So, I was looking at my user list and noticed that there are a lot of Computer (Host Name) entries that match my computers host name as well as a lot of entries that have 127.0.0.1 as the ip address and was wondering how does that occur? I assume 127.0.0.1 is my internal ip address for loopback (localhost) so how does an external connection end up as 127.0.0.1 in the user list?
Re: Host Name/IP Address
By: Mortifis to All on Sat Aug 10 2019 12:51:31
So, I was looking at my user list and noticed that there are a lot of Computer (Host Name) entries that match my computers host name as well as a lot of entries that have 127.0.0.1 as the ip address and was wondering how does that occur? I assume 127.0.0.1 is my internal ip address for loopback (localhost) so how does an external connection end up as 127.0.0.1 in the user list?
fTelnet, most likely.
Interesting, I use fTelnet from my web ui all of the time but it still shows my host name as per external ... I guess there is nothing to be concerned about then? Still odd that user.ip_address would end up being 127.0.0.1; anyway to trap the actual ip address?
At one time the websocket service (and maybe ftelnet itself) was responding to the telnet "send location"
command with the client's real IP address. IIRC this was done so that GeoIP lookups would still work
with websocket clients. I think it was only done so that KenDB3's weather script would work for these
users. I'm not sure if this method could be abused in some way to grab the user's real IP address for
other purposes. Or we could dream up some other method, if it really matters.
So it's nothing to be concerned about, but it does make the user's address in your logs and in their
record fairly useless in these cases. You'd need to look at your WS service's log to find a
corresponding entry from when fTelnet connected.
I cannot find a WS log in data/logs and I combed through a bunch of logs but cannot find any mention of fTelnet. Could you point to where the WS log entry may be? Even if I found the entry my JS skills are limited so I'd have to exec(a php script) to preg_match it LOL
So, I was looking at my user list and noticed that there are a lot ofComputer (Host Name) entries that match my computers host name as well as a lot
does that occur? I assume 127.0.0.1 is my internal ip address for loopback(localhost) so how does an external connection end up as 127.0.0.1 in the user list?
Re: Re: Host Name/IP Address
By: Mortifis to echicken on Sat Aug 10 2019 15:31:52
I cannot find a WS log in data/logs and I combed through a bunch of logs but cannot find any mention of fTelnet. Could you point to where the WS log entry may be? Even if I found the entry my JS skills are limited so I'd have to exec(a php script) to preg_match it LOL
It would be in your 'services' log. If on Windows, that's in the Services tab along with Web and FTP in
the Synchronet Control Panel (no idear what's what if you're running it headless / as NT services).
one way is if the client has control over their DNS... they can return any IP address they want to a doman name lookup... some spammers/hackers return 127.0.0.1...
i first saw this when i was running Apache web server... i wasn't logging the IP numbers... only the domain names... when i ran a script that did reverse lookups, it ran into these and kept telling me it was my system... that's when i switched to logging IPs instead of domain names... then it was very easy to see what they were doing...
not sure if this is what you are describing or not but it is the closest thing i can think of that may explain it...
Sysop: | Zazz |
---|---|
Location: | Mesquite, Tx |
Users: | 7 |
Nodes: | 4 (0 / 4) |
Uptime: | 39:58:07 |
Calls: | 157 |
Files: | 2,095 |
Messages: | 145,234 |