As soon as I turned up my Home Assistant, I started getting intrusion attempts immediately and persistently direct attacks to only this one computer running a virtual HA OS. Its as if someone knows about this OS, Is it phoning home and reporting itself, Is something compromised? I just shut the thing down. https://1drv.ms/i/s!ApTCdeT9H6oHtHLbcv-q6lOWM–s?e=Uxso9F
Hi Jon, welcome to the forum!
Is (was) you HA available from the internet in some way?
I opened one port (port forwarding) to allow the iphone app to work
So did you open port 80 on your router to be able to use the companion app away from home?
I only opened port 8123 (Home Assistant URL) If I don’t port forward port 8123 to the VBox IP, The iphone app does not work. Yesterday I shut down the port forward and shut down the Vbox HA and no more attacks or intrusion attempts that appear form several countries
Yeah, sorry, my bad: 8123?
That’s the worst thing you can do: opening non-secure port towards the internet to be able to access a service on your network.
You can fire up HA again safely IF you close that port AND your system is not compromised yet.
It’s very normal when you open a port towards the internet that you will see door knocks in the first place.
Just read up on how to securely expose your system: Securing - Home Assistant
Thank you for the link, I do have a VPN to my home network but the app is non functional even inside my own network. Is there something i need to do to get the app to work inside my network? It works perfectly when I port forward 8123 but I see that is a security risk
Of course the app can work on your own network, I do that all the time.
Check this: Getting Started | Home Assistant Companion Docs
Thanks again Nick. I will probably recreate my Virtual Box Home Assistant just to be safe and start over, following the tips in the links you gave me here.
Be aware that, depending on the amount of customization you have invested, you can take a backup and use that on the new install.
OTOH: starting from scratch and doing things manually is a good exercise (have done that too at some time)
Being able to access your system when you’re away can be very useful, just make sure that your system is safe!
Something that can be implemented very easy: Multi-factor authentication - Home Assistant
If you must use an unsecure port forward I believe you can pick whichever external facing port you want to use and then forward that port to your internal HA IP at port 8123. Then use that external port in the mobile app setup.
Just make sure it’s not a common port and use a large number for the port. HA is known to use 8123 so when you open that port bad actors know to easily look for it there.
What’s the use of that?
I don’t understand what the difference/benefit is of just using a different port?
it wouldn’t be a commonly used port so you at least won’t have the lazy hackers probing a very well known and usually unsecured port.
If there are no other options then…well…it’s the only option. And it’s better than advertising to the world that there’s likely a HA install behind that port.
security thru obscurity.
I don’t think moving to a different port will be help at all. 8123 is already an odd port. The whole Internet is scanned like every ten minutes on all ports by large infrastructure, so it really does not matter if you use 8123 or 41234.
While adding a certificate to your HA instance will help you against machine in the middle attacks, that’s not a common issue for private endpoints.
You can use the paid service, that will prevent all external access.
If you want or can, use a vpn towards home. I never got the hang of that, though.
Use strong passwords, update HA regularly, nothing more you can do. I just use a 30 character random password and I’m done.
I agree, the only effect of ‘security through obscurity’ is to calm one’s nerves
I use the WIreguard add-on - it was easy to set up, works great with the app on the (Android) phone and I recently discoverd WGTunnel, which connects automatically when I leave my WiFi:
Agreed. Security through obscurity does not work these days, and I would not consider it being an option any more - especially not, for something that controls and monitors your house.
Please give other options another chance, everyone, if you are doing port forwarding - variations of VPN tunnels, Cloudflared, etc.
The internet (including your IP) is continuously scanned for open ports.
Most scans just probe known ports (which includes port 8123), and when detected open, it will be tried for any vulnerabilities. So when you open any port, intrusion detection will detect activity.
This activity doesn’t mean you are being hacked; it is just an attempt to hack…
As far as I know, HA doesn’t have any know vulnerabilities at the moment (but ofc this also depends on the addons/integrations in use; many of them are 3rd party, over which HA devs do not have any control)
PS: There has been one in the past in Supervisor 2023.03.1
So on itself, opening a port will result in an increased detection of threats.
Just make you have a secure password set on HA and it should be ok…
OFC, using VPN is better (but, not likely, these also can have vulnerabilities, which would result in the same situation…)
Jon, also this: it’s maybe only HA on your network that has the ability to inform you that there are intrusion attempts so your title is partially wrong, which might give the impression that HA is not safe.
For people without the knowledge, this might send the wrong message.
With that port open you only have one layer of security and are hoping HA is secure and that no new vulnerabilities are released. For me that’s a bit to optimistic.
The easy path is to get a Nabu Casa subscription.
Or setup anyone of those VPN type solutions.