Alert Security Incident Detected!

Godfairy · August 12, 2024, 9:39am

This concerns me. When opebing the teddycloud webinterface I get this message on the op of the page:

Alert

Security Incident Detected! Please check your logs!

Checking the log file I see this message which is however a bit light on detail.

WARN |handler_security_mit.c:0032:isSecMitIncident| robots.txt access detected

WARN |handler_security_mit.c:0037:isSecMitIncident| Security incident detected, there is information, that you are hosting teddyCloud on a public instance

WARN |handler_security_mit.c:0038:isSecMitIncident| Anybody could extract your box certificates and tonies. This could render your tonies and/or box useless

WARN |handler_security_mit.c:0039:isSecMitIncident| Feel free to ask for help on https://forum.revvox.de or Telegram: Contact @toniebox_reverse_engineering

WARN |handler_security_mit.c:0152:handleSecMitLock| TeddyCloud has been locked to mitigate security risks!

Where did I mess up?

0xbadbee · August 12, 2024, 3:37pm

It looks like you hosted teddyCloud on a public server and a search engine accessed your teddyCloud instance.

Godfairy · August 13, 2024, 3:50pm

Hm, I am running TCteddycloudon a Raspberry Pi in my home network.

I closed all the ports for the Raspberry PI in my router and it seems like that fixed the problem.

Is TC still able to download the content for original tonies when I do not open port 443 in my router?

0xbadbee · August 14, 2024, 8:38am

If you are using your Tonieboxes with teddyCloud just inside your network, there is no need to open Ports on your router to the internet.