Brute force attacks lately (16.10.-17.10.2023)?

Hi,
is it just me, or is there wider brute force attack attempt on Home Assistant? I have two HA systems, one using Nabu Casa-accont, other using commercial DNS and both were frequently tried to login. Actually, one of the systems was tried to login for almost 6000 times during less than two hour period! Attacks originated from Ukraina, Armenia and Germany.

I got tired of the notifications and added following to configuration.yaml:

http:
  ip_ban_enabled: true
  login_attempts_threshold: 5

This obviously blocks the ip after five failed attempt and keeps list of banned ip’s in file named ip_bans.yaml

Information on this useful feature was bit hard to find, since documentation is part of Home Assistant http feature description.

edit:typo

I’m using port forwarding with DuckDNS and NGINX, and my router logs show approx 20 attempted connection attempts per day, mostly from Hong Kong, Germany, Netherlands, but also from the USA and England. This has been going on for years, but all of those are blocked by the Unifi router, so I think most of it just port scanning, looking for open systems. I also have the ip_ban_enabled, and other than locking myself out while testing I’ve never had it show that an unauthorized login was attempted. I’m assuming that if I didn’t have the router blocking the open ports I’d have a lot of failed HA login attempts.

I have had one installation for about two years, second one for one year and this was first time I saw attack attempts (and plenty at the first sight!). One of my systems is behind Cisco 860-series, the other one is connected to net using OpenWRT on Ubiquiti. Hardware and config on network equipment hasn’t changed for ages.