Announcement

Collapse
No announcement yet.

What IP is hitting my "UnAuthorized" [sic] page?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    What IP is hitting my "UnAuthorized" [sic] page?

    When someone comes in without a valid login (guest:guest, for instance) and bounce against the page with the big red banner that says "UnAuthorized" [sic] nothing appears in my log, even if I'm logging web interface errors. Is there any way to find out what the IP address of this visitor is?

    (Why I need this: I want to add an IP to the "automatically authorized" IPs so I will be able to get to Rover using a browser that doesn't support authentication, but I don't know what the proxy server address is that it's bouncing off. Attempts to find out from the other end haven't gotten me very far.)

    Nucleus Home Automation | System Specs
    News, support, and updates for Rover, Network Monitor, TimeIcons, and more

    #2
    Hunter,

    Just bounce whatever device it is off http://wapseer.carrotpatch.net/ShowIP.asp . This page just shows the IP address that initiated the page request to it. If a proxy server's involved, it'll give you the proxy server's address. The output's HTML, so as long as the device supports HTML it'll work.

    Justin

    For PocketPC, Palm, and cell phone control:
    http://wapseer.carrotpatch.net/
    Got WAP?

    Comment


      #3
      I went to http://www.whatismyip.com/ and then tried that IP, and it worked fine. Don't know why I didn't think of that before.

      Nucleus Home Automation | System Specs
      News, support, and updates for Rover, Network Monitor, TimeIcons, and more

      Comment


        #4
        I often wondered just this, although I log every person who visits my site, that still doesn't tell me who is not logging in properly or trying to guess at the admin.

        For us slow folks, how exactly do you "BOUNCE" such data to whatever or where?

        Comment


          #5
          Just go to the http://www.whatismyip.com/ site to see what IP you're browsing from.

          This will not help you see who's failing to log into your site! It only helped me because it was me that was failing to log in, and I was unable to tell what my own IP was for reasons not worth going into, and HomeSeer wouldn't tell me either.

          Nucleus Home Automation | System Specs
          News, support, and updates for Rover, Network Monitor, TimeIcons, and more

          Comment


            #6
            Try this in a real asp page in IIS and it will reveal a ton of information about the users configurations.

            <TABLE BORDER="1">
            <TR><TD><B>Server Variable</B></TD><TD><B>Value</B></TD></TR>
            <% For Each strKey In Request.ServerVariables %>
            <TR><TD> <%= strKey %> </TD><TD> <%= Request.ServerVariables(strKey) %> </TD></TR>
            <% Next %>
            </TABLE>

            -Rupp

            If you think a 401K is the size of your mother-in-laws bra ... You might be a red neck.
            -Rupp
            sigpic

            Comment


              #7
              Doesn't Jon00 Whois.asp page do that now?
              I have it on my HS page and it logs the IP of unauthorized visitors every time.

              Dan-O
              Dan-O
              HomeSeer contributor since summer 1999, yes 1999!

              Comment


                #8
                ...you could easily log the IP and even the reverse DNS lookup thereof. But if I could get an ASP to run, I wouldn't even need to know the IP!

                When the user has no legitimate login, HomeSeer does the authorization on its own, then kicks it out to the "UnAuthorized" page all by itself, with no opportunity for any user-provided script or ASP to do anything, as far as I can tell.

                What we'd need here is either a hook (a file that gets loaded when the user is unauthorized, which includes ASP potential, rather than the internal page) or simply an option to log failed authorizations.

                But what I need, I already got, so that's a subject for someone else to worry about.

                Nucleus Home Automation | System Specs
                News, support, and updates for Rover, Network Monitor, TimeIcons, and more

                Comment


                  #9
                  Did you look over Jon's script/web page? It does exactly what you're looking for with no web user interaction other than loging in.
                  I use it, and I have every failed log in that bounced to the unauthorized page. It even loads a nice chart with daily activity when you open the asp page to check it.
                  I have it running on my sight.
                  You're welcome to check it it under the Visitor Log link. The script runs ever 15 minutes, so the entries are 15 minutes or so after the visit
                  AkersHouse.com
                  Sign my Guest book!

                  Dan-

                  [This message was edited by Dan-O on Sat, 12 July 2003 at 07:37 AM.]
                  Dan-O
                  HomeSeer contributor since summer 1999, yes 1999!

                  Comment


                    #10
                    The whole point of the original question is that the information I needed is not put into the log at all. Thus, no script that analyzes the log can find it.

                    Let me be more precise. If someone comes to your web site with a browser that tries to authenticate, but fails, HomeSeer will log something saying "Web Server login failed". That's what Jon's script counts.

                    However, if someone comes to your web site with a browser that doesn't even try to authenticate, HomeSeer will not log anything. It won't run a script, it won't update a device, it won't trigger an event, it won't load an ASP, and it won't write anything at all to the log. Absolutely nothing happens that you can detect or respond to. You could be getting a million visits from people who aren't even trying to authenticate right now and you'd never have any way to know, nor to do anything about it if you did. And Jon's script won't record or report it either. Absolutely the only response is that the user sees the UnAuthorized page, but you don't see anything.

                    All I needed was to see the IP in that case. I'm now convinced that the only way would be to use a separate program that handles the communications itself instead of relying on HomeSeer to do it, like the one that runs at http://www.whatismyip.com/ or like WAPseer.

                    Maybe it'd be nice if a future version of HomeSeer logged something when this happened. Even better, if it executed something so you could log what you want or react however you want. But for now, it can't, so I went elsewhere and found the answer. Ironically enough I've spent about 20 times as much time trying to explain the question here than it took me to find the answer, a few minutes after posting it.

                    Nucleus Home Automation | System Specs

                    [This message was edited by Hunter Green on Sat, 12 July 2003 at 01:09 PM.]
                    News, support, and updates for Rover, Network Monitor, TimeIcons, and more

                    Comment


                      #11
                      Simply use IIS and have the default.asp or default.htm redirect to you HS page. This way you can use IIS's request.servervariables to log the visit.

                      HomeSeers web server should be able to simply log all requests as well if that level of logging were activated. This is a good candidate for a help desk request.

                      -Rupp

                      If you think a 401K is the size of your mother-in-laws bra ... You might be a red neck.
                      -Rupp
                      sigpic

                      Comment


                        #12
                        I guess.
                        Hasn't this forum always been about discussion and suggestion? What's up with the black and white approach to only wanting the EXACT answer that you already knew?


                        What browsers don't support authentication? Dare I ask?

                        Dan-O
                        Dan-O
                        HomeSeer contributor since summer 1999, yes 1999!

                        Comment


                          #13
                          Calm down, Dan. I think you're overreacting.

                          Yes, the forum is about discussion. Discussions are most fruitful when they're not mired in confusion brought on by unclarity. I hadn't expressed very well what the question was, so the answers kept being not relevant to the question. I don't mind the discussion going off on a tangent. But I would like it if the original topic also gets discussed -- and more importantly, I figure people would rather understand the question than misunderstand it, so that they're answering what they think they're answering.

                          Maybe that's "black and white". If so, then I'd like to see what discussion looks like when there's no need for anyone to understand what anyone else is saying, or to make answers relevant to what the question originally was supposed to be. But at least it'd be "discussion". So feel free to answer any question you like except the one being asked, if you want to avoid all that "black and white".

                          As for the last question, I've used two browsers that don't support authentication, both of them on handheld PDAs, both of which are very useful for accessing Rover because they're small, fast, and they fit in your pocket.

                          Nucleus Home Automation | System Specs
                          News, support, and updates for Rover, Network Monitor, TimeIcons, and more

                          Comment


                            #14
                            It's more of a twice bitten once shy thing.

                            Twice this week suggestions have been offered by me only to be shot down and poo pooed. (for lack of a better term)



                            Ah yes, the question of clarity, ask the right questions, get the right answers. I'm guilty of that also.

                            Re-read your post several times after eating supper and I still read the tone I read the first time around.

                            None-the-less, I have zero experience with PDA browsers so I will step away and take my hat out that I tossed in ealier in the ring.

                            I'll go back to lurking....


                            Dan-O
                            Dan-O
                            HomeSeer contributor since summer 1999, yes 1999!

                            Comment

                            Working...
                            X