Login attempt failed
Login attempt or request with invalid authentication from 242.23.83.34.bc.googleusercontent.com (34.83.23.242). See the log for details.
Looking in logs I see this:
Logger: homeassistant.components.http.ban
Source: components/http/ban.py:136
integration: HTTP (documentation, issues)
First occurred: 6:46:53 AM (1 occurrences)
Last logged: 6:46:53 AM
Login attempt or request with invalid authentication from 242.23.83.34.bc.googleusercontent.com (34.83.23.242). Requested URL: ‘/media/system/js/core.js’. (Go-http-client/2.0)
that kinda looks like a google cloud vm hitting your login. do you have your home assistant on the internet? if so, it may be a random bot or crawler or hacker coming from a gcp vm.
I’m having the exact same problem as reported by OP, so super keen on figuring out where this is coming from.
I too have HA exposed through Cloudflare as OP does, but that’s all working as I can access HA remotely; so that can’t be the problem.
The only other thing I can think of, as all my integrations are working, is that I trialed the HA Cloud service, so maybe that’s trying to authenticate?
Is there any way of adding more verbose logging in one area?
I never tried HA Cloud FWIW. Cloudflared is working fine for access. It’s not that. It is consistent with a bot of some kind. I’m not sure who/why or how to log better to solve it though. Hopefully someone has tips!
I haven’t gone down that path. Frankly I’m a little overwhelmed managing things on cloudflare. Their website is simultaneously slick yet difficult for me to navigate. Especially with my limited knowledge in this arena not to mention things being split between CF and zero trust web portals
I also get this from time to time, and I am not running Cloudflare or Google Assistant, I have ngnix in front of HA.
It’s probably something running in GCP scanning wide ranges of ip addresses.
I am also running Cloudflare and have the same problem.
So far as I see it is caused by bots running on the internet, most likely ‘bad’ bots.
I think everyone who has enabled access to HA from the internet can run into this problem. When your internet access is secure this login attempts are I think annoying but not more.
I also think @borsa93 is right that the only way to try to avoid this login attempts messages are rules on the firewall, so in the configuration of Cloudfare. So far I did not dive into that.
Hi all, I try to describe all the step to be followed.
First of all login to your dashboard inside Cloudflare and select the domain you want to filter, then the steps indicated bleow allow you to create your own rules.
this is the rule that I’ve created that block all the IPs coming from countries different to Italy and Ireland. (please note that I added also Ireland to continue to use Alexa with Hasska method)
Have implemented the rule in Cloudflare WAF and seems to work for me. In more than 24 hours I didn’t receive any ‘Login attempt’ messages. Living in the Netherlands, only nice people here
Of course it is not a quarantee that you don’t get any of this messages anymore but at least it will be less.
I do also have cloudflare running. Also Google Calendar integration.
And I was suspecting the Google Calender Integration to be the culprit. But Calender is showing just fine.
Does anyone of you also have the Google Calender Integration running?
I previously had WAF blocking countries like China, Iran, Russia but I will give this a shot, reversing to only allow my country. Went with more lenient ip_ban of 2 to start and will report back here for others dealing with this. If it works, I just need to remember to turn off this rule when I travel overseas!
