Jump to content
Guides for the Forum Read more... ×
Poradniki na Forum Read more... ×
FIBARO Home Center App 1.0.0 - release Read more... ×
FIBARO Home Center App 1.0.0 - wydanie Read more... ×
  • 0
viwe

REST API - Suspicious Login Attempts Prevented

Question

Version: 4.510 HC2

REST API

 

Hi guys,

 

since update to version 4.510 i get sometimes this email:

 

"Suspicious Login Attempts Prevented: We noticted 5 failed login attempts to your HC2 that seemed suspicious. For
your security, the following IP address xxx has been locked for 30 min"

 

Why? The REST Auth are right. At start status code 200 with successful result and a little bit later 401 bad user and pass.

 

All request, in the previous version, ran flawlessly...

Share this post


Link to post
Share on other sites

9 answers to this question

Recommended Posts

  • 0
On 8/23/2018 at 9:12 AM, viwe said:

Version: 4.510 HC2

REST API

 

Hi guys,

 

since update to version 4.510 i get sometimes this email:

 

"Suspicious Login Attempts Prevented: We noticted 5 failed login attempts to your HC2 that seemed suspicious. For
your security, the following IP address xxx has been locked for 30 min"

 

Why? The REST Auth are right. At start status code 200 with successful result and a little bit later 401 bad user and pass.

 

All request, in the previous version, ran flawlessly...

 

same here...

Share this post


Link to post
Share on other sites
  • 0

Same here... Is it possible that strangers are attempting to logon on Fibaro systems?

How can I extra prevent my systeem?

Share this post


Link to post
Share on other sites
  • 0

well - in my case - it´s a local ip that is causing the problem.

i am running api calls from a local computer and i can´t whitelist this computers ip

Share this post


Link to post
Share on other sites
  • 0

Same here,

 

I changed the password on my HC2 boxes, and now I cannot get in through the mobile application, since it tried to log in a few times automatically with the old password. I receive the email that the local address 192.168.4.223 is blocked for half an hour.

 

The road to hell is sided with good intentions, is a saying that comes to my mind. The implementation of this feature is super annoying, especially if you cannot whitelist IP addresses.

 

Is there a way to remove the block, so that I don't have to wait half an hour?

 

//magnus

Share this post


Link to post
Share on other sites
  • 0

I've got the same issue on 4.510 and it's definitely linked to my mobile app (seen on the local IP of the warning message).

The login can take quite a long time to the app, but then it works as normal.


The strange thing is that the system eventually lets me in and I can use the app, however I still get the email:

 

Suspicious Login Attempts Prevented

We noticed 5 failed login attempts to your HC2-XXXXXXX that seemed suspicious. 
For your security, the following IP address: <LOCAL IP> has been locked for 30 minutes.

       
Anyone has any suggestion what it could be?

Share this post


Link to post
Share on other sites
  • 0

Exactly the same issue here too, my bridge is being locked out all the time.  

 

Is there no way of white listing local IP addresses?

Share this post


Link to post
Share on other sites
  • 0
3 hours ago, axbl said:

For me it is the Google Assistant...

 

 

Same here.

 

I removed my link to Fibaro in Google Home and then the mails stopped coming. I couldn´t turn on or off devices anyway. Official supprt for my language is due  next week (24/10). I´m going to try again then.

 

I also had these mails a while ago before connecting to Google home, then it was IFTTT. Now IFTTT doesn´t work with Fibaro so that is no longer a problem...

Share this post


Link to post
Share on other sites
  • 0

Same issue here, but it started suddenly today. I upgraded my HC2 a few days ago so it does not seem to be directly connected to the upgrade.

 

The IP that is trying to access my HC2 is 34.241.63.69 whch belongs to Amazon Web Services in Ireland.

What is not clear, is if the error comes from log-in attempts over the API, over the local web interface or via home.fibaro.com. I am also making my HC2 available outside my LAN via a DDNS service.

 

I can think of a few possible sources to the problem:

1. Google Home. Perhaps not the most likely source given that the IP belongs to AWS and not to Google. The Google log-in is performed via home.fibaro.com I believe so it is not a direct access to my HC2.

2. Apple Siri. I am using Homebridge for this integration and it runs on a Pi on my local network so I guess it should not be this one causing the problem as it as a 192.168.x.x address.

3. My custom made Android app. It accesses my HC2 API via the DDNS service. So, if the DDNS service provider uses the above IP, then this could be the source. That said, the app has not reported any connection errors to the API...

 

 

/Per

 

Update: I got word from my DDNS provider (Noip.com), it is their IP address! It does not solve the issue though. Perhaps someone unkown to me has got his hands on my DDNS hostname and is trying to break in. I have asked the DDNS provider for a list of IP addresses that have accessed my hostname.

 

Alternatively, this is just the HC2 going bananas for some reason and it has nothing to do with failed log-in attempts. False alarms so to speak...

 

 

Edited by perjar

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×