I thought I’d start looking occasionally for unauthorized access attempts to my HA instance. From viewing the log, either nothing unauthorized has happened, or I don’t know what to look for.
Any thoughts about what I should be searching for to do this?
If i remember correctly denied access attempts show up very prominently in your log. Big red letters that say something like access denied fromb(IP address)
Try to log in with wrong username or password or wrong 2fa authorization and see how this goes.
I don’t know why I didn’t think to simulate this condition myself.
Thanks @ddaniel for this suggestion.
Both invalid password and invalid 2fa created this log entry:
v2023-11-17 16:37:25.834 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from …