 Kör nu
Morgon vardag, av 07:55 Kör nu
Tänd hela natten, på 16:01 Kör nu
Kväll vardag, på 16:01 Kör nu
Sovrum, på 16:01 Kör nu
Sovrum, av 20:00 Kör nu
Kväll vardag, av 23:00 Kör nu
Kväll helg, på imorgon 15:59 Kör nu
Senaste i loggen:
Sovrum, av 19:57
Julgran, på 16:26
Arbetshörna, på 16:26
Lekrum fönster, på 16:26
Köksfönster över vask, på 16:26
Hermans rum, på 16:26
Sovrum, på 16:26
Vardagsrum hörn, på 16:26
Lekrum, på 16:26
Vardagsrum golvlampa, på 16:26
New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !
Scheduled events stopped working
Re: Scheduled events stopped working
I just noticed this thread, and I guess that explains it.
viewtopic.php?f=9&t=4633 (Sorry I am not allowed to link directly to it.)
viewtopic.php?f=9&t=4633 (Sorry I am not allowed to link directly to it.)
Re: Scheduled events stopped working
Hi.
I'm sorry to have to say this, but you've probably been hacked. You can read more about it in this thread:http://forum.excito.net/viewtopic.php?f=9&t=4633
To make a long story short there is a vulnerability in php that attackers have used to get into our B3's and put stuff in the scheduled tasks of www-data (the user running Apache). This also breaks Homeautomation scheduling, since it uses the same scheduled tasks. What you need to do is this:
1. Log in as root
2. Run "crontab -u www-data -e". This will open an editor with all scheduled tasks for www-data
3. Delete all rows that are not Homeautomation related. In my case I had a row running /tmp/.UNIX/update once every minute
4. Exit and save using ctrl-x
5. Remove the stuff that was called from crontab (ie in my case I deleted the entire /tmp/.UNIX directory)
6. Just to be sure, reboot
7. Log in as root again
8. The easiest and safest way to fix the vulnerability for now is to completely disable cgi-bin, you can do that by running "chmod a-x /usr/lib/cgi-bin/php5". If you do this, uploads in the admin gui won't work any more though.
9. Now, to fix the scheduling in Homeautomation, simply go to the web gui and click "Återskapa schemor" (or whatever it is in english, "Recreate schedules" I guess).
Tell me if you have any more problems...
/Daniel
I'm sorry to have to say this, but you've probably been hacked. You can read more about it in this thread:http://forum.excito.net/viewtopic.php?f=9&t=4633
To make a long story short there is a vulnerability in php that attackers have used to get into our B3's and put stuff in the scheduled tasks of www-data (the user running Apache). This also breaks Homeautomation scheduling, since it uses the same scheduled tasks. What you need to do is this:
1. Log in as root
2. Run "crontab -u www-data -e". This will open an editor with all scheduled tasks for www-data
3. Delete all rows that are not Homeautomation related. In my case I had a row running /tmp/.UNIX/update once every minute
4. Exit and save using ctrl-x
5. Remove the stuff that was called from crontab (ie in my case I deleted the entire /tmp/.UNIX directory)
6. Just to be sure, reboot
7. Log in as root again
8. The easiest and safest way to fix the vulnerability for now is to completely disable cgi-bin, you can do that by running "chmod a-x /usr/lib/cgi-bin/php5". If you do this, uploads in the admin gui won't work any more though.
9. Now, to fix the scheduling in Homeautomation, simply go to the web gui and click "Återskapa schemor" (or whatever it is in english, "Recreate schedules" I guess).
Tell me if you have any more problems...
/Daniel
Re: Scheduled events stopped working
Thanks for the quick help! I should have searched forum a bit more before posting.
There were no scheduled task at all for www-data. I have changed the access rights as you suggested and rebooted the B2.
Thanks again!
There were no scheduled task at all for www-data. I have changed the access rights as you suggested and rebooted the B2.
Thanks again!
Re: Scheduled events stopped working
Not true. Uploading files does not require the php cgi, so these will still work.DanielM wrote: 8. The easiest and safest way to fix the vulnerability for now is to completely disable cgi-bin, you can do that by running "chmod a-x /usr/lib/cgi-bin/php5". If you do this, uploads in the admin gui won't work any more though.
To stop the exploit do one of the following:
- remove the executable flag on /usr/lib/cgi-bin/php5 (like you said)
- run a web update which should install a blocking wrapper around the php5 cgi (this doesn't seem to block the exploit completely)
- temporarily disable the preferences on apt and install php5-cgi and its dependencies (this will put your php version at 5.3.3-7+squeeze17 which is not vulnerable to this exploit)
Re: Scheduled events stopped working
Oh, sorry. That was the answer I got in the other thread when asking if anybody knew what I would break by completely disabling cgi-bin. So is there anything at all that needs cgi-bin then?Gordon wrote:Not true. Uploading files does not require the php cgi, so these will still work.
/Daniel
Re: Scheduled events stopped working
No you did not read that thread properly and also not your own script...
This sentence is not correct. Runnign chmod a-x /usr/lib/cgi-bin/php5" will only disable execution of /usr/lib/cgi-bin/php5, but any other script in that folder will remain intact (such as the upload script). If you want to completely disable cgi-bin you need to alter the apache config. If you do that, then the uploads will no longer work.
Code: Select all
completely disable cgi-bin, you can do that by running "chmod a-x /usr/lib/cgi-bin/php5". Re: Scheduled events stopped working
Ah. Thanks for the explanation. I've never really looked into what cgi is, I kinda thought /usr/lib/cgi-bin/php5 was some general entry point for everything using cgi-bin, so disallowing execution of it was the same thing as disabling cgi-bin. Every day is a learning dayUbi wrote:This sentence is not correct. Runnign chmod a-x /usr/lib/cgi-bin/php5" will only disable execution of /usr/lib/cgi-bin/php5, but any other script in that folder will remain intact (such as the upload script). If you want to completely disable cgi-bin you need to alter the apache config. If you do that, then the uploads will no longer work.
/Daniel
Re: Scheduled events stopped working
DanielM wrote: I kinda thought /usr/lib/cgi-bin/php5 was some general entry point for everything using cgi-bin
I am getting really really old
