I set up the cloudflare post quantum tunnel for remote access to home assistant, having switched over from duck DNS because duckdns keeps going down.
Some time ago someone tried to steal my identity so ever since I have been very hyper and careful about my online security.
Seems like the new domain I set up for this was leaked so a bunch of random IP addresses from random domains kept trying to log into my home assistant - but never more than one attempot each time. I have blocked them all (including their domains) and my Home Assistant password is ridiculously long so it’s not an issue… But one of the ones trying to log in was an IP address from a domain including the word “googleusercontent”. Once I blocked any domain including that text however, any Chrome extension changes break, my Nest thermostat integration breaks, I am unable access my Nest thermostat from the Nest app and almost any kind of an icon that needs to be displayed shows up as a broken link… It took me a while to figure out what started causing all these issues… But that means someone from an IP address belonging to Google is trying to break into my Home Assistant - ? WTH? Sheesh!
Haven’t you got some addon or plugin running that is trying to sync with Home Assistant?
I’ve synced my Home Assistant with Google Home, so I imagine a service like that will check in on Home Assistant to see the state of the devices you’ve added.
Worried about identity theft and security, yet opens home network to the public Internet.
I can’t reconcile those two.
Something you need to know:
Google owns The Web Archive, which is an attempt to store a copy of the entire internet as points in time archives so information doesn’t get lost when people change their blog platforms, when companies go out of business, etc.
Google does this by spidering websites.
Google knows what to slider by monitoring DNS changes in their cached DNS servers.
My guess is that whenever there is a new or a change in DNS, or whenever there is a change in a cached webpage, they cue up their web server to update their search engine, and update the Web Archive.
My other guess is that there are other bots that monitor Google’s updates and use them as triggers for their own web spiders.
The moment you created a dynamic DNS entry for your home network’s exposed port with Home Assistant running on it, you triggered a bunch of web spiders to come visit your home network on that port, and all of the subsequent bots that follow after Google.
Doesn’t sound like such a great idea now, does it?
FWIW: I learned this the hard way myself over a decade ago.
I’m just curious what kind of login-attempts you’ve experienced.
Googleusercontent is also being used by multiple bots; bots indexing your site for example.
Personally I don’t think your domainname was “leaked”, it became know when you registered it. Anyone can access your domain because you’ve published DNS-records, making it become available to the general public including Google.
@devinhedge1 yes, I am still working out how to make it completely secure while still allowing expternal access for myself, I am by no means a security expert. That being said, that is a very good point regarding the indexing I should have remembered that. @hebom they are just simple login attempts to HA. They have however, settled down and happen less and less often.
Thank you @devinhedge1. I have just moved all the IOT devices into an IOT vlan.
Interally - it may take me a little bit but I need to next block one vlan from the other - except for the required traffic. Not sure how to figure out easily what traffic to allow or disallow without a forever game of breaking everything, the fixing them one at a time which will refult in a nearly permanent negative WAF, and then allowing everything until I continue to work on it later etc. Possibly disallow all except for the MAC address of every IOT device which doesn’t sound - very sound - either.
Externally - the solution you suggest would also require me to use said vpn for even things as simple as the nest app for my thermostat for external access. One thing I’ve been looking for for a while and I think it’s an impossible holy grail Is to never have to use any additional software on the devices I use to access the site externally (ig., from cel phone etc.) - is that use case an impossibility (meaning the only best second option it to use super long passwords and maybe mac address filtering)?