@krash wrote:
Hey guys,
Last few weeks (months probably) I’m having failed login attempts in my logs.
Most of them are registered from my modem’s IP.
Few seem to be from IPs that i dont recognize.
The “inter-docker” IP range starts by 172, so i believe they are externalI am using hassio on a docker with ubuntu, duckdns with lets-encrupt addon and port forwarding on the modem. I also have the android app installed on two phones, and a tab on my fridge with fully-kiosk browser. Within my HA i have set up several ESPhome devices, unflashed sonoffs, octopi, my home alarm, xiaomi gateways and a load of other integrations i can’t even think of right now
Here is what i found this morning (HA reboots at around 6am):
Login attempt or request with invalid authentication from *Modem IP* 8:56:30 AM – HTTP (WARNING) - message first occurred at 8:40:02 AM and shows up 10 timesLog Details (WARNING) Logger: homeassistant.components.http.ban Source: components/http/ban.py:75 Integration: HTTP (documentation, issues) First occurred: 8:40:02 AM (10 occurrences) Last logged: 8:56:30 AM Login attempt or request with invalid authentication from *Modem IP*I also logged these IPs on 17/5
17/05 Login attempt or request with invalid authentication from 2.87.153.114 Login attempt or request with invalid authentication from 109.178.240.204 12:12:21 PM – HTTP (WARNING) - message first occurred at 10:42:10 AM and shows up 8 times Logger: homeassistant.components.http.ban Source: components/http/ban.py:75 Integration: HTTP (documentation, issues) First occurred: 10:42:10 AM (8 occurrences) Last logged: 12:12:21 PM Login attempt or request with invalid authentication from 109.178.240.204 Login attempt or request with invalid authentication from 2.87.153.114 # I just traced the IPs and one looks like it's near my office, the other near a location i visited that weekend. So probably one of my devices is causing these?Please let me know what logs you need to see and i will be updating as soon as they appear.
Is this important? should i go change my duckdns domain name and ports?
I am not experienced enough to set up reverse proxy or vpn (as people often say) but if someone could provide a comprehensive guide i could give it a try.
How can i track this down and see if i have something of mine that tries to connect (ie. a family phone) or if I am being attacked by someone (?).
I know there are several other posts about it but i can’t figure out how to move forward, so any help is highly appreciated.
Thanks in advance.
Posts: 1
Participants: 1