Hi Community, this is my first post here.
I am happily using HA OS since few months, trying to learn the best I can and slowly building automations for my house.
For external access, few days ago I switched from DuckDNS / NGINX to Cloudflared addon.
external access works fine, but since then I am getting recurrent notification like follows:
Login attempt or request with invalid authentication from 165.232.167.28 (165.232.167.28). See the log for details.
No apparent other malfunctions and I couldn’t find anything on the log related to that.
What could it be?
Thanks in advance.
EDIT
Just to clarify that I uninstalled NGINX / DuckDNS addons and my http configuration is as follows:
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24 #Remote LAN
- 192.168.1.247 #Your Home assistant IP only
ip_ban_enabled: true
login_attempts_threshold: 5
I see.
Out of curiosity, shouldn’t a brute force attack try to login many times? I only see a warning every couple of days or so, and every time from a different IP.
And why don’t I find anything in the log? Does HA has a special log for access?
Anyway, I read that Cloudflare tunnel does not make the system more secure per se vs DuckDNS / port forwarding, ok the IP is not exposed, but the URL is.
Tihs makes me a bit worried, what other measures shoud I take, on top of a strong password?
2FA is the best mitigation against account access attempts, I’d recommend enabling it (not just on HA, but everywhere you can).
There’s a good chance that almost every failed attempt you see is just a bot crawling the web and they went past your IP/domain while scanning. Unless you’re seeing repeated attempts from the same IP it’s unlikely you’ve been targeted specifically.
