Jump to content

Welcome to Smart Home Forum by FIBARO

Dear Guest,

 

as you can notice parts of Smart Home Forum by FIBARO is not available for you. You have to register in order to view all content and post in our community. Don't worry! Registration is a simple free process that requires minimal information for you to sign up. Become a part of of Smart Home Forum by FIBARO by creating an account.

 

As a member you can:

  •     Start new topics and reply to others
  •     Follow topics and users to get email updates
  •     Get your own profile page and make new friends
  •     Send personal messages
  •     ... and learn a lot about our system!

 

Regards,

Smart Home Forum by FIBARO Team


  • 1

REST API - Suspicious Login Attempts Prevented


viwe

Question

Version: 4.510 HC2

REST API

 

Hi guys,

 

since update to version 4.510 i get sometimes this email:

 

"Suspicious Login Attempts Prevented: We noticted 5 failed login attempts to your HC2 that seemed suspicious. For
your security, the following IP address xxx has been locked for 30 min"

 

Why? The REST Auth are right. At start status code 200 with successful result and a little bit later 401 bad user and pass.

 

All request, in the previous version, ran flawlessly...

Link to comment
Share on other sites

11 answers to this question

Recommended Posts

  • 0
On 8/23/2018 at 9:12 AM, viwe said:

Version: 4.510 HC2

REST API

 

Hi guys,

 

since update to version 4.510 i get sometimes this email:

 

"Suspicious Login Attempts Prevented: We noticted 5 failed login attempts to your HC2 that seemed suspicious. For
your security, the following IP address xxx has been locked for 30 min"

 

Why? The REST Auth are right. At start status code 200 with successful result and a little bit later 401 bad user and pass.

 

All request, in the previous version, ran flawlessly...

 

same here...

Link to comment
Share on other sites

  • 0

Same here... Is it possible that strangers are attempting to logon on Fibaro systems?

How can I extra prevent my systeem?

Link to comment
Share on other sites

  • 0

well - in my case - it´s a local ip that is causing the problem.

i am running api calls from a local computer and i can´t whitelist this computers ip

Link to comment
Share on other sites

  • 0

Same here,

 

I changed the password on my HC2 boxes, and now I cannot get in through the mobile application, since it tried to log in a few times automatically with the old password. I receive the email that the local address 192.168.4.223 is blocked for half an hour.

 

The road to hell is sided with good intentions, is a saying that comes to my mind. The implementation of this feature is super annoying, especially if you cannot whitelist IP addresses.

 

Is there a way to remove the block, so that I don't have to wait half an hour?

 

//magnus

Link to comment
Share on other sites

  • 0

I've got the same issue on 4.510 and it's definitely linked to my mobile app (seen on the local IP of the warning message).

The login can take quite a long time to the app, but then it works as normal.


The strange thing is that the system eventually lets me in and I can use the app, however I still get the email:

 

Suspicious Login Attempts Prevented

We noticed 5 failed login attempts to your HC2-XXXXXXX that seemed suspicious. 
For your security, the following IP address: <LOCAL IP> has been locked for 30 minutes.

       
Anyone has any suggestion what it could be?

Link to comment
Share on other sites

  • 0

Exactly the same issue here too, my bridge is being locked out all the time.  

 

Is there no way of white listing local IP addresses?

Link to comment
Share on other sites

  • 0
3 hours ago, axbl said:

For me it is the Google Assistant...

 

 

Same here.

 

I removed my link to Fibaro in Google Home and then the mails stopped coming. I couldn´t turn on or off devices anyway. Official supprt for my language is due  next week (24/10). I´m going to try again then.

 

I also had these mails a while ago before connecting to Google home, then it was IFTTT. Now IFTTT doesn´t work with Fibaro so that is no longer a problem...

Link to comment
Share on other sites

  • 0

Same issue here, but it started suddenly today. I upgraded my HC2 a few days ago so it does not seem to be directly connected to the upgrade.

 

The IP that is trying to access my HC2 is 34.241.63.69 whch belongs to Amazon Web Services in Ireland.

What is not clear, is if the error comes from log-in attempts over the API, over the local web interface or via home.fibaro.com. I am also making my HC2 available outside my LAN via a DDNS service.

 

I can think of a few possible sources to the problem:

1. Google Home. Perhaps not the most likely source given that the IP belongs to AWS and not to Google. The Google log-in is performed via home.fibaro.com I believe so it is not a direct access to my HC2.

2. Apple Siri. I am using Homebridge for this integration and it runs on a Pi on my local network so I guess it should not be this one causing the problem as it as a 192.168.x.x address.

3. My custom made Android app. It accesses my HC2 API via the DDNS service. So, if the DDNS service provider uses the above IP, then this could be the source. That said, the app has not reported any connection errors to the API...

 

 

/Per

 

Update: I got word from my DDNS provider (Noip.com), it is their IP address! It does not solve the issue though. Perhaps someone unkown to me has got his hands on my DDNS hostname and is trying to break in. I have asked the DDNS provider for a list of IP addresses that have accessed my hostname.

 

Alternatively, this is just the HC2 going bananas for some reason and it has nothing to do with failed log-in attempts. False alarms so to speak...

 

 

Edited by perjar
Link to comment
Share on other sites

  • 0

I have the same problem and in my case it's an iPhone, that works very well btw, causing all the spam.

 

Anyone have a solution?

 

Edited by sege
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...