After upgrading to .5 I’m seeing quite a bit of filtered requests like these:
Logger: homeassistant.components.http.security_filter
Source: components/http/security_filter.py:50
Integration: HTTP (documentation, issues)
First occurred: 25 January 2021, 09:19:06 (11 occurrences)
Last logged: 17:15:30
- Filtered a request with a potential harmful query string: /help/index.jsp?view=%3Cscript%3Ealert(document.cookie)%3C/script%3E
- Filtered a request with a potential harmful query string: /index.php?ids[0,updatexml(0,concat(0xa,user()),0)]=1
- Filtered a request with a potential harmful query string: /remote/fgt_lang?lang=/…/…/…/…//////////dev/cmdb/sslvpn_websession
- Filtered a request with a potential harmful query string: /admin/queues.jsp?QueueFilter=yu1ey%22%3e%3cscript%3ealert(%221%22)%3c%2fscript%3eqb68
- Filtered a request with a potential harmful query string: /guest/users/forgotten?email=%22%3E%3Cscript%3Econfirm(document.domain)%3C/script%3E
So now I’m wondering how much my HA server is getting hit by these bots, is there any good way to monitor this and perhaps also see what IPs are used?
Perhaps a good idea is an option to ban IPs that are trying to do these kind of hacking attempts when detected? How about a region lock (i.e. lookup IP’s region and only allow certain countries etc?)