| Author |
Message |
kenwood
Worker
Joined: May 18, 2005
Posts: 119
Location: SVCDPlaza
|
 Posted:
Tue Jun 06, 2006 2:39 pm |
|
I am using RavenNuke76(tm) Version 2.02.02 and sins i update sentinel to 2.4.2pl6 i get strange Tracked IP's like
USS Enterprise/ and HTTP/1.1 (Veloc
The HTTP/1.1 (Veloc are from users of aol.com the USS Enterprise/ i don't no.
The problem is there with 2.4.2pl6 and 2.4.2pl7 .
All users from aol.com give me the same problem.
I am now gone test 2.4.2pl8 and look if i get the same problem. |
| |
|
 
|
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6437
|
| Posted:
Tue Jun 06, 2006 2:45 pm |
|
Is that the IP or the user agent? |
_________________
I search, therefore I exist...
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
kenwood
|
| Posted:
Tue Jun 06, 2006 2:48 pm |
|
It is the ip address on the ABTracked page and with 2.4.2pl8 a new one came 1.0 proxy4.tkda and 1.0 w3cacheB.do and 1.1 SERVER |
| |
|
|
|
|
kguske
|
| Posted:
Tue Jun 06, 2006 3:02 pm |
|
That is strange. Is it like that for every IP? |
| |
|
|
|
|
kenwood
|
| Posted:
Tue Jun 06, 2006 3:06 pm |
|
No the most ip's are normal but some visiters that come by a proxy sentinel gives the proxy name in the ip field. |
| |
|
|
|
|
kguske
|
| Posted:
Tue Jun 06, 2006 3:33 pm |
|
Ah. It could be possible that these users are spoofing their proxy, but I'll point this out to the Sentinel developers so they are aware of it. |
| |
|
|
|
|
kenwood
|
| Posted:
Fri Jun 09, 2006 4:26 am |
|
With 2.4.2pl9 the problem is stil there . |
| |
|
|
|
|
kguske
|
| Posted:
Fri Jun 09, 2006 5:44 am |
|
I wish I could tell you this was high on the priority list. |
| |
|
|
|
|
kenwood
|
| Posted:
Sat Jun 10, 2006 4:40 am |
|
I did some research and came with the next conclusion
HTTP/1.1 (Veloc = 205.188.117.8 - - [10/Jun/2006:04:28:17 +0200] "GET /modules.php?name=Advertising HTTP/1.1" 200 3960 "-" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322)"
1.1 router:800 = 193.77.9.140 - - [09/Jun/2006:21:56:57 +0200] "GET /modules/Your_Account/images/info.png HTTP/1.0" 200 3070 "http://xxx.com/modules.php?name=Your_Account&op=userinfo&bypass=1&username=podgozdnik" "Mozilla/5.0 (Windows; U; Windows NT 5.1; sl-SI; rv:1.7.12) Gecko/20050919 Firefox/1.0.7"
1.1 beton.met. = 217.153.166.20 - - [10/Jun/2006:10:25:51 +0200] "GET /modules.php?name=Your_Account&op=userinfo&bypass=1&username=Bols HTTP/1.0" 200 4404 "http://xxx.com/modules.php?name=Your_Account" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
1.0 MARTE = 200.91.235.115 - - [10/Jun/2006:00:33:53 +0200] "GET /modules.php?name=Your_Account&op=userinfo&bypass=1&username=RiPeMach HTTP/1.1" 200 20765 "http://xxx.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
I can go on like this but the main thing is that my accesslog gifs me a ip addres and sentinel not |
| |
|
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
| Posted:
Sat Jun 10, 2006 5:33 am |
|
My understanding of this is that the server will report the IP address that it see's in the data packet, which can be spoofed - in other words, what the server reports may not be what the true IP address is.
Sentinel will, if possible try to determine the true IP and if it cannot, then the useragent so you can at least block by the useragent which will be accurate data rather than trying to block an IP who's accuracy might be in question. |
| |
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
