So, I was looking at my user list and noticed that there are a lot of Computer (Host Name) entries that match my computers host name as well as a lot of entries that have 127.0.0.1 as the ip address and was wondering how does that occur? I assume 127.0.0.1 is my internal ip address for loopback (localhost) so how does an external connection end up as 127.0.0.1 in the user list?


My doctor said I have the body of a 25 year old ... and the mind of a 10 :-/

---
þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Host Name/IP Address
By: Mortifis to All on Sat Aug 10 2019 12:51:31

So, I was looking at my user list and noticed that there are a lot of Computer (Host Name) entries that match my computers host name as well as a lot of entries that have 127.0.0.1 as the ip address and was wondering how does that occur? I assume 127.0.0.1 is my internal ip address for loopback (localhost) so how does an external connection end up as 127.0.0.1 in the user list?

fTelnet, most likely.

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Host Name/IP Address
By: Mortifis to All on Sat Aug 10 2019 12:51:31

So, I was looking at my user list and noticed that there are a lot of Computer (Host Name) entries that match my computers host name as well as a lot of entries that have 127.0.0.1 as the ip address and was wondering how does that occur? I assume 127.0.0.1 is my internal ip address for loopback (localhost) so how does an external connection end up as 127.0.0.1 in the user list?

fTelnet, most likely.

Interesting, I use fTelnet from my web ui all of the time but it still shows my host name as per external ... I guess there is nothing to be concerned about then? Still odd that user.ip_address would end up being 127.0.0.1; anyway to trap the actual ip address?

My doctor said I have the body of a 25 year old ... and the mind of a 10 :-/

---
þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Host Name/IP Address
By: Mortifis to echicken on Sat Aug 10 2019 13:37:41

Interesting, I use fTelnet from my web ui all of the time but it still shows my host name as per external ... I guess there is nothing to be concerned about then? Still odd that user.ip_address would end up being 127.0.0.1; anyway to trap the actual ip address?

fTelnet talks to the websocket service, and the websocket service talks to your
telnet server. Thus as
far as the telnet server is concerned, connections originate from wherever the websocket service is
running (typically localhost).

The address/hostname in your user record is (I think) wherever you last connected from, and can be
updated by various services (not just ssh/telnet/rlogin). (Mine currently reflects where gmail connected
from while polling for new mail.)

So it's nothing to be concerned about, but it does make the user's address in your logs and in their
record fairly useless in these cases. You'd need to look at your WS service's log to find a
corresponding entry from when fTelnet connected.

At one time the websocket service (and maybe ftelnet itself) was responding to the telnet "send location"
command with the client's real IP address. IIRC this was done so that GeoIP lookups would still work
with websocket clients. I think it was only done so that KenDB3's weather script would work for these
users. I'm not sure if this method could be abused in some way to grab the user's real IP address for
other purposes. Or we could dream up some other method, if it really matters.

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

At one time the websocket service (and maybe ftelnet itself) was responding to the telnet "send location"
command with the client's real IP address. IIRC this was done so that GeoIP lookups would still work
with websocket clients. I think it was only done so that KenDB3's weather script would work for these
users. I'm not sure if this method could be abused in some way to grab the user's real IP address for
other purposes. Or we could dream up some other method, if it really matters.

At the end of the day, it doesn't really matter in my case. I am adding to my useful-only-to-me dup_user_check.js comparing host_names, ip addresses, etc ... mostly so I can reduce the likelihood that someone having multiple accounts with those values could use my smtp server as a spam service ... I use to run the telgate door where one could telnet into my board then telnet out to another board, but that was being abused and dangerous so I deleted it!

Thanks you, EC, as always, very helpful.

My doctor said I have the body of a 25 year old ... and the mind of a 10 :-/

---
þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

So it's nothing to be concerned about, but it does make the user's address in your logs and in their
record fairly useless in these cases. You'd need to look at your WS service's log to find a
corresponding entry from when fTelnet connected.

I cannot find a WS log in data/logs and I combed through a bunch of logs but cannot find any mention of fTelnet. Could you point to where the WS log entry may be? Even if I found the entry my JS skills are limited so I'd have to exec(a php script) to preg_match it LOL

Thanks for the help.


My doctor said I have the body of a 25 year old ... and the mind of a 10 :-/

---
þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Host Name/IP Address
By: Mortifis to echicken on Sat Aug 10 2019 15:31:52

I cannot find a WS log in data/logs and I combed through a bunch of logs but cannot find any mention of fTelnet. Could you point to where the WS log entry may be? Even if I found the entry my JS skills are limited so I'd have to exec(a php script) to preg_match it LOL

It would be in your 'services' log. If on Windows, that's in the Services tab along with Web and FTP in
the Synchronet Control Panel (no idear what's what if you're running it headless / as NT services). On
Linux, it'd presumably go to syslog with everything else.

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Host Name/IP Address
By: Mortifis to All on Sat Aug 10 2019 12:51:31

So, I was looking at my user list and noticed that there are a lot of

Computer (Host Name) entries that match my computers host name as well as a lot
of entries that have 127.0.0.1 as the ip address and was wondering how

does that occur? I assume 127.0.0.1 is my internal ip address for loopback

(localhost) so how does an external connection end up as 127.0.0.1 in the user list?

one way is if the client has control over their DNS... they can return any IP address they want to a doman name lookup... some spammers/hackers return 127.0.0.1...

i first saw this when i was running Apache web server... i wasn't logging the IP numbers... only the domain names... when i ran a script that did reverse lookups, it ran into these and kept telling me it was my system... that's when i switched to logging IPs instead of domain names... then it was very easy to see what they were doing...

not sure if this is what you are describing or not but it is the closest thing i can think of that may explain it...


)\/(ark

---
þ Synchronet þ The SouthEast Star Mail HUB - SESTAR
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Host Name/IP Address
By: Mortifis to echicken on Sat Aug 10 2019 15:31:52

I cannot find a WS log in data/logs and I combed through a bunch of logs but cannot find any mention of fTelnet. Could you point to where the WS log entry may be? Even if I found the entry my JS skills are limited so I'd have to exec(a php script) to preg_match it LOL

It would be in your 'services' log. If on Windows, that's in the Services tab along with Web and FTP in
the Synchronet Control Panel (no idear what's what if you're running it headless / as NT services).

Oh, okay, thought WS might log to a file, the Services Tab doesn't seem to log to a file anywhere that a script might read from at leisure

My doctor said I have the body of a 25 year old ... and the mind of a 10 :-/

---
þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

one way is if the client has control over their DNS... they can return any IP address they want to a doman name lookup... some spammers/hackers return 127.0.0.1...

i first saw this when i was running Apache web server... i wasn't logging the IP numbers... only the domain names... when i ran a script that did reverse lookups, it ran into these and kept telling me it was my system... that's when i switched to logging IPs instead of domain names... then it was very easy to see what they were doing...

not sure if this is what you are describing or not but it is the closest thing i can think of that may explain it...

No, not exactly what I was describing. EC pointed out how the socket calls work; just gonna write a pre/post connect script for the web ui to trap the original IP in a file for use in a utility I have.

Thanks, brah


My doctor said I have the body of a 25 year old ... and the mind of a 10 :-/

---
þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)