... de asta am zis sa separi configul in doua, i-ti dai seama mai usor in care parte sint problemele.
Printable View
... de asta am zis sa separi configul in doua, i-ti dai seama mai usor in care parte sint problemele.
...Quote:
Originally Posted by kosar [Only registered and activated users can see links. Click Here To Register...]
a fost spart mai demult serverul unui user de-al meu si ia fost publicata linia de la mine pe net...... dar am schinbat repede parola si i-am legat repede linia f de host....
acum nu sunt probleme de genu acesta, le vedeam in debug mod.... ei incearca sa se conecteze dupa ip-urile lor in mod normal dar in aceiasi secunda le da kick,,, nici macar nu au timp sa apara in web info... am verificat dupa ip-uri suspecte care incearca sa se conecteze si nimik.... totul e ok....
---------- Post added at 20:50 ---------- Previous post was at 20:47 ----------
am separat...... nimik.... aceiasi useri sunt kick-uiti.... am blocat toate liniile f care sunt fara probleme si raman cu clienti zero.... cei 12-13 ii respinge instantaneuQuote:
Originally Posted by kosar [Only registered and activated users can see links. Click Here To Register...]
---------- Post added at 20:57 ---------- Previous post was at 20:50 ----------
un nou log
CCcam: login from 92.81.xxx
CCcam: user xxx login attempt from 92.81.
CCcam: client xxx@c37b2271fdcd3f79, running CCcam 2.1.3
CCcam: kick 92.81.xxx, bad command
asta imi arata in debug mode cccam 2.1.3
Ceva problema asemanatoare am si eu, inca nu mi-am dat seama de la ce o fi, am mutat server de pe un receptor pe altul,am incercat sa sterg din linii,am schimbat routerul, am scris la no-ip, deocamdata fara rezultate.
o sa incerc zilele urmatoare la vreun prieten care are net din alta parte
Probabil de la router? Incearca si cu alt router.
nu e din router.... am legat calcu si recu direct la conducta de net si aceeiasi problema
Ai incercat si cu alta versiune de CCcam?
da 2.0.11 , 2.1.1 si 2.1.3 aceiasi trreabaQuote:
Originally Posted by mondo [Only registered and activated users can see links. Click Here To Register...]
---------- Post added at 21:26 ---------- Previous post was at 21:20 ----------
acum m-am jucat un pic cu nmap si se pare ca providerul meu a schimbat conducta de net de la teletrans la un anumit itelecom de prin bucuresti...... cred ca 99 % aici e problema
da restart , am avut si eu aceasta problema , dupa un restart de ccam sau dupa cemodifici ceva in cccam, apar probleme. un restart la reciver a rezolvat problema
daca ai timp studiaza si astea :
" Most of the debug file will contain information on ECM handeling like this:
From remote server:
Jan 18 09:36:53 server2 CCcam: client demodemo ecm request for handler 0x64 0xb00(0x0) sid 0x135 ok: 1
Jan 18 09:36:54 server2 CCcam: remote ecm -> server.dyndns.org:12000 0xb00(0x000)
Jan 18 09:36:54 server2 CCcam: remote ecm <- server.dyndns.org:12000 ok
Local card:
Jan 21 17:34:01 server2 CCcam: client pedro ecm request for handler 0x64 0xb00(0x0) sid 0xdbb ok: 1
Jan 21 17:34:01 server2 CCcam: local ecm -> card /dev/ttyUSB0 0xb00(0x000) sid 0x5dd
Jan 21 17:34:01 server2 CCcam: local ecm <- card /dev/ttyUSB0 cw's from cache
EMM
EMM are the codes that keep you car alive. If you do not get this and have cards in your server, it will die after some time.
Jan 29 14:47:13 server2 CCcam: local emm -> card /dev/ttyUSB0 0xb00(0x000)
Jan 29 14:47:13 server2 CCcam: local emm <- card /dev/ttyUSB0 ok
Jan 29 14:47:13 server2 CCcam: client pedro emm 0xb00(0x0) ok: 1
Normal login
This shows a normal login from a client to your server:
Jan 17 13:34:53 server2 CCcam: login from 66.255.5.153
Jan 17 13:34:53 server2 CCcam: user pedro login attempt from 66.55.5.153
Jan 17 13:34:53 server2 CCcam: client pedro@a9d6346630a9639c, running CCcam 2.1.2
Portscan-Telnet
If some just open the CCcam port without logging in you get this info. This can come from some doung portscan, or just do a telnet yourip 12000
Jan 16 14:22:19 server2 CCcam: login from 155.10.10.132
Jan 16 14:22:25 server2 CCcam: kick 155.10.10.132, bad response
This command, do list all ip sorted and counted:
grep "bad response" | awk ' {arr[$7]++; next} END { for (i in arr) { if(arr[i]>0 ) {print i,arr[i] } } } ' | sort
Code:
84.20.182.97, 1 84.191.27.229, 3 85.16.46.59, 14
Double login
Two or more users tries to log in to your server using same username
Jan 27 0744 server2 CCcam: user bad login attempt from 85.16.213.176
Jan 27 0744 server2 CCcam: double login (bad), (previous 84.202.182.63), reject
Jan 27 0744 server2 CCcam: kick 85.16.213.176(), bad command
This command do list all double user login atempts:
cat /var/log/daemon.log | grep "double" | awk ' {arr[$8]++; next} END { for (i in arr) { if(arr[i]>0 ) {print i,arr[i] } } } ' | sort
Code:
Double nodeid
If a user has two CCcam servers running on same server. It may be possible to run separate node id, but not easy.
Jan 25 22:54:40 server2 CCcam: WARNING: double nodeid, user pedro and troja
Wrong password
Username do exits in your server but user tries wrong password
13:43:14.673 CCcam: login from 129.21.143.231
13:43:14.745 CCcam: user demo login attempt from 129.21.143.231
13:43:14.746 CCcam: wrong password supplied by 129.21.143.231
13:43:14.746 CCcam: kick 129.21.143.231, signature failed
Command to show what IP do use wrong password
cat /var/log/daemon.log | grep "wrong" | awk ' {arr[$10]++; next} END { for (i in arr) { if(arr[i]>0 ) {print i,arr[i] } } } '
Code:
194.11.10.41 2
This command do list the line above wrong password to try to list username. There may be other entries between wrong password and username.
cat /var/log/daemon.log | grep -B4 "wrong"
Code:
Jan 29 08:45:00 server2 CCcam: local ecm -> card /dev/ttyUSB0 0xb00(0x000) sid 0x1772 Jan 29 08:45:00 server2 CCcam: remote ecm -> 62.54.14.74:15000 0xb00(0x000) Jan 29 08:45:00 server2 CCcam: login from 194.110.10.41 Jan 29 08:45:00 server2 CCcam: user dm800 login attempt from 194.11.10.41 Jan 29 08:45:00 server2 CCcam: wrong password supplied by 194.11.10.41
DNS or no user
This may be the most important to look for. There are two reason to see this error.
1. User that tries to log in does not exists.
2. Most commonly: You have added IP or DNS behind your F: line to prevent user from logging in from wrong site. User have for some reason changed IP, and or have not updated DNS (dyndns) after he have got a new IP.
Jan 25 07:30:50 server2 CCcam: login from 94.211.13.180
Jan 25 07:30:50 server2 CCcam: illegal user zambibi from 94.211.13.180
Jan 25 07:30:50 server2 CCcam: kick 94.211.13.180, signature failed
This command shows what user and how many times they have tried to login in from wrong ip:
cat /var/log/daemon.log | grep illegal | awk ' {arr[$8]++; next} END { for (i in arr) { if(arr[i]>1 ) {print i,arr[i] } } } ' | sort
Code:
Other info
This command do show last 100 important events in log file.
cat /var/log/daemon.log | grep -vE '(ecm request|local ecm|remote ecm|snmpd|emm|repeated|ntpd)' | tail -n 100
This is not my work, all credit to the original author Jotne "
bafta !
CCcam: user silviu login attempt from 82.77.xxx
Mar 12 13:12:40 onell-VT8363 CCcam: client silviu@2277c18952370e73, running CCcam 2.0.11
Mar 12 13:12:44 onell-VT8363 CCcam: kick 82.77xxx(silviu), bad command.
deci se logheaza normal, are user si parola......... se conecteaza si cum se vede in 4 secunde kick........ sa mor daca inteleg unde e problema..
Ai gasit vreo solutie ? Chiar nu-mi dau seama care ar fi problema.
nu am gasit nici o solutie inca........... ufffffffff.... incep sa pierd din clienti.... chiar nu imi dau seama ce se poate intampla.
Pai cel mai simplu ar fi sa renunti la aia cu probleme. Probabil tot routerul sa fie de vina ca nu acccepta decat un numar de X conexiuni?
sunt multi clienti buni la care nu as vrea sa renunt si nu am dacat 30 de linii in cccam
---------- Post added at 22:55 ---------- Previous post was at 22:53 ----------
routeru suporta 8192 conexiuni.... abia 1% il folosescQuote:
Originally Posted by mondo [Only registered and activated users can see links. Click Here To Register...]
intradevar, problema este din cauza internetului.. am vb cu provideru de net si dupa cateva verificari mi-au confirmat ca este de la ei... conexiunile nu sunt rutate cum trebuie.... acum astept rezolvarea.......
Liniile care nu merg sunt de la acelasi provider de internet? Era bine de stiut care sunt conexiunile alea care nu sunt bine routate. Intre ce provideri de internet sau dupa ce criterii se face routarea asta la unii provideri de internet. Pentru ce platim internet? Ca sa mearga doar intre anumiti provideri?
face figuri la cateva ip-uri de romtelecom , rds vreo 2 de pe extern si mai multe dupa retele mai micute orasenesti..... acum astept si eu sa vad ce se rezolva... pt un ip din romtelecom dupa un traceroute ocoloea prin germania , normal ar trebui sa mearga pe reteaua motropolitana...... adik pt mine craiova , bucuresti prin ronix si direct romtelecom
Daca ai useri seriosi si le explici clar ce problema ai nu ar trebui sa te stearga. Pana la urma e doar un hobby. Daca sunt altfel de useri..care nu inteleg nimic din hobby-ul asta...atunci sa nu ai regrete daca iti sterg linia.Quote:
Originally Posted by onell [Only registered and activated users can see links. Click Here To Register...]
Acum vreo 2 ani m-am confruntat cu aceasi problema...kick la cate un grup de 10-15 clienti simultan....la intervale de 30-45 min. Tin minte ca doua saptamani am schimbat tot ce era legat de sharing ( pc, OS, router, chiar si adresa de DNS...)....si nimic. Totul s-a rezolvat de la sine dupa doua saptamani. Acum cateva saptamani dupa un banal restart de router, fiind nevoit sa fac asta pt ca se apropiau 30 de zile in care nu se schimbase ip si primisem deja atentionare de la dyndns, a reaparut problema. Stiind prin ce am trecut acum 2 ani nu am mai facut decat sa scot routerul de 2-3 ori din priza sa prinda alta conexiune. SI totul s-a rezolvat imediat. Deci sigur problema nu e decat din conexiune de la ISP.
Nu pot sa spun decat ca a fost foarte stresanta problema asta stiind ca am facut tot ce era posibil si nu ii dadeam de cap .....:)