first, i’m sorry if my english is too bad; i’m french.
I come here to tell what happened to me. Indeed, I was a victim of hacking and I think it’s related to hass.io.
I use it on a raspberry pi 3, I have some sensors and I use a domain name at DuckDNS for remote access. I also installed pi.hole for blocking ads and it is in this one that I noticed an abnormal traffic. In the logs, I see that dozens of IP addresses outside my local network send over 250000 requests over a 2h period, and directed to a single website. These IPs are located in China. At another time, I also see traffic to a US government site. I am not 100% sure that the problem comes from hass.io, that’s why I would like to know if you have been faced with this kind of problem, and if you have any tips or add-ons to secure my installation.
If you are looking to improve security, you want to look into using a password manager if you don’t have one already.
Also portscan your own IP address in order to check what ports are open.
One final thing to try is to only allow access from certain IP addresses, for example you could only allow IP addresses of French origin. I’m afraid I no longer use HassIO but I use an NGINX proxy which has ‘access control profile’ to only allow access from certain IP address ranges.
I’m going to chime in on this can of worms.
tip one;
Personally I don’t open ports on my firewall . I use the Nabu Casa homeassistant cloud. All of the benefits of accessing my home installation without the administrative overhead. Plus the negligible fee helps to support the project.
tip two;
If pi.hole is rejecting the traffic then its functioning correctly. Its sole purpose is to block ads.
The Internet as a whole is a hostile environment. So you you must treat it as such. You may be under an automated attack but unless you have proof that one of your internal nodes has been compromised then you are just being subjected to the ‘normal’ traffic in the wild.
tip three;
I don’t do consumer firewalls, I prefer and support opensource options as I can control the traffic, add intrusion protection and prevention if needed. opnsense is a good option. I have been using hassio along with other opensource programs for quite some time and have never had an issue!
JMHO! I can be flamed if need be. But to assume an application is responsible for your security is a no go.
Hopefully the tips help.