HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


Sessions IP address

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#49803 (In Topic #10855)
Avatar

Fan in action

I need the full address

OK, so now I went through the Setup wizard, and it's time for the really silly questions, while the site is still closed.

For a start, I went to have a look at the generated database (can't find all the answers to the Setup Wizard there, only a few); I noted the sessions table. To my (slight) surprise I found not only myself as admin there, but also "Guest" who apparently tried to login (the_zone=admin, the_page=login, the_type=login) - and (of course) this failed (the_title=An error has occurred). Unfortunately, the IP address is incompletely logged, with only 3 of the 4 IPv4 numbers - and it doesn't match my IP address. In fact, this hack attempt occured before I even logged in myself!

I know hackers are always sniffing round the edges of servers, and I'd like to know the complete IP address, not a partial one. Repeat hacking attempts occuring from the same IP address can be banned easily (and not only for a single site) - but this can be done only for a specific address, not a whole zone.

So how do I get ocP to record the complete IP address in the sessions table?

Marjolein Katsma
follow me on identi.ca
Back to the top
 
Posted
Rating:
#49806
Avatar

It'll be in the stats table.

Check it's not the address of your own server. It is possible ocPortal was checking your base URL prior to the site being opened up, which is something it does do.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#49808
Avatar

Fan in action

Chris Graham said

It'll be in the stats table.
Chris, only my own (local) IP address is in the stats table - not the failed login.

Check it's not the address of your own server. It is possible ocPortal was checking your base URL prior to the site being opened up, which is something it does do.
Aha! That could be (can't be absolutely sure since there's only the partial IP address!).

Still, the stats table is nice but I don't see how it connects a single session to a single (first access) IP address. I'm aware of round-robin IPs, but it's the first access that counts most. Apparently failed logins are only in the session table, or am I still missing something?

Is there a reason for not recording the actual IP address in the sessions table?

Marjolein Katsma
follow me on identi.ca
Back to the top
 
Posted
Rating:
#49820
Avatar

Chris, only my own (local) IP address is in the stats table - not the failed login.

Perhaps then the hit wasn't a page access, but was to some auxiliary script. Really there's nothing to worry about though, ocPortal does plenty of logging, is written to strict security standards, and also detects and bans hackers by itself. A real hack attempt would give you more to go on than one hit to an auxiliary script, and if need be you could fall back to server-level logs.

Apparently failed logins are only in the session table, or am I still missing something?

There's a table called "failedlogins" :lol:.

Is there a reason for not recording the actual IP address in the sessions table?

Yes. On some net connections the IP fluctuates quite a lot within a subnet, so ocPortal binds a session just to a subnet.
There is actually a config option that can change that, but it's not something you really want to do unless you run a site where it's better to irritate users by lost logins than have a very slightly smaller risk of a security breach (it's very slight - very unlikely a hacker is going to be on the same subnet and manage to steal a users session ID).


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#49824
Avatar

Fan in action

Chris Graham said

Chris, only my own (local) IP address is in the stats table - not the failed login.

Perhaps then the hit wasn't a page access, but was to some auxiliary script. Really there's nothing to worry about though, ocPortal does plenty of logging, is written to strict security standards, and also detects and bans hackers by itself. A real hack attempt would give you more to go on than one hit to an auxiliary script, and if need be you could fall back to server-level logs.
OK, fair enough. I haven't really looked at ocP's security features yet, but was rather alarmed to see that record in the session stable.

Apparently failed logins are only in the session table, or am I still missing something?

There's a table called "failedlogins" :lol:.
Ha! That's brilliant!

Is there a reason for not recording the actual IP address in the sessions table?

Yes. On some net connections the IP fluctuates quite a lot within a subnet, so ocPortal binds a session just to a subnet.
There is actually a config option that can change that, but it's not something you really want to do unless you run a site where it's better to irritate users by lost logins than have a very slightly smaller risk of a security breach (it's very slight - very unlikely a hacker is going to be on the same subnet and manage to steal a users session ID).
Thanks for the explanation!

And it's good to know ocPortal does pay a lot of attention to security!

Marjolein Katsma
follow me on identi.ca
Back to the top
 
There are too many online users to list.
Control functions:

Quick reply   Contract

Your name:
Your message: