zandroid 0 Posted August 7, 2020 Posted August 7, 2020 (edited) Okay, here's my issue. We just got Xfinity internet. Maybe not great, but it was definitely better than the alternative. We started with everything on default, which means the Advanced Security on the xFi app is on. My desktop PC, which is mostly just hosting Emby at the moment, keeps popping up with Unauthorized Access Attempts around the same time every night. Since Emby is pretty much the only thing running (alongside IRC), I go ahead and check the logs and, sure enough, I see the following: 2020-08-07 01:05:40.935 Info HttpServer: HTTP GET http://xx.xxx.xx.x:8096/. UserAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0 2020-08-07 01:05:40.937 Info HttpServer: HTTP Response 302 to 69.4.234.31. Time: 2ms. http://xx.xxx.xx.x:8096/ 2020-08-07 01:05:41.454 Info HttpServer: HTTP GET http://xx.xxx.xx.x:8096/web/touchicon114.png. UserAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0 2020-08-07 01:05:41.500 Info HttpServer: HTTP Response 200 to 69.4.234.31. Time: 46ms. http://xx.xxx.xx.x:8096/web/touchicon114.png 2020-08-07 01:05:41.523 Info HttpServer: HTTP GET http://xx.xxx.xx.x:8096/web/favicon.ico. UserAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0 2020-08-07 01:05:41.546 Info HttpServer: HTTP Response 200 to 69.4.234.31. Time: 23ms. http://xx.xxx.xx.x:8096/web/favicon.ico One is the WAN IP address, but the other, the 69.etc.etc. is what I'm trying to figure out. I have no idea what that address is supposed to be and I'd like some kind of idea before getting back on the phone with tech support. I did have an error checking for both the server update and the plugin update, but that was three days ago and I've rebooted the server since and it didn't come up with another notification when it finished rebooting, which I assume it would have since it updates when it reboots. Can anyone give me some help? embyserver-63732365611.txt Edited August 7, 2020 by zandroid
Sammy 790 Posted August 7, 2020 Posted August 7, 2020 You might not want to show your Public IP for your router.
Carlo 4561 Posted August 7, 2020 Posted August 7, 2020 The 69.4.234.31 address in question is used by Cloudflare which is a CDN (content distribution network).
Sammy 790 Posted August 7, 2020 Posted August 7, 2020 (edited) What about http://xx.xx.xx.x:8096/ Edited August 7, 2020 by ebr sensitive data
zandroid 0 Posted August 7, 2020 Author Posted August 7, 2020 3 hours ago, Sammy said: What about http://xx.xx.xx.x:8096/ Yeah, thanks. I probably shouldn't have posted this at three in the morning, but that's when I noticed the latest alert from Xfinity.
zandroid 0 Posted August 7, 2020 Author Posted August 7, 2020 4 hours ago, cayars said: The 69.4.234.31 address in question is used by Cloudflare which is a CDN (content distribution network). Any idea what those lines are supposed to be doing?
Carlo 4561 Posted August 7, 2020 Posted August 7, 2020 From the small log you showed it downloaded a couple of images. If you're setup behind Cloudflare this is normal.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now