Problema ar mai putea fi si de la vreun user care iti trage serios din serverul tau, dar asta ti-ai da seama usor din webif..Daca ai ceva useri suspecti, incearca sa-i restrictionezi
0 0 0 { 0:0:0 }
Succes !
Printable View
Problema ar mai putea fi si de la vreun user care iti trage serios din serverul tau, dar asta ti-ai da seama usor din webif..Daca ai ceva useri suspecti, incearca sa-i restrictionezi
0 0 0 { 0:0:0 }
Succes !
Quote:
Originally Posted by onell [Only registered and activated users can see links. Click Here To Register...]
Si eu cred ca e de la net-ul tau. Si eu am mai avut astfel de probleme, fara sa fac nimic in Cccam.cfg. Dupa un timp (minute, ore) si-a revenit de la sine.
Daca ai net si de la alt provider, sau ai pe cineva cu net incearca si vezi cum se comporta.
exact asa s-a intamplat... fara nici o modificare in ultima luna la cfg .... eu monitorizez useri cel putin zilnic la ecm-uri trase
Desperecheaza liniile F de host-uri si vezi daca la perechi apar in violet cei care se deconecteaza de la server.
Poate sint peeri cu linii furate si ai linii publicate pe undeva. Te poate ajuta google sa vezi daca host-ul tau apare pe undeva.
sunt toate liniile on fara probleme....... si am lasat linile F fara restrictii legate de dnsQuote:
Originally Posted by lao [Only registered and activated users can see links. Click Here To Register...]
... de asta am zis sa separi configul in doua, i-ti dai seama mai usor in care parte sint problemele.
...Quote:
Originally Posted by kosar [Only registered and activated users can see links. Click Here To Register...]
a fost spart mai demult serverul unui user de-al meu si ia fost publicata linia de la mine pe net...... dar am schinbat repede parola si i-am legat repede linia f de host....
acum nu sunt probleme de genu acesta, le vedeam in debug mod.... ei incearca sa se conecteze dupa ip-urile lor in mod normal dar in aceiasi secunda le da kick,,, nici macar nu au timp sa apara in web info... am verificat dupa ip-uri suspecte care incearca sa se conecteze si nimik.... totul e ok....
---------- Post added at 20:50 ---------- Previous post was at 20:47 ----------
am separat...... nimik.... aceiasi useri sunt kick-uiti.... am blocat toate liniile f care sunt fara probleme si raman cu clienti zero.... cei 12-13 ii respinge instantaneuQuote:
Originally Posted by kosar [Only registered and activated users can see links. Click Here To Register...]
---------- Post added at 20:57 ---------- Previous post was at 20:50 ----------
un nou log
CCcam: login from 92.81.xxx
CCcam: user xxx login attempt from 92.81.
CCcam: client xxx@c37b2271fdcd3f79, running CCcam 2.1.3
CCcam: kick 92.81.xxx, bad command
asta imi arata in debug mode cccam 2.1.3
Ceva problema asemanatoare am si eu, inca nu mi-am dat seama de la ce o fi, am mutat server de pe un receptor pe altul,am incercat sa sterg din linii,am schimbat routerul, am scris la no-ip, deocamdata fara rezultate.
o sa incerc zilele urmatoare la vreun prieten care are net din alta parte
Probabil de la router? Incearca si cu alt router.
nu e din router.... am legat calcu si recu direct la conducta de net si aceeiasi problema
Ai incercat si cu alta versiune de CCcam?
da 2.0.11 , 2.1.1 si 2.1.3 aceiasi trreabaQuote:
Originally Posted by mondo [Only registered and activated users can see links. Click Here To Register...]
---------- Post added at 21:26 ---------- Previous post was at 21:20 ----------
acum m-am jucat un pic cu nmap si se pare ca providerul meu a schimbat conducta de net de la teletrans la un anumit itelecom de prin bucuresti...... cred ca 99 % aici e problema
da restart , am avut si eu aceasta problema , dupa un restart de ccam sau dupa cemodifici ceva in cccam, apar probleme. un restart la reciver a rezolvat problema
daca ai timp studiaza si astea :
" Most of the debug file will contain information on ECM handeling like this:
From remote server:
Jan 18 09:36:53 server2 CCcam: client demodemo ecm request for handler 0x64 0xb00(0x0) sid 0x135 ok: 1
Jan 18 09:36:54 server2 CCcam: remote ecm -> server.dyndns.org:12000 0xb00(0x000)
Jan 18 09:36:54 server2 CCcam: remote ecm <- server.dyndns.org:12000 ok
Local card:
Jan 21 17:34:01 server2 CCcam: client pedro ecm request for handler 0x64 0xb00(0x0) sid 0xdbb ok: 1
Jan 21 17:34:01 server2 CCcam: local ecm -> card /dev/ttyUSB0 0xb00(0x000) sid 0x5dd
Jan 21 17:34:01 server2 CCcam: local ecm <- card /dev/ttyUSB0 cw's from cache
EMM
EMM are the codes that keep you car alive. If you do not get this and have cards in your server, it will die after some time.
Jan 29 14:47:13 server2 CCcam: local emm -> card /dev/ttyUSB0 0xb00(0x000)
Jan 29 14:47:13 server2 CCcam: local emm <- card /dev/ttyUSB0 ok
Jan 29 14:47:13 server2 CCcam: client pedro emm 0xb00(0x0) ok: 1
Normal login
This shows a normal login from a client to your server:
Jan 17 13:34:53 server2 CCcam: login from 66.255.5.153
Jan 17 13:34:53 server2 CCcam: user pedro login attempt from 66.55.5.153
Jan 17 13:34:53 server2 CCcam: client pedro@a9d6346630a9639c, running CCcam 2.1.2
Portscan-Telnet
If some just open the CCcam port without logging in you get this info. This can come from some doung portscan, or just do a telnet yourip 12000
Jan 16 14:22:19 server2 CCcam: login from 155.10.10.132
Jan 16 14:22:25 server2 CCcam: kick 155.10.10.132, bad response
This command, do list all ip sorted and counted:
grep "bad response" | awk ' {arr[$7]++; next} END { for (i in arr) { if(arr[i]>0 ) {print i,arr[i] } } } ' | sort
Code:
84.20.182.97, 1 84.191.27.229, 3 85.16.46.59, 14
Double login
Two or more users tries to log in to your server using same username
Jan 27 0744 server2 CCcam: user bad login attempt from 85.16.213.176
Jan 27 0744 server2 CCcam: double login (bad), (previous 84.202.182.63), reject
Jan 27 0744 server2 CCcam: kick 85.16.213.176(), bad command
This command do list all double user login atempts:
cat /var/log/daemon.log | grep "double" | awk ' {arr[$8]++; next} END { for (i in arr) { if(arr[i]>0 ) {print i,arr[i] } } } ' | sort
Code:
Double nodeid
If a user has two CCcam servers running on same server. It may be possible to run separate node id, but not easy.
Jan 25 22:54:40 server2 CCcam: WARNING: double nodeid, user pedro and troja
Wrong password
Username do exits in your server but user tries wrong password
13:43:14.673 CCcam: login from 129.21.143.231
13:43:14.745 CCcam: user demo login attempt from 129.21.143.231
13:43:14.746 CCcam: wrong password supplied by 129.21.143.231
13:43:14.746 CCcam: kick 129.21.143.231, signature failed
Command to show what IP do use wrong password
cat /var/log/daemon.log | grep "wrong" | awk ' {arr[$10]++; next} END { for (i in arr) { if(arr[i]>0 ) {print i,arr[i] } } } '
Code:
194.11.10.41 2
This command do list the line above wrong password to try to list username. There may be other entries between wrong password and username.
cat /var/log/daemon.log | grep -B4 "wrong"
Code:
Jan 29 08:45:00 server2 CCcam: local ecm -> card /dev/ttyUSB0 0xb00(0x000) sid 0x1772 Jan 29 08:45:00 server2 CCcam: remote ecm -> 62.54.14.74:15000 0xb00(0x000) Jan 29 08:45:00 server2 CCcam: login from 194.110.10.41 Jan 29 08:45:00 server2 CCcam: user dm800 login attempt from 194.11.10.41 Jan 29 08:45:00 server2 CCcam: wrong password supplied by 194.11.10.41
DNS or no user
This may be the most important to look for. There are two reason to see this error.
1. User that tries to log in does not exists.
2. Most commonly: You have added IP or DNS behind your F: line to prevent user from logging in from wrong site. User have for some reason changed IP, and or have not updated DNS (dyndns) after he have got a new IP.
Jan 25 07:30:50 server2 CCcam: login from 94.211.13.180
Jan 25 07:30:50 server2 CCcam: illegal user zambibi from 94.211.13.180
Jan 25 07:30:50 server2 CCcam: kick 94.211.13.180, signature failed
This command shows what user and how many times they have tried to login in from wrong ip:
cat /var/log/daemon.log | grep illegal | awk ' {arr[$8]++; next} END { for (i in arr) { if(arr[i]>1 ) {print i,arr[i] } } } ' | sort
Code:
Other info
This command do show last 100 important events in log file.
cat /var/log/daemon.log | grep -vE '(ecm request|local ecm|remote ecm|snmpd|emm|repeated|ntpd)' | tail -n 100
This is not my work, all credit to the original author Jotne "
bafta !