AWS EC2 failed login attempt

Kaiohshin · March 23, 2026, 12:29pm

I got the following failed login attempt.
The weird thing is, I only access HA with a VPN.
Only nginx (which does not allow outside connection to HA) and a couple unrelated ports accessible from the outside.

How was an outside entity able to attempt login?

Logger: homeassistant.components.http.ban
Source: components/http/ban.py:136
integration: HTTP ([documentation]
First occurred: March 19, 2026 at 07:19:30 (1 occurrence)
Last logged: March 19, 2026 at 07:19:30

Login attempt or request with invalid authentication from ec2-54-224-53-207.compute-1.amazonaws.com (54.224.53.207). Requested URL: ‘/media/system/js/core.js’. (Go-http-client/2.0)

Sir_Goodenough · March 23, 2026, 3:50pm

If the ip address is not one that your VPN uses, then it happens. If you don’t want it to happen don’t expose your instance to the internet.

Kaiohshin · March 23, 2026, 5:25pm

How did happen is my question?

dtrott · March 23, 2026, 5:33pm

There are two possibilties:

It is part of your VPN setup.
It’s something else.

Without some details on your VPN its not possible to say.

Sir_Goodenough · March 23, 2026, 5:34pm

Well, if you on your VPN tried to connect from that IP address and your login failed, it would do that.
If I right now tried to log in from that ip address and failed, it would do that.

Basically a failed login attempt. Most likely from you, but doesn’t have to be.
Does >

sound familiar at all?
Accessing this using Plex or Jellybean or something?

People scan the net, looking for things and trying things.

Kaiohshin · March 23, 2026, 7:06pm

my VPN is wireguard hosted at home on proxmox. So no, it’s not it

Kaiohshin · March 25, 2026, 6:43am

does not sound familiar, am guessing it’s part of home assistant?
Also, HAOS is running in it’s own VM with it’s own local IP
It was 7am, no one was active at that time