Had a couple of these in the last few days from what appears to be different sources
Just need some advice on making sure my HA is as secure as it can be
I have just enabled 2FA for my HA login is there any thing else I should do please?
Thanks
Logger: homeassistant.components.http.ban
Source: components/http/ban.py:82
Integration: HTTP (documentation, issues)
First occurred: 6 February 2023 at 20:53:28 (3 occurrences)
Last logged: 04:02:06
Login attempt or request with invalid authentication from 165.22.98.234 (165.22.98.234). Requested URL: ‘/media/wp-includes/wlwmanifest.xml’. (Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36)
Login attempt or request with invalid authentication from 188.166.210.151 (188.166.210.151). Requested URL: ‘/media/wp-includes/wlwmanifest.xml’. (Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36)
I am also using couldflare getting the same failed attempts a lot.
Logger: homeassistant.components.http.ban
Source: components/http/ban.py:82
Integration: HTTP (documentation, issues)
First occurred: February 6, 2023 at 11:44:04 AM (6 occurrences)
Last logged: 6:52:27 AM
I had this as well when I switched over to Cloudflare some time ago. I just assume this is people scanning for open ports/urls since HA is now exposed to the WWW.
To overcome this and secure my HA I set my password to a random generated password. Did this for all my HA users. Then I enabled IP ban within HA. I set the threshold low so they get blocked right away.