If you remove the “api_password” it allows HA to be accessed without a password…
If someone is trying to get in (probably just a script checking it), it gets in when you remove the password.
And that IP address has been banned. If I turn off my port forwarding that IP address still hits HA. I would like to know where it is coming from as my network is 192.168.xxx.xxx range
172.30.33.1 is part of the internal network of Hass.io, i.e. part of the supervisor/host system.
You can check that by logging into Hass.io via SSH and using the ifconfig command.
I’ve spotted the same messages in my logs and removed the password protection in order to temporarily fix that.
I guess whitelisting could do the trick, but I haven’t tried that, yet, as I’m only accessing my Hass.io installation from within my local network.
I currently am facing the same issue but the weird thing is that the IP address mentioned is the one of the Raspberry Pi where Home Assistant is running on. Any idea what this can be?
Just circling back to this one because the issue for me was probably caused by a not actively used, but still running instance of homebridge on my Rpi. When I set a password for Home Assistant I did not update it in the config.json of homebridge.