Failed login attemps from localhost

kryptonneke · June 27, 2024, 9:16am

Not sure if this is the correct location to post but wouldn’t know where else to do it.

Since a couple of days I see this over and over again in the logs:
2024-06-27 11:12:41.417 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from localhost (127.0.0.1). Requested URL: ‘/auth/token’. (HomeAssistant-Extensions-PushProvider/2024.5.1 (io.robbie.HomeAssistant.PushProvider; build:2024.688; iOS 16.1.1) Alamofire/5.8.0)

any ideas what could be causing this?

thx

armedad · June 27, 2024, 11:36am

would need more info to really know but starting with a guess…

are you running your home assistant from within a docker container or otherwise in a vm? the 127.0.0.1 indicates that a login is being attempted from the same machine that it’s being hosted on.

are you using nginx proxy manager or something like that? which i proxying traffic in?

or alternatively, if you go to users (settings->people->users) and go through each person, is there someone who erroneously has “can only login from local network” turned on that shouldn’t be?

kryptonneke · June 27, 2024, 11:45am

alright you’re right I should given some more information

I run HA on a raspberry pi with raspberry pi os.

No NGINX proxy manager for connection from outside I use nabu casa for that. NGINX may have been installed from some add on however.

There is only one user that has limit logon to only local network, but that use is now disabled and I still have the issue.

I was hoping that the references to pushprovider or io.robbie.homeasstant would point me in the right direction as now I have absolutely no idea where to start looking.

kryptonneke · June 27, 2024, 4:49pm

I had to reboot the machine and no longer see those log messages.

Still would have liked to know what was causing them

kryptonneke · June 28, 2024, 10:15pm

The error has returned . So, still looking what might cause the problem. Don’t know where to even start looking.

kryptonneke · June 29, 2024, 5:29am

As I can see a reference to IOS 16.1.1 could this be relate to the Home Assistant companion app on a mobile phone?

kryptonneke · June 29, 2024, 12:00pm

alright found the problem; an ipad with home assistant companian app installed with old settings.

lauzca · January 2, 2025, 3:36pm

How did you fix this, my iPhone app doesn’t say it has an update even though there is another iPhone with newer build.

cr-solutions · January 9, 2025, 8:00am

I like also to know, how to fix it

C60Four · January 10, 2025, 2:04am

I was seeing the same error but with Android and my phone’s model in log. I had to manually update the app on my phone. Had to also update the app on my wife’s android phone and my daughter’s iphone. Error message updated with their phones’ info after updating my phone.

All good after that. I think the last HA update caused it.

Hope this helps.

roelos · April 2, 2025, 7:23pm

Still struggling with the same error. All companion apps on iOS have the lasted version.

Login attempt or request with invalid authentication from localhost (127.0.0.1). See the log for details.

Log isn’t giving any details:

Logger: homeassistant.components.http.ban
Bron: components/http/ban.py:136
integratie: HTTP (documentatie, problemen)
Eerst voorgekomen: 18:49:43 (366 gebeurtenissen)
Laatst gelogd: 20:19:52

Login attempt or request with invalid authentication from localhost (127.0.0.1). Requested URL: ‘/auth/token’. (HomeAssistant-Extensions-PushProvider/2025.2 (io.robbie.HomeAssistant.PushProvider; build:2025.1178; iOS 18.3.2) Alamofire/5.8.0)

philip.crothers · April 24, 2025, 12:10pm

I appreciate your dedication to coming back to this thread and resolving it.

philip.crothers · April 24, 2025, 12:14pm

Hi, wanted to say thanks for your comment. I was experiencing same issue as OP, and solved by enabling login from external network for a user.

DavidA3591 · May 15, 2025, 3:37am

This solved my problem of repetitive “ failed login attempts from local host” , mentioned in this thread at Failed login attemps from localhost

I had two users with local-only access. In one case I granted external access and deleted the other user. Problem (apparently) solved. Thanks!

awff · May 17, 2025, 1:05pm

I too am getting this exact issue. Causing my local host to be added into the IP ban list , And as a result, I can’t access my server remotely.

It only happened a few days ago so I’m not sure if there was a recent update that broke something but if I disable IP ban.

These login attempts would appear in the log almost every few milliseconds and would spam more than a 1000 times every 5 mins.

It’s driving me insane as I spent nearly a whole day and night trying to resolve this

It’s only myself on the account and I tried to reinstall the app remove the server and reinstated it. The only user That has local access only is the MQTT user

xcesmess · May 19, 2025, 7:09pm

Throwing my hat into the ring on this one, too. I have this occasionally happen whenever my cell goes from the cell network onto wifi – I’ll see this message appear. Haven’t taken the time to investigate more. I do run the HA app on my phone and ensured that my HA host is not routed over my tailnet (I use Tailscale for VPN access).

awff · May 19, 2025, 10:38pm

Since this affected my IP ban rules, I spend a whole day trying to resolve this:

disabling integrations and addons
restarting my network
removing all login tokens for all devices
changing my SSID password (pain in the ass when you gotta reconnect everything)

What I did was try to replicate the login failed attempted using my mobile network, and also on a different network and device. What’s worrying is that they all appeared as a failed login attempt as localhost (127.0.0.1), as I was getting thousands of these a day from a a single device, i’ve concluded this was a brute force attack.

What I ended up doing was adding the localhost as a trusted proxy, which then unmasked the IP address these attempts were coming from, allowing the IP ban to work.

http:
  # Cloudflare Tunnel
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24
    - 127.0.0.1 <--- added

I didn’t do this at the start as this was never an issue in the last 5 years my HA server has been running perfectly for. It had always shown the external IP address, then blocked it. For some reason, it only all appeared as localhost in the last week. Not sure if an update caused the issue.

Since then i’ve further fortified my Cloudflare tunnel with a bunch of WAF rules and allowing only specific devices with a valid mTLS certificate to access the page

kdelios · May 20, 2025, 12:31pm

Same happened to me today (no similar issue in the last 5 years).
IP 127.0.0.1 banned repeatedly. Added 127.0.0.1 to trusted proxies and the new (unmasked) banned IP turned to be from my wife’s companion app (connected via cellular data).
Restated the (android) phone, no such behavior since.
I am using Cloudflare tunnel for external access.

MangoCats · May 20, 2025, 11:20pm

I bet that’s what I’ve got going on, but I’m not sure that’s “solving the issue,” I just added a user and disabled login from external network for them on purpose.

Now, when I enable login from external network… no more failed login messages. I suspect it’s the HA app trying to connect through Nabu Casa, even though I gave it the local address.

sotos1756 · May 24, 2025, 1:43pm

Could you expand on that?
Did you mean “restarted”, meaning a simple restart on the android phone solved the issue?