Login Attempt or Request message filling my log

DaveTiff · September 11, 2017, 9:53am

Hi

Running HASSIO 0.53.0 (did the same with previous version)

I have just set up Duck DNS and if I add a password to my config I get the following message in my log every 4 seconds

WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from 172.30.33.1

If I rem out the “api_password” that message dissapears, what am I missing?

Re Dave

abmantis · September 12, 2017, 9:22pm

If you remove the “api_password” it allows HA to be accessed without a password…
If someone is trying to get in (probably just a script checking it), it gets in when you remove the password.

DaveTiff · September 13, 2017, 12:08pm

Hi, if you look up that address it says

You have entered reserved IP Address 172.30.33.1 for private internet use
and IP lookup for these will return not results.

So not sure where it is coming from?

Can I block this address?

Re Dave

DaveTiff · September 13, 2017, 4:41pm

I have added

  ip_ban_enabled: True
  login_attempts_threshold: 5

And that IP address has been banned. If I turn off my port forwarding that IP address still hits HA. I would like to know where it is coming from as my network is 192.168.xxx.xxx range

Re Dave

SFAB · September 13, 2017, 7:21pm

172.30.33.1 is part of the internal network of Hass.io, i.e. part of the supervisor/host system.
You can check that by logging into Hass.io via SSH and using the ifconfig command.

I’ve spotted the same messages in my logs and removed the password protection in order to temporarily fix that.

I guess whitelisting could do the trick, but I haven’t tried that, yet, as I’m only accessing my Hass.io installation from within my local network.

DaveTiff · September 13, 2017, 7:38pm

Thanks for the reply

If you add the code that I used the HA creates a ip_bans.yaml file with the following:-

172.30.33.1:
banned_at: ‘2017-09-13T14:29:25’

This is a one off, i.e. the message never appears in you log again.

Bit of a bug as it should know that it is itself trying to connect, question is if I have banned it then does that affect the host supervisor?

Re Dave

geoffrey · October 19, 2017, 9:22am

I currently am facing the same issue but the weird thing is that the IP address mentioned is the one of the Raspberry Pi where Home Assistant is running on. Any idea what this can be?

I’m running 0.55.0.

phairplay · November 17, 2017, 4:54pm

Hi I’ve just switched to Hassio and getting the same thing.

Why is the happening?

DaveTiff · November 17, 2017, 7:56pm

I have Banned the IP Address but concerned that it may affect something.

Maybe somebody with a greater knowledge of the HASS.IO can explain what is happening?

Regards, Dave

hprotzek · December 12, 2017, 9:13pm

Same problem here, hassio 0.59.2

Should I whitelisting or blocking?

geoffrey · December 29, 2017, 5:42pm

Just circling back to this one because the issue for me was probably caused by a not actively used, but still running instance of homebridge on my Rpi. When I set a password for Home Assistant I did not update it in the config.json of homebridge.

B1tMaster · January 16, 2018, 2:25pm

It was AppDaemon running without properly configuring it. Stop it in Haas.io add-ons screen.
Especially if yours is empty and has nothing i it.

Nathan909 · February 7, 2018, 6:32am

Im having this issue too, what did you do to fix it? Block the local IP or did/will that effect something?

Nathan909 · February 7, 2018, 6:43am

FYI for me it was “AppDaemon2” addon
I added my password to appdaemon.yaml to fix

eg:

HASS:
ha_url: http://xxxxxx.duckdns.org:8123
ha_key: PassW0rd

ygreq · October 19, 2019, 6:57pm

Yeap. I just installed AppDaemon and this same message appeared for me as well.