Announcement

Collapse
No announcement yet.

IP Hack Blocking?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • IP Hack Blocking?

    Updater says my help file is current, but I can't find any reference to the "Enable IP Hack Blocking" and "Invalid access 'hits' before lock imposed" settings on the SetupWeb Server page (v2.0.5.1). A google search for "IP Hack Blocking" also draws a blank...

    I'm working on a Windows Phone 7 app to control my home. Problem is that my remote IP is getting blocked for no apparent reason:

    Code:
    2/3/2011 8:30:57 AM  Web Server      Web Server authorized login successful from: 123.456.7.89 User: jim 
    2/3/2011 8:31:16 AM  Device Control  Command sent to Jim Office W Light: M11 on Dimval: 0 Data: 0 
    2/3/2011 8:31:22 AM  Web Server      Web Server authorized login successful from: 192.168.1.2 User: jim 
    2/3/2011 8:31:34 AM  Web Server      Web Server authorized login successful from: 123.456.7.89 User: jim 
    2/3/2011 8:31:34 AM  Device Control  Command sent to Jim Office W Light: M11 on Dimval: 0 Data: 0 
    2/3/2011 8:31:40 AM  Web Server      Web Server authorized login successful from: 192.168.1.2 User: jim 
    2/3/2011 8:31:45 AM  Web Server      Web Server authorized login successful from: 123.456.7.89 User: jim 
    2/3/2011 8:31:45 AM  Device Control  Command sent to Jim Office W Light: M11 on Dimval: 0 Data: 0 
    2/3/2011 8:31:48 AM  Web Server      Web Server authorized login successful from: 192.168.1.2 User: jim 
    2/3/2011 8:32:18 AM  Web Server      Web Server authorized login successful from: 123.456.7.89 User: jim 
    2/3/2011 8:32:18 AM  Device Control  Command sent to Jim Office W Light: M11 on Dimval: 0 Data: 0 
    2/3/2011 8:32:22 AM  Web Server      Web Server authorized login successful from: 192.168.1.2 User: jim 
    2/3/2011 8:32:28 AM  Web Server      Web Server authorized login successful from: 123.456.7.89 User: jim 
    2/3/2011 8:32:28 AM  Device Control  Command sent to Jim Office W Light: M11 on Dimval: 0 Data: 0 
    2/3/2011 8:32:28 AM  Device Control  Command sent to Jim Office W Light: M11 on Dimval: 0 Data: 0 
    2/3/2011 8:32:28 AM  Web Server      IP Address 123.456.7.89 has been blocked from further access to the system.


    Thanks,

    -jim.

  • #2
    The settings are on the Web Server tab. Setup > WebServer tab
    -Rupp
    sigpic

    Comment


    • #3
      Right. But where is the explanation of these settings?

      Comment


      • #4
        I'm not sure these need any more explanition that is provided on the page.
        - Enable turns it on
        - Time to block is how much time to block
        - etc
        -Rupp
        sigpic

        Comment


        • #5
          But what do they block? Under what circumstances? Is IP hack blocking responsible for this line in my log?

          Code:
          2/3/2011 8:32:28 AM  Web Server      IP Address 123.456.7.89 has been blocked from further access to the system.
          If so, why does it block it? There are no log entries preceding it indicating any unauthorized login attempts from that IP address (see fuller log excerpt in post above).

          These settings look like they're obvious, but something unobvious is going on, so the first step to understanding that would seem to be understanding how IP hack blocking works...

          Thanks!

          Comment


          • #6
            By design it is supposed to block an IP when a certain amount of bad logon/password combos are submitted.


            ~Bill

            Comment


            • #7
              Shouldn't those bad logon/password combos be recorded in the log? I'm trying to work out why HS is blocking an IP address, when no unauthorized login attempts have first been recorded in the log. On the contrary, the log shows successful, authorized logins from the IP in question, before it's blocked without explanation...

              The log excerpt is above, and I'm trying to work out what's going on. I find it particualrly frustrating that this feature seems to be totally undocumented, not just in HomeSeer, but in the entire googlesphere.

              Comment


              • #8
                It is poorly documented because it is another case of us adding a feature quickly to answer calls from our users to do something about the hackers from China trying to gain access to computers so they can surf the Internet. We have not even decided if we are going to keep the feature since a lot of people just disable it.

                It works by tracking how often an IP address hits the server and gains access without authentication.

                It can be flawed because when your browser is retrieving certain types of files, it does so without authentication being required, and so those get chalked up to a hit of an unauthenticated access. However, this flaw is why the parameters can be configured.

                When you first access a web page, the browser is retrieving graphic files and other objects before or while it is doing the authentication. The page won't render without authentication, but these objects increase the hit count before the authentication is done. When the authentication is done, your browser remembers your credentials until you close the browser, and so you do not get prompted again. However, one web page with only a few objects on it can actually cause 20 or more "GET" requests to the server because of all of the discrete objects on the page. People do not realize it, but your browser is sending authentication data MANY times for a single web page.

                If we changed the logging to log each object rather than on the main page itself, then your log file would fill your hard drive in a VERY short time, and then we'd be getting calls from users telling us to stop filling their log files with useless junk.

                Hope that helps - if it is failing on an authenticated access, then there are probably a lot of objects on the page being retrieved - try increasing the threshold levels and it should help.
                Regards,

                Rick Tinker (a.k.a. "Tink")

                Comment


                • #9
                  Thanks Tink, that's a big help. I'll experiment with the number of invalid access hits parameter to see what works. My app needs to be reliable, but I'd still like some extra protection.

                  In fact, I too ended up turning it off - and lo and behold, there was the documentation! If you turn this feature off (it's on by default), then hit Save, the following explanation is seen on the Web Server Setup screen:

                  Code:
                  HomeSeer's Hack-Block protection tracks how often an object 
                  (web page, graphic, etc.) is requested of the web server from an IP 
                  address that has not successfully authorized access to the system. If 
                  enabled, and the number of unauthorized object requests ('hits') that are 
                  received within the specified interval exceed the threshold specified, then 
                  that IP address is blocked from communicating with the web server for the 
                  block time specified.
                   
                      *Note: Some browsers, especially on PDAs and SmartPhones, do not 
                  cache (store) the security credentials that you provide to access the 
                  system beyond the initial web page, so subsequent web page requests 
                  (especially pages containing many graphic objects) can trigger a block 
                  very quickly. If access to your system from a remote location stops 
                  suddenly, check your HomeSeer log when you get back home at the 
                  timeframe you accessed the system and look for a block notification and if 
                  there is one, adjust the settings for blocking, or check the settings in your 
                  remote browser to see if security credentials can be cached/stored.
                  I never thought to turn a feature off to find documentation, but there it is.

                  Thanks again,

                  -jim.

                  Comment

                  Working...
                  X