Piraté? aide compréhension journal nginx

Pierre_H · Janvier 6, 2024, 8:21

Mon problème

Bonjour, j’ai besoin de votre aide pour comprendre les journaux de NGINX proxy manager je vois des appareils qui ne sont pas les miens dans les journaux mais je ne comprends pas les messages. Es ce que ce sont des tentatives d’intrusion ou bien les personnes sont déja dans mon système?

J’expose HA vers l’extérieur avec duckdns puis NGINX en reverse proxy, j’ai fait ce paramétrage au début il y a environ 2 ans.

Je vous joint une partie des journaux de ce matin au réveil j’avoue que je ne suis pas rassuré.

Pour info mon tel est le pixel 5

Merci par avance à ceux qui prendrons le soin de me répondre.

[06/Jan/2024:06:18:55 +0100] - 200 200 - GET https xxx.duckdns.org "/frontend_es5/custom-panel._sy1NCrol3E.js" [Client 104.234.204.32] [Length 49594] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (Linux; Android 10; LYA-AL00) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.88 Mobile Safari/537.36" "-"
[06/Jan/2024:06:18:55 +0100] - 200 200 - GET https xxx.duckdns.org "/frontend_latest/app.otA1ToECPHw.js" [Client 104.234.204.32] [Length 82756] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (Windows NT 6.0; rv:36.0) Gecko/20100101 Firefox/36.0 SeaMonkey/2.33.1" "-"
[06/Jan/2024:06:18:55 +0100] - 200 200 - GET https xxx.duckdns.org "/frontend_latest/custom-panel.BfpL8X8_uh4.js" [Client 104.234.204.32] [Length 8906] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36" "-"
[06/Jan/2024:06:18:55 +0100] - 200 200 - GET https xxx.duckdns.org "/hacsfiles/iconset.js" [Client 104.234.204.32] [Length 3842] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36" "-"
[06/Jan/2024:06:18:55 +0100] - 200 200 - GET https xxx.duckdns.org "/hacsfiles/lovelace-card-mod/card-mod.js" [Client 104.234.204.32] [Length 19115] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (Linux; Android 10; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Mobile Safari/537.36" "-"
[06/Jan/2024:06:18:56 +0100] - 200 200 - GET https xxx.duckdns.org "/browser_mod.js" [Client 104.234.204.32] [Length 20539] [Gzip -] [Sent-to 192.168.1.51] "SAMSUNG-SGH-E250/1.0 Profile/MIDP-2.0 Configuration/CLDC-1.1 UP.Browser/6.2.3.3.c.1.101 (GUI) MMP/2.0 (compatible; Googlebot-Mobile/2.1;  http://www.google.com/bot.html)" "-"
2024/01/06 06:18:57 [warn] 776#776: *3470 an upstream response is buffered to a temporary file /var/lib/nginx/tmp/proxy/7/03/0000000037 while reading upstream, client: 104.234.204.32, server: xxx.duckdns.org, request: "GET /frontend_es5/app.j2VXJSvCD-c.js HTTP/1.1", upstream: "http://192.168.1.51:8123/frontend_es5/app.j2VXJSvCD-c.js", host: "xxx.duckdns.org"
[06/Jan/2024:06:18:58 +0100] - 200 200 - GET https xxx.duckdns.org "/frontend_latest/core.XdmzaKFA4yc.js" [Client 104.234.204.32] [Length 6366] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (Linux; U; Android 1.5; de-de; Galaxy Build/CUPCAKE) AppleWebKit/528.5  (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1" "-"
[06/Jan/2024:06:18:58 +0100] - 200 200 - GET https xxx.duckdns.org "/frontend_es5/app.j2VXJSvCD-c.js" [Client 104.234.204.32] [Length 143756] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/5.0)" "-"
[06/Jan/2024:06:18:59 +0100] - 200 200 - GET https xxx.duckdns.org "/static/polyfills/webcomponents-bundle.js" [Client 104.234.204.32] [Length 38099] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36" "-"
[06/Jan/2024:06:19:11 +0100] - 200 200 - GET https xxx.duckdns.org "/frontend_es5/custom-panel._sy1NCrol3E.js" [Client 104.234.204.32] [Length 49594] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36" "-"
[06/Jan/2024:06:19:12 +0100] - 200 200 - GET https xxx.duckdns.org "/browser_mod.js" [Client 104.234.204.32] [Length 20539] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (Linux; U; Android 4.1.2; en-us; LG-P870/P87020d Build/JZO54K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30" "-"
[06/Jan/2024:06:19:12 +0100] - 200 200 - GET https xxx.duckdns.org "/frontend_latest/core.XdmzaKFA4yc.js" [Client 104.234.204.32] [Length 6366] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1092.0 Safari/536.6" "-"
[06/Jan/2024:06:19:12 +0100] - 200 200 - GET https xxx.duckdns.org "/hacsfiles/iconset.js" [Client 104.234.204.32] [Length 3842] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (compatible; Yahoo! Slurp China; http://misc.yahoo.com.cn/help.html)" "-"
[06/Jan/2024:06:19:12 +0100] - 200 200 - GET https xxx.duckdns.org "/frontend_latest/custom-panel.BfpL8X8_uh4.js" [Client 104.234.204.32] [Length 8906] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (en-us) AppleWebKit/525.13 (KHTML, like Gecko; Google Web Preview) Version/3.1 Safari/525.13" "-"
[06/Jan/2024:06:19:13 +0100] - 200 200 - GET https xxx.duckdns.org "/frontend_es5/core.QW_E_jyV_HQ.js" [Client 104.234.204.32] [Length 42108] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (Linux; Android 11; GM1910) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Mobile Safari/537.36" "-"
[06/Jan/2024:06:19:13 +0100] - 200 200 - GET https xxx.duckdns.org "/frontend_latest/app.otA1ToECPHw.js" [Client 104.234.204.32] [Length 82756] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" "-"
[06/Jan/2024:06:19:13 +0100] - 200 200 - GET https xxx.duckdns.org "/hacsfiles/lovelace-card-mod/card-mod.js" [Client 104.234.204.32] [Length 19115] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (Windows Phone 8.1; ARM; Trident/7.0; Touch; rv:11.0; IEMobile/11.0; NOKIA; Lumia 630) like Gecko" "-"
[06/Jan/2024:06:19:13 +0100] - 200 200 - GET https xxx.duckdns.org "/static/polyfills/webcomponents-bundle.js" [Client 104.234.204.32] [Length 38099] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36" "-"
[06/Jan/2024:06:19:14 +0100] - 404 404 - GET https xxx.duckdns.org "/manifest.js" [Client 104.234.204.32] [Length 14] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (SymbianOS/9.4; Series60/5.0 NokiaN97-1/10.0.012; Profile/MIDP-2.1 Configuration/CLDC-1.1; en-us) AppleWebKit/525 (KHTML, like Gecko) WicKed/7.1.12344" "-"
[06/Jan/2024:06:19:14 +0100] - 200 200 - GET https xxx.duckdns.org "/frontend_es5/app.j2VXJSvCD-c.js" [Client 104.234.204.32] [Length 143756] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US) AppleWebKit/125.4 (KHTML, like Gecko, Safari) OmniWeb/v563.15" "-"
[06/Jan/2024:06:23:10 +0100] 444 - GET https 82.64.213.233 "/ab2g" [Client 68.183.205.13] [Length 0] [Gzip -] "Mozilla/5.0 zgrab/0.x" "-"
[06/Jan/2024:06:23:10 +0100] 444 - GET https 82.64.213.233 "/ab2h" [Client 68.183.205.13] [Length 0] [Gzip -] "Mozilla/5.0 zgrab/0.x" "-"
[06/Jan/2024:06:23:11 +0100] 444 - GET https 82.64.213.233 "/alive.php" [Client 68.183.205.13] [Length 0] [Gzip -] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" "-"
[06/Jan/2024:06:23:16 +0100] 444 - GET https 82.64.213.233 "/" [Client 68.183.205.13] [Length 0] [Gzip -] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" "-"
[06/Jan/2024:06:23:16 +0100] 400 - GET http 82.64.213.233 "/" [Client 68.183.205.13] [Length 650] [Gzip -] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" "-"
[06/Jan/2024:06:23:17 +0100] 444 - GET https 82.64.213.233 "/t4" [Client 68.183.205.13] [Length 0] [Gzip -] "Mozilla/5.0" "-"
[06/Jan/2024:06:23:18 +0100] 444 - GET https 82.64.213.233 "/favicon.ico" [Client 68.183.205.13] [Length 0] [Gzip -] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" "-"
[06/Jan/2024:06:23:19 +0100] 444 - GET https 82.64.213.233 "/" [Client 68.183.205.13] [Length 0] [Gzip -] "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 10.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)" "-"
[06/Jan/2024:06:23:19 +0100] 444 - GET https 82.64.213.233 "/teorema505?t=1" [Client 68.183.205.13] [Length 0] [Gzip -] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" "-"
[06/Jan/2024:06:55:22 +0100] 400 - GET http 82.64.213.233 "/.env" [Client 5.180.182.35] [Length 650] [Gzip -] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "-"
[06/Jan/2024:06:55:24 +0100] 400 - POST http 82.64.213.233 "/" [Client 5.180.182.35] [Length 650] [Gzip -] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "-"
[06/Jan/2024:06:55:25 +0100] 444 - GET https 82.64.213.233 "/.env" [Client 5.180.182.35] [Length 0] [Gzip -] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "-"
[1/6/2024] [7:03:04 AM] [SSL      ] › ℹ  info      Renewing SSL certs close to expiry...
[06/Jan/2024:07:03:06 +0100] 400 - - http localhost "-" [Client 45.15.158.110] [Length 150] [Gzip -] "-" "-"
[1/6/2024] [7:03:09 AM] [Nginx    ] › ℹ  info      Reloading Nginx
[1/6/2024] [7:03:09 AM] [SSL      ] › ℹ  info      Renew Complete
[1/6/2024] [8:03:04 AM] [SSL      ] › ℹ  info      Renewing SSL certs close to expiry...
[06/Jan/2024:08:03:06 +0100] 444 - GET https 82.64.213.233 "/" [Client 162.216.150.170] [Length 0] [Gzip -] "Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers&#39; presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com" "-"
[1/6/2024] [8:03:09 AM] [Nginx    ] › ℹ  info      Reloading Nginx
[1/6/2024] [8:03:09 AM] [SSL      ] › ℹ  info      Renew Complete
[06/Jan/2024:08:36:53 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/9e929fe48e3bf55b27358e86ba690072201558eb8df4d1d6835a88e18a471aef" [Client 92.184.97.222] [Length 6926] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 11; M2101K7AG)" "-"
[06/Jan/2024:08:36:54 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/9e929fe48e3bf55b27358e86ba690072201558eb8df4d1d6835a88e18a471aef" [Client 92.184.97.222] [Length 6926] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 11; M2101K7AG)" "-"
[06/Jan/2024:08:36:54 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/9e929fe48e3bf55b27358e86ba690072201558eb8df4d1d6835a88e18a471aef" [Client 92.184.97.222] [Length 174] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 11; M2101K7AG)" "-"
[06/Jan/2024:08:37:21 +0100] - 200 200 - POST https xxx.duckdns.org "/auth/token" [Client 192.168.1.254] [Length 232] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:21 +0100] - 200 200 - POST https xxx.duckdns.org "/auth/token" [Client 192.168.1.254] [Length 232] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:21 +0100] - 200 200 - POST https xxx.duckdns.org "/auth/token" [Client 192.168.1.254] [Length 232] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
2024/01/06 08:37:21 [warn] 798#798: *3537 an upstream response is buffered to a temporary file /var/lib/nginx/tmp/proxy/8/03/0000000038 while reading upstream, client: 192.168.1.254, server: xxx.duckdns.org, request: "GET /local/tmp/snapshot_devant_maison_main.jpg HTTP/2.0", upstream: "http://192.168.1.51:8123/local/tmp/snapshot_devant_maison_main.jpg", host: "xxx.duckdns.org"
[06/Jan/2024:08:37:21 +0100] - 200 200 - GET https xxx.duckdns.org "/local/tmp/snapshot_devant_maison_main.jpg" [Client 192.168.1.254] [Length 211736] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
2024/01/06 08:37:21 [warn] 798#798: *3537 an upstream response is buffered to a temporary file /var/lib/nginx/tmp/proxy/9/03/0000000039 while reading upstream, client: 192.168.1.254, server: xxx.duckdns.org, request: "GET /local/tmp/snapshot_devant_maison_main.jpg HTTP/2.0", upstream: "http://192.168.1.51:8123/local/tmp/snapshot_devant_maison_main.jpg", host: "xxx.duckdns.org"
2024/01/06 08:37:21 [warn] 798#798: *3537 an upstream response is buffered to a temporary file /var/lib/nginx/tmp/proxy/0/04/0000000040 while reading upstream, client: 192.168.1.254, server: xxx.duckdns.org, request: "GET /local/tmp/snapshot_devant_maison_main.jpg HTTP/2.0", upstream: "http://192.168.1.51:8123/local/tmp/snapshot_devant_maison_main.jpg", host: "xxx.duckdns.org"
[06/Jan/2024:08:37:21 +0100] - 200 200 - GET https xxx.duckdns.org "/local/tmp/snapshot_devant_maison_main.jpg" [Client 192.168.1.254] [Length 211736] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:21 +0100] - 200 200 - GET https xxx.duckdns.org "/local/tmp/snapshot_devant_maison_main.jpg" [Client 192.168.1.254] [Length 211736] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:23 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 7024] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:26 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 7024] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:26 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 7024] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:26 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 7024] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:26 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 7024] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:26 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 7024] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:27 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 7024] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:27 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 2] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:27 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 7024] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:27 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 7024] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:27 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 7024] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:27 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 7024] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:27 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 7024] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:27 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 7024] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:27 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 7024] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:27 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 2] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:28 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 71] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:28 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 71] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:28 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 71] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:28 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 7024] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:28 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 71] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:28 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 71] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:28 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 71] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:28 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 38] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:30 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 38] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:32 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 2] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:33 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/9e929fe48e3bf55b27358e86ba690072201558eb8df4d1d6835a88e18a471aef" [Client 192.168.1.254] [Length 2] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 11; M2101K7AG)" "-"
[06/Jan/2024:08:37:34 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 2] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:36 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 2] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:39 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 92.184.107.49] [Length 2] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:56 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 192.168.1.254] [Length 523] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:56 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 192.168.1.254] [Length 7024] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:57 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 192.168.1.254] [Length 7024] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:57 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 192.168.1.254] [Length 34] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:57 +0100] - 200 200 - GET https xxx.duckdns.org "/?external_auth=1" [Client 192.168.1.254] [Length 1903] [Gzip 2.23] [Sent-to 192.168.1.51] "Mozilla/5.0 (Linux; Android 14; Pixel 5 Build/UP1A.231105.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/120.0.6099.193 Mobile Safari/537.36" "-"
[06/Jan/2024:08:37:57 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 192.168.1.254] [Length 2] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:37:59 +0100] - 404 404 - GET https xxx.duckdns.org "/local/apexcharts-card.js" [Client 192.168.1.254] [Length 14] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (Linux; Android 14; Pixel 5 Build/UP1A.231105.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/120.0.6099.193 Mobile Safari/537.36" "https://xxx.duckdns.org/lovelace?external_auth=1"
[06/Jan/2024:08:37:59 +0100] - 404 404 - GET https xxx.duckdns.org "/local/banner-card.js?v=1" [Client 192.168.1.254] [Length 14] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (Linux; Android 14; Pixel 5 Build/UP1A.231105.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/120.0.6099.193 Mobile Safari/537.36" "https://xxx.duckdns.org/lovelace?external_auth=1"
[06/Jan/2024:08:37:59 +0100] - 404 404 - GET https xxx.duckdns.org "/local/mini-graph-card-bundle.js" [Client 192.168.1.254] [Length 14] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (Linux; Android 14; Pixel 5 Build/UP1A.231105.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/120.0.6099.193 Mobile Safari/537.36" "https://xxx.duckdns.org/lovelace?external_auth=1"
[06/Jan/2024:08:38:02 +0100] - 304 304 - GET https xxx.duckdns.org "/service_worker.js" [Client 192.168.1.254] [Length 0] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (Linux; Android 14; Pixel 5 Build/UP1A.231105.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/120.0.6099.193 Mobile Safari/537.36" "https://xxx.duckdns.org/service_worker.js"
[06/Jan/2024:08:38:07 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 192.168.1.254] [Length 2] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:38:10 +0100] - 200 200 - GET https xxx.duckdns.org "/api/hassio/addons/a0d7b954_nginxproxymanager/logs" [Client 192.168.1.254] [Length 2895] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (Linux; Android 14; Pixel 5 Build/UP1A.231105.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/120.0.6099.193 Mobile Safari/537.36" "https://xxx.duckdns.org/config/logs"
[06/Jan/2024:08:38:10 +0100] - 200 200 - GET https xxx.duckdns.org "/api/hassio/addons/a0d7b954_nginxproxymanager/logs" [Client 192.168.1.254] [Length 2954] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (Linux; Android 14; Pixel 5 Build/UP1A.231105.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/120.0.6099.193 Mobile Safari/537.36" "https://xxx.duckdns.org/config/logs"
[06/Jan/2024:08:38:13 +0100] - 200 200 - GET https xxx.duckdns.org "/api/hassio/addons/a0d7b954_nginxproxymanager/logs" [Client 192.168.1.254] [Length 2950] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (Linux; Android 14; Pixel 5 Build/UP1A.231105.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/120.0.6099.193 Mobile Safari/537.36" "https://xxx.duckdns.org/config/logs"
[06/Jan/2024:08:38:17 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 192.168.1.254] [Length 2] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:38:27 +0100] - 200 200 - POST https xxx.duckdns.org "/api/webhook/6a4df307b0a324cde44ac22e60ebb33e5d32508673a7ff89a9225f9a0aa27f50" [Client 192.168.1.254] [Length 2] [Gzip -] [Sent-to 192.168.1.51] "Home Assistant/2023.12.4-11898 (Android 14; Pixel 5)" "-"
[06/Jan/2024:08:39:09 +0100] - 200 200 - GET https xxx.duckdns.org "/api/hassio/addons/a0d7b954_nginxproxymanager/logs?authSig=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI2MWI3Yjc4MTM5NTE0MDA1YmQ2YWY2Yjk2MmMxN2YyYSIsInBhdGgiOiIvYXBpL2hhc3Npby9hZGRvbnMvYTBkN2I5NTRfbmdpbnhwcm94eW1hbmFnZXIvbG9ncyIsInBhcmFtcyI6W10sImlhdCI6MTcwNDUyNjc0OSwiZXhwIjoxNzA0NTI2Nzc5fQ.knX3jUdQN44Z_61z_VXlek_JR6zBHzKCw2dKdi4QX_8" [Client 192.168.1.254] [Length 2868] [Gzip -] [Sent-to 192.168.1.51] "Mozilla/5.0 (Linux; Android 14; Pixel 5 Build/UP1A.231105.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/120.0.6099.193 Mobile Safari/537.36" "https://xxx.duckdns.org/config/logs"

Pulpy-Luke · Janvier 6, 2024, 9:26

Salut,

Pas vraiment de quoi s’inquiéter :

Des robots d’indexation :

Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com
Des actions de ta part (tous les codes 200)

[06/Jan/2024:08:39:09 +0100] - 200 200

des scans automatiques

[06/Jan/2024:06:23:10 +0100] 444 - GET https 82.64.213.233 "/ab2g" [Client 68.183.205.13] [Length 0] [Gzip -] "Mozilla/5.0 zgrab/0.x" "-"
[06/Jan/2024:06:23:10 +0100] 444 - GET https 82.64.213.233 "/ab2h" [Client 68.183.205.13] [Length 0] [Gzip -] "Mozilla/5.0 zgrab/0.x" "-"
[06/Jan/2024:06:23:11 +0100] 444 - GET https 82.64.213.233 "/alive.php" [Client 68.183.205.13] [Length 0] [Gzip -] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" "-"
[06/Jan/2024:06:23:16 +0100] 444 - GET https 82.64.213.233 "/" [Client 68.183.205.13] [Length 0] [Gzip -] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" "-"
[06/Jan/2024:06:23:16 +0100] 400 - GET http 82.64.213.233 "/" [Client 68.183.205.13] [Length 650] [Gzip -] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" "-"
[06/Jan/2024:06:23:17 +0100] 444 - GET https 82.64.213.233 "/t4" [Client 68.183.205.13] [Length 0] [Gzip -] "Mozilla/5.0" "-"
[06/Jan/2024:06:23:18 +0100] 444 - GET https 82.64.213.233 "/favicon.ico" [Client 68.183.205.13] [Length 0] [Gzip -] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" "-"
[06/Jan/2024:06:23:19 +0100] 444 - GET https 82.64.213.233 "/" [Client 68.183.205.13] [Length 0] [Gzip -] "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 10.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)" "-"
[06/Jan/2024:06:23:19 +0100] 444 - GET https 82.64.213.233 "/teorema505?t=1" [Client 68.183.205.13] [Length 0] [Gzip -] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" "-"
[06/Jan/2024:06:55:22 +0100] 400 - GET http 82.64.213.233 "/.env" [Client 5.180.182.35] [Length 650] [Gzip -] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "-"
[06/Jan/2024:06:55:24 +0100] 400 - POST http 82.64.213.233 "/" [Client 5.180.182.35] [Length 650] [Gzip -] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "-"
[06/Jan/2024:06:55:25 +0100] 444 - GET https 82.64.213.233 "/.env" [Client 5.180.182.35] [Length 0] [Gzip -] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "-"

MilesTEG1 · Janvier 6, 2024, 9:26

Salut
Si les IP internet ne sont pas les tiennent il faut regarder les paramètres de pare-feu ou de géo blocage de nginx.
Tu peux vérifier d’où sont issues ces IP :
https://www.abuseipdb.com/

Sinon tu as bien mis en place la double authentification ?
Je te suggère aussi de mettre en place Crowdsec et fail2ban sur ton serveur où nginx est installé.
(Je ne connais pas npm par contre)

Pierre_H · Janvier 6, 2024, 9:36

Bonjour Pulpy-Luke,
Ce qui m’inquiète ce sont les codes 200 de 6h18 par exemple avec des périphériques qui ne sont pas mon téléphone ni mon pc?
J’avoue je ne maitrise pas du tout les codes et ce que cela signifie.

Pierre_H · Janvier 6, 2024, 9:40

Bonjour Miles TEG1,

oui j’ai la double authentification mais pas depuis le début que j’ai installer NGINX et ouvert mon HA vers l’extérieur.
Ce qui m’a fait aller voir les journaux c’est une vidéo Youtube de Makernix qui expliquait comment il était facile de hacker HA.

Je vais regarder comment sécuriser un peu plus HAOS voir si je peux trouver en add on crowdsec ou fail2ban je ne connais pas du tout.

Pulpy-Luke · Janvier 6, 2024, 9:52

c’est pas pour autant que c’est un méchant pirate. Par exemple, des applications externes/cloud (google home, Tuya etc) peuvent tout à faire venir collecter des infos sur ton HA. C’est très dépendant de ce que tu installes/utilises.
Pour avoir un code 200, ça veut dire :

connaitre une url légitime/existante (c’est pas le cas du script qui passe à 6h23 par exemple)
être authentifié (un vieux mot de passe d’avant ta double auth, ça suffit pas)

Donc à partir de là, il reste que 2 possibilités :

soit c’est toi et la double auth suffit
soit c’est un accès par token (et c’est forcement un truc que tu as installé/configuré)

Dans le doute, renouvelle les accés et puis voilà

Celle avec l’histoire du port 22 ? C’est pas vraiment le cas d’usage ici (ngnix ça fait pas de SSH)… donc bon…

Pierre_H · Janvier 6, 2024, 10:32

Merci pour ta réponse qui me rassure un peu j’avoue que je ne comprenais pas vraiment les logs.

Quand tu dit renouvelle les accès tu parles de changer mon mot de passe HA ? ou bien de renouveler le certificat SSL de NGINX?

Pour renforcer la sécurité que me conseil tu?

J’ai que le port 443 d’ouvert et j’ouvre le 80 juste pour renouveller le certificat SSL tous les 2 mois environ.

Merci en tout cas.

Pulpy-Luke · Janvier 6, 2024, 10:50

Renouveler le certificat, ça ne sert absolument à rien, HA reste accessible tout pareil
443 et/ou 80 c’est aussi sans impact : 2 ports courants qui sont scannés de la même façon.
Si tu veux vraiment sécuriser, il ne faut pas rendre son HA dispo sur internet.

Pierre_H · Janvier 6, 2024, 10:58

merci je sais que si je ne veux prendre aucun risque je ne dois pas exposé mais je souhaite remettre une couche de sécurité si c’est possible en plus du reverse proxy NGINX.

Et du coup tu n’as pas répondu à ma question de renouveler mes accès tu parlais de changer le mot de passe HA?

merci

Pulpy-Luke · Janvier 6, 2024, 11:10

Il n’y pas vraiment solution.

fail2ban and co ça bloquera les scripts automatiques mais comme dans 99% du temps, c’est du wordpress, du php etc, HA n’est pas concerné. Donc ça ne fera que limiter un peu le trafic.
les accès légitimes par accès mot de passe compromis, sont corrigeables en changeant le mdp ou en activant la double auth
les failles HA, ne sont de toute façon pas corrigeables tant que pas révélées

Oui mais ça ne résoud pas le souci, si c’est des addons qui les utilisent, tu auras les même accès