dcrdev 251 Posted December 31, 2017 Share Posted December 31, 2017 Yea, my domain is , most attempts to find out my real server IP won't go well for you. I mean, there are ways, but when I moved my server to my new data center I've been using cloudflare so it would be very difficult for most. cloudflare.com its a CDN, sort of, its actually an nginx reverse proxy that they have built especially for their network, it puts your server behind their RP which means all requests go through them. So an nslookup, won't give you my wan address, it will give you the wan address of the cloudflare server closest to your location. Which are here: https://www.cloudflare.com/network/ Also the reason all of these settings work for me, is because I have no "local" access. EVERY client accessing my server is via the WAN because my server is not at my house. Without going into too much detail, what are the ways you envision people being able to determine your real ip address? I'm also using CloudFlare and bar simply guessing, I can't imagine a scenario where someone would be able to do so. I mean provided you don't have any dns entries that point outside of cf, shouldn't be possible - right? Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted December 31, 2017 Share Posted December 31, 2017 (edited) Without going into too much detail, what are the ways you envision people being able to determine your real ip address? I'm also using CloudFlare and bar simply guessing, I can't imagine a scenario where someone would be able to do so. I mean provided you don't have any dns entries that point outside of cf, shouldn't be possible - right? You can PM me your emby address and I can tell you your real IP, most likely. I have sealed up the majority of methods on my own server... Outside of the methods I have control over, if your server was ever not running through cloudflare you can get a history of dns entries for your domain name. Yours is dynamic but it can still reveal the owners location, ISP, etc... Like if you look my domain up on DNSTRAILS.com you will see ALL of my old home IP's (back to 2008) when I used to host my server at home, but because my server has been behind cloudflare ever since i moved, at the same time i moved my server to a datacenter, you don't see that datacenter ip in the list, you only see cloudflare. If I ever disable cloudflare when these dns cache sites happen to scan my site, it would log my real ip. Edited December 31, 2017 by pir8radio 1 Link to comment Share on other sites More sharing options...
dcrdev 251 Posted December 31, 2017 Share Posted December 31, 2017 You can PM me your emby address and I can tell you your real IP, most likely. I have sealed up the majority of methods on my own server... Outside of the methods I have control over, if your server was ever not running through cloudflare you can get a history of dns entries for your domain name. Yours is dynamic but it can still reveal the owners location, ISP, etc... Like if you look my domain up on DNSTRAILS.com you will see ALL of my old home IP's (back to 2008) when I used to host my server at home, but because my server has been behind cloudflare ever since i moved, at the same time i moved my server to a datacenter, you don't see that datacenter ip in the list, you only see cloudflare. If I ever disable cloudflare when these dns cache sites happen to scan my site, it would log my real ip. Ah right I see - yes that would be a way. Not so much for me as I don't have the same ip address that I had pre-cf. Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted December 31, 2017 Share Posted December 31, 2017 Ah right I see - yes that would be a way. Not so much for me as I don't have the same ip address that I had pre-cf. There are a few others, but you have control of them. MX records (if you host your own email server), cloudflare dns entries that are not "orange clouded" google sometimes finds them or DNS AXFR issues could expose them but thats rare that someone misconfigured DNS that badly as well as guessing as you said, emby could possibly give it away.... PHP Info or similar server management tools if you use them, If your server sends emails of any kind, to name a few. It's fun to find and plug holes.. 1 Link to comment Share on other sites More sharing options...
dcrdev 251 Posted December 31, 2017 Share Posted December 31, 2017 There are a few others, but you have control of them. MX records (if you host your own email server), cloudflare dns entries that are not "orange clouded" google sometimes finds them or DNS AXFR issues could expose them but thats rare that someone misconfigured DNS that badly as well as guessing as you said, emby could possibly give it away.... PHP Info or similar server management tools if you use them, If your server sends emails of any kind, to name a few. It's fun to find and plug holes.. I'll have to look into what php gives away - good tip! But mail is handled by Google Apps - mx entries point to Google's servers and mail coming directly from my server has Google configured as an smtp relay within postfix. Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted December 31, 2017 Share Posted December 31, 2017 I'll have to look into what php gives away - good tip! But mail is handled by Google Apps - mx entries point to Google's servers and mail coming directly from my server has Google configured as an smtp relay within postfix. lol the list literally goes on.. https://pentest-tools.com/information-gathering/find-subdomains-of-domain is a good tool for finding subdomains that may have leaked to search engines, Like ones not protected by cloudflare. Good luck sir! Link to comment Share on other sites More sharing options...
Guest asrequested Posted December 31, 2017 Share Posted December 31, 2017 You guys scare me I'm just gonna make it that I don't care if I'm hacked. Come at me......bro? Link to comment Share on other sites More sharing options...
xyz 3 Posted December 31, 2017 Share Posted December 31, 2017 (edited) lol the list literally goes on.. https://pentest-tools.com/information-gathering/find-subdomains-of-domain is a good tool for finding subdomains that may have leaked to search engines, Like ones not protected by cloudflare. Good luck sir! So many things can give you away, including using a subject for the ssl cert on your backend that matches one of your front-end dns names. If the IP gets scanned and that cert gets indexed, now you can associate the cloudflare protected dns records with a backend server. Edited December 31, 2017 by xyz 1 Link to comment Share on other sites More sharing options...
Guest asrequested Posted January 2, 2018 Share Posted January 2, 2018 What do you guys use to remove your IP from logs? 1 Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted January 2, 2018 Author Share Posted January 2, 2018 What do you guys use to remove your IP from logs? Notepad++ and "replace all" or the sed command if I'm on a linux box. 2 Link to comment Share on other sites More sharing options...
Guest asrequested Posted January 2, 2018 Share Posted January 2, 2018 Groovy. I'll check it out. Thanks 1 Link to comment Share on other sites More sharing options...
CBers 6771 Posted January 2, 2018 Share Posted January 2, 2018 What do you guys use to remove your IP from logs? Notepad++ and "replace all" Same here. I remove all IP addresses, email address (used by the Notifications plugin) and anything else that might identify me or my server. Link to comment Share on other sites More sharing options...
Abobader 2947 Posted January 2, 2018 Share Posted January 2, 2018 Good day, No need for that anymore, only admin, mod, dev can now look to your logs. My best Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted January 2, 2018 Author Share Posted January 2, 2018 Good day, No need for that anymore, only admin, mod, dev can now look to your logs. My best -1 for this idea. 1 Link to comment Share on other sites More sharing options...
Vicpa 559 Posted January 2, 2018 Share Posted January 2, 2018 Good day, No need for that anymore, only admin, mod, dev can now look to your logs. My best Hi Abo !! This is a really good idea! and a great short term "fix". I think the real problem is that the logs by default contain way to much personal/sensitive information. There is little or no granularity to what is logged as "info".... @@Luke I have requested before. a lot of the things logged as info should really be "trace" not even debug. A revisit to what is logged and at what default level would go a long way and be a worthwhile use of resources. My two cents as always.. Thanks again Abo!! -vicpa 1 Link to comment Share on other sites More sharing options...
Abobader 2947 Posted January 2, 2018 Share Posted January 2, 2018 Hi Abo !! This is a really good idea! and a great short term "fix". I think the real problem is that the logs by default contain way to much personal/sensitive information. There is little or no granularity to what is logged as "info".... @@Luke I have requested before. a lot of the things logged as info should really be "trace" not even debug. A revisit to what is logged and at what default level would go a long way and be a worthwhile use of resources. My two cents as always.. Thanks again Abo!! -vicpa Many thanks buddy, well done. -1 for this idea. -1 for this idea. Why not? This will help many user. Whom do not mind everyone read his log, simply they do not add it as attachment, simply post as "code". Link to comment Share on other sites More sharing options...
Jdiesel 1114 Posted January 2, 2018 Share Posted January 2, 2018 I have to agree, this will pretty much eliminate all community support from other Emby users. Log files are much to large to post in the thread body. If a user doesn't want to post their log publicly they can send it to Luke and EBR in a PM. Link to comment Share on other sites More sharing options...
Abobader 2947 Posted January 2, 2018 Share Posted January 2, 2018 I have to agree, this will pretty much eliminate all community support from other Emby users. Log files are much to large to post in the thread body. If a user doesn't want to post their log publicly they can send it to Luke and EBR in a PM. Good day, We doing this now till Luke & Ebr find a way for the log file regarding user info that not need it to be within the info for public posting. Also other dev's requested this action until thing sorted the right way. So til then, no more viewing of the attachment other that the admin/dev. Thanks for your understanding. My best Link to comment Share on other sites More sharing options...
Tur0k 143 Posted January 2, 2018 Share Posted January 2, 2018 I won't lie, I am always leery of of ever posting my logs to a forum. Personally, I would be more comfortable PMing them. Currently, I use notepad++. I have a macro I use to scrub my domain names, email addresses, and usernames. Then I scrub WAN IP addresses separately as I am on a DHCP WAN IP address and this could change. It might be useful to add a scrubbing functionality into Emby. A button that says "de-identify", that would scrub the above data types automatically and provide the log for downloading from the web interface. This would allow users to prep a log to post to the forum when they need help, alleviate some of the administrative tasks on forum admins, and keep novice users safer. Sent from my iPhone using Tapatalk Link to comment Share on other sites More sharing options...
Guest asrequested Posted January 2, 2018 Share Posted January 2, 2018 Here's a question. Does having all of that information in the logs have any benefit to troubleshooting? Is there a reason that they are in the logs in the first place, or is it just a by product? Link to comment Share on other sites More sharing options...
Angelblue05 4130 Posted January 2, 2018 Share Posted January 2, 2018 (edited) Look, you can hate it or love it. Not everyone is being careful when posting logs on the forums. Not everyone replaces information in their logs. What Abo did is flexible enough to still have other users help. You can copy relevant parts of the log as code in the post. And nothing is set in stone, of course. I think for the moment it is the best approach without restricting community help too much. And you guys realize how many apps there is right? It's going to take a little bit to fix logs, it's not necessarily that devs are dumb for logging the info in the first place, that info is intertwined with other regular data sometimes. Just a quick example, if you use http playback with Emby for Kodi, it appends the apikey at the end of your local/remote address. The Kodi player prints the url to log, it is outside the add-on's control, I can't mask that and if the user forgets, is it my problem to delete his logs? Sent from my iPhone using Tapatalk Edited January 2, 2018 by Angelblue05 1 Link to comment Share on other sites More sharing options...
dcrdev 251 Posted January 2, 2018 Share Posted January 2, 2018 (edited) My concern with providing my logs, is not so much them containing my domain name, but the fact that I have personal media/photos described by filename in them - that I don't necessarily want to share (with anyone) . It's always a massive pain in the backside posting logs, because I like the rest of you have to do a series of find/replace in a text editor. I've been thinking recently how great it would be if I could build a shell script with sed and feed it a list of typical regex patterns to strip the log on the fly. The prospect of writing the script though seems quite tedious and haven't gotten around to it. Look, you can hate it or love it. Not everyone is being careful when posting logs. Not everyone replaces information in their logs. What Abo did is flexible enough to still have other users help. You can copy relevant parts of the log as code in the post. And nothing is set in stone, of course. I think for the moment it is the best approach without restricting community help too much. And you guys realize how many apps there is right? It's going to take a little bit to fix logs, it's not necessarily that devs are dumb for logging the info in the first place, that info is intertwined with other regular data sometimes. Just a quick example, if you use http playback with Emby for Kodi, it appends the apikey at the end of your local/remote address. The Kodi player prints the url to log, it is outside the add-on's control, I can't mask that and if the user forgets, is it my problem to delete his logs? Sent from my iPhone using Tapatalk Well you can't just post part of the log because Luke always says "can you post the full log" :sigh: Edited January 2, 2018 by dcrdev Link to comment Share on other sites More sharing options...
Angelblue05 4130 Posted January 2, 2018 Share Posted January 2, 2018 @@dcrdev Well I was saying that mostly for community help devs always usually request the full log, hence logs can only be downloaded by devs, admins, mods. Sent from my iPhone using Tapatalk Link to comment Share on other sites More sharing options...
dcrdev 251 Posted January 2, 2018 Share Posted January 2, 2018 @@dcrdev Well I was saying that mostly for community help devs always usually request the full log, hence logs can only be downloaded by devs, admins, mods. Sent from my iPhone using Tapatalk Oh I see - sorry I misread the above post; I thought he was saying that logs could only be downloaded from Emby by an admin. Now I see you mean on the forums themselves - in which case I approve; that's a great idea! 2 Link to comment Share on other sites More sharing options...
Angelblue05 4130 Posted January 2, 2018 Share Posted January 2, 2018 Now I see you mean on the forums themselves - in which case I approve; that's a great idea! Yes, this is correct. Thank you Sent from my iPhone using Tapatalk Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now