I’m seeing a lot of this in my log
2019-11-03 19:17:11 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from 172.30.33.8
2019-11-03 19:47:40 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from 172.30.33.8
I have no idea what IP address that is, I know it’s not mine. Is there a way to block that IP?
Enable IP bans under http: in your config.
Um, be careful. The IP in question is 172.30.33.8. That’s an RFC-1918 (Private) IP and is NOT coming from the Internet, so IP bans aren’t really going to help you (and may lock you out of your own device).
I’ve been seeing this as well on my system, and the invalid login is always from the machine I normally use to access HA. I believe the token is expiring and rather than HA forcing me back to the login page, it’s logging it as an invalid login attempt.
Also, notice that they’re almost exactly 30 minutes apart…
I suspect that 172.30.33.8 is your normal machine you log into HA from…
It’s a docker container… a private IP address
You beat me to it! I was thinking that too.
It will still be good for @bphillips921 to incorporate the IP-ban functionality in HA, just don’t ban yourself
Yes I agree. If using a reverse proxy also using trusted proxies and x_forwarded_for will reveal the real IP address as well if it’s coming from somewhere else.
Portainer will reveal which container ‘owns’ the docker IP address as well.
Can you guys dumb this down a little for me? I’m not familiar with docker containers. I’m running HASSIO on a Rpi3, so I don’t think I’m using a docker container.
Docker has private networking that runs within its little software/container.
So each container will have a docker IP like 172.xx.xx.xx.
This is only used within docker and maybe between the docker containers if setup to do so.
When bad login connection is received from outside of docker container you May see the IP of the docker container vs the IP of connecting machine. X_forward_for allows you to set the IP of the local machine, in this case the docker IP and localhost probably, so that the application(HA} ignore these in connection header and pick out the IP that the connection is coming from
Also, whatismyip.com will report your Internet accessible, public IP address. It will NOT report your internal network IP. So, the fact that whatismyip.com reports a 173.19.xxx.xxx address doesn’t tell you anything, you’re accessing your HA site from your internal network, so you’re, most likely, running on some RFC 1918 IP.
To find that IP address you should check your local IP configuration.
macOS: Go to System Preferences -> Network and it will show up at the top under “Status”
Windows: Go to Settings -> Network & Internet and it will show up when you select the Network Adapter
I have the same issue and I did not catch the fact that it was internal IPs, but of course it is. My internal IP range is 192.168.1.x so it took some time to come to the conclusion that docker containers was the issue. I have installed the SSH with docker command access and get my docker conainer IPs like this:
config $ docker inspect -f '{{.Name}} - {{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(docker ps -aq)
--- cut ---
/addon_a0d7b954_portainer - 172.30.33.x
/addon_a0d7b954_nginxproxymanager - 172.30.33.8
/addon_cebe7a76_hassio_google_drive_backup - 172.30.33.x
/addon_core_configurator - 172.30.33.x
--- cut ---
So all the “bad login” attempts come from the proxy manager. That makes a whole lot of sense 
Your right, but how do you stop the “bad logins” ?
Use a good password, and they cannot get in.
I have a good password, I want to remove the constant errors from the log.
Perhaps add 2FA / MFA?
This way I think you would suppress most errors logging in. Not sure, but something to try 
Whenever I log in from a new browser i get a login failed message. I am using trusted_networks and trusted_user and bypass login but I ALWAYS get a fail.
Sometimes I then inexplicably get locked out without even seeing a prompt to login - just see the lovely 403 error. No idea why this happens.
In my case it was
# docker inspect -f '{{.Name}} - {{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}'
$(docker ps -aq) |grep 172.30.33.8
/addon_a0d7b954_appdaemon - 172.30.33.8
#
Under Supervisor->Add-ons-> AppDaemon 4 ->logs I had several log entries of
2020-05-22 23:26:21.840811 WARNING HASS: Error in authentication
2020-05-22 23:26:21.842547 WARNING HASS: Disconnected from Home Assistant, retrying in 5 seconds
2020-05-22 23:26:26.990847 INFO HASS: Connected to Home Assistant 0.110.1
2020-05-22 23:26:27.008223 WARNING HASS: Error in authentication
2020-05-22 23:26:27.011337 WARNING HASS: Disconnected from Home Assistant, retrying in 5 seconds
2020-05-22 23:26:32.167370 INFO HASS: Connected to Home Assistant 0.110.1
I was not actually using this addon to anything so I just removed it. No more log entries.
Today I found a failed login around the time of morning when everyone in my house is still sleeping. The failed login is from this IP 65.154.226.109. I traced it backed to century link which now is owned by. Embarq. I am not sure why or who this is originating. I have enabled IP ban, but worried that someone is trying to get into my hub. In addition, I am concerned with having IP ban as my family members could fail to login using their phone on the wifi and cause me not to get in. Anyone have similar situation? If our IP ends up being banned, how would I get back in?