Access Forbidden?


Gaddangit, I don't want to have to reinstall all those plugins.


Dude, if I were there I'd do it for you. But I'm not.


It's your instance, do whatever you want :wink:


Which config.yaml? The one in ~/.octoprint doesn't show the update url.


After having to reinstall like, 15 plugins at least 8 times... it's just a time sink.


foosel: Remember that time this guy put his OctoPrint on the Internet and then hackers totally owned him? /months-later

Just messing with you, dude. But honestly, the Internet is a harsh place.

Somewhere in the setup is the location where new versions are publicized. I suspect that if you received a false notification for an upgrade then that's been compromised. I'm reviewing mine now...

I'm not seeing anything in the config.yaml file that could be re-directed to an evil site.


Drek. Wonderful. Just perfect.

And I fell for it, like a moron.

However, it's still showing me at 1.3.9, so it may have JUST been the notification.


If it's not in config.yaml it's still pointing to the correct values (config.yaml only contains overrides). Still, I have no idea what happened there and frankly the fact that it claimed to have an update to 1.4.0 and then did something which we still have no information on which apparently in the end was a no-op makes me question that instance enough that at this point all I want to recommend is a reinstall. Not necessarily because something did get owned, but rather because there are too many things that appear non standard here that make anything else just a horrible trip to fix.


From experience, it feels to me like someone is trying to make a point. I'm surprised that the notification didn't say something juvenile like "p0wn!!!!" or something.


The only thing non-standard here is my twin instances. Other than that, everything is pretty standard.

You may be right. I know a guy who was a security nut, who used my IP a while back to do some testing, and then we had a falling out. Not saying it was him, but it does make me question motives.


You've got the list of IPs above. Feel free to look them up or tracert them.


I'm still not convinced that this was a faked notification. I'd want logs for that first. I'm rather leaning towards some serious hiccups in the updater caused by whatever is wrong with that instance.

Constant 403s and switching client IPs are non standard. Update notifications that claim there are new releases are non standard. Having such an instance on the net is non standard.


What logs would you need? And updated octoprint.log?


octoprint.log and plugin_softwareupdate_console.log


I'll stick around for the software update log but I've got some PRs to handle so I'll be bailing in a few.





You updated Octolapse to version 0.3.4. Not OctoPrint :wink: And with that I'll leave for the day because it's seriously way past my usual shut off time.


Whoops. Need to update my prescription, huh?


Make sure to thank the lady before you go. She works hard for the money.


Thanks for the help. Still having access issues, but I've still got to work on those suggestions you mentioned.