user not in passwdfile logged on anyway

Web hosting discussion, programming, and shared and dedicated servers.
5 posts Page 1 of 1
by racerlupine » Fri Jan 29, 2021 7:33 am
I have a domain hosted at Sonic. Most of my site is protected by .htaccess. Looking at my web stats I have a username, that does not appear in my passwdfile, which logged on to protected part of my site. How is that even possible?

thanks

RACER
by joemuller » Tue Feb 02, 2021 11:00 am
Hi Racer,

If you want to send me a private message with the domain name and the username in question, I can take a look at the logs on our side. That said, I did see one hit by user 'adva' (not listed in your htaccess password file) to one of your sites on January 6th, but it was granted because it was just to the main part of the site not controlled by your .htaccess.

-- Joe M
Sonic System Operations
I'm a proud employee of Sonic.net! :-)
by racerlupine » Tue Feb 02, 2021 4:11 pm
Joe,

Thanks for the reply. Yes the 'adva' user is the one in question. My logs aren't detailed enough to see which users accessed which resources.

However 'adva' must have gained access to the protected part of my site. Otherwise, why else would he need to log on in the first place? There's no need to provide a username to access the unprotected part, right? Or am I missing something?

RACER
by joemuller » Wed Feb 03, 2021 12:41 pm
Hi Racer,

There should be a rolling set of logs available to you via shell.sonic.net (I think they map into /var/log/httpd/.) that has the full details, but I'll include the one matching log line for the 'adva' user in semi-redacted form here:

Code: Select all

zgrep -w adva /var/log/httpd/s********e.org/access_log.27.gz
241-189-85-x.ip.secqin.com s********e.org adva [06/Jan/2021:15:02:25 -0800] "GET / HTTP/1.1" 200 1121 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36"
It looks like you changed some things around between 1/6 and now, but I don't have backups/snapshots going that far back to compare, so I'm not sure how they were prompted for a username/password. I tried manually specifying a username using the 'curl' command line tool yesterday, but it doesn't seem to show up in the webalizer stats...

Code: Select all

curl http://s********e.org/site/ -u foo
So whatever let them load the non-protected part of the site seems to be fixed now.

-- Joe M
Sonic System Operations
I'm a proud employee of Sonic.net! :-)
by racerlupine » Wed Feb 03, 2021 11:25 pm
Hmmm...I think I will PM you because there's something I'm not getting here. I appreciate the opportunity to track this down with your help and to learn from your experience, Joe. Thanks.

RACER
5 posts Page 1 of 1

Who is online

In total there are 26 users online :: 0 registered, 0 hidden and 26 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: No registered users and 26 guests