Selfhosted

59940 readers

566 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam.
Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.
Don't duplicate the full text of your blog or git here. Just post the link for folks to click.
Submission headline should match the article title.
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago

MODERATORS

curbstickle@anarchist.nexus

curbstickle_lw@lemmy.world

Is it normal to not have any malicious login attempts? (reddthat.com)

submitted 1 year ago by hit_the_rails@reddthat.com to c/selfhosted@lemmy.world

17 comments fedilink hide all child comments

cross-posted from: https://reddthat.com/post/39309359

I've been running Home Assistant for three years. It's port forwarded on default port 8123 via a reverse proxy in a dedicated VM serving it over HTTPS and is accessible over ipv4 and ipv6. All user accounts have MFA enabled.

I see a notification every time there's a failed login attempt, but every single one is either me or someone in my house. I've never seen a notification for any other attempts from the internet. Not a single one.

Is this normal? Or am I missing something? I expected it to be hammered with random failed logins.

you are viewing a single comment's thread
view the rest of the comments

[–] yaroto98@lemmy.org 1 points 1 year ago

Might need more info about your setup. The reverse proxy probably has some logs you aren't looking at. Most bots from what I've seen do ip:port scans hitting every ip and every port. Nginx reverse proxy manager or something similar isn't going to forward ip:8123 to home assistant. A straight router port forward will, but the reverse proxy manager will look at the domain GET request for https://ha.hit_the_rails.net to your LAN ip:port. It's a little security through obscurity as they have to know your sub+domain.

For a time I had port 22 open and forwarded directly to a server. Constant bot traffic. Changed the port, put an ssh honeypot on 22, and it almost completely went away. Sure the bots could be smart enough to scan and find another open ssh port, but they rarely did. I assume because anyone savvy enough to change the ssh port is savvy enough to not allow default logins like ubnt:ubnt and root:1234 which were by far the most common logins I got in the honeypot.