Home assistant Login attempt or request with invalid authentication from 10.xx.xx.xx (10.xx.xx.xx). See the log for details

Hello,

Yesterday, I noticed 2 warnings in HA log, minutes after they occured.

home assistant Login attempt or request with invalid authentication from 10.xx.xx.xx (10.xx.xx.xx). See the log for details.

Filtered a potential harmful request to: /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh


I quickly disconnected my router, closed the opened ports, ditched DuckDNS and set up Nabu Casa.

Before setting up Nabu Casa, I isolated HA and tried to figure out where that IP was coming from, which took some time.

I found no other post in the forum where the attack was coming from the inside. This ip address belonged to an Ethernet_IPTV interface in my WAN settings. I disabled it as I dont have an IPTV.

Is my network compromised? I cant find any unknown devices connected to my network.
Is there any further action I must take?

Thank you

10.x.x.x has to be something on your local network. Maybe one of the devices or a phone had a login issue.

Looks like an Apache path traversal exploit attempt. Whatever ip address that came from (10.x yes it’s private addressing but that could also be exploited on an improperly setup router) tried to probe ha to see if it was running apache and try to root it.

Id be more worried about the source ip address than your HA box right now :sunglasses:

Thats what im worried about mostly, tbh… any idea where to start? My router had stock settings apart from the previously opened ports, which I closed.

Without any other information about your network. No I wouldn’t even know where to start except for what you already showed.

What I can say for certain that pattern was stopped because it’s a known pattern and wherever it came FROM is your issue. Not HA.

Unfortunately, I can’t know that… A custom integration probably, I only used 1, which I removed. I will keep track of my traffic to see if there’s anything suspicious, probably the only thing I can do.

1 Like