[sipX-dev] XX-7665 question

Wed, 24 Feb 2010 05:17:57 -0800

Regarding http://track.sipfoundry.org/browse/XX-7665 "You have clicked on a stale link." random browser error seen frequently" Chris told me that 7006 is a valid SIP user and an IM ID of that same SIP User. 

In s*ipxconfig.log* I saw:
"2010-02-24T08:58:13.473000Z":660:JAVA:WARNING:scsuk.thruhere.net:P1-14:00000000:LoggerListener:"Authentication event AuthenticationFailureBadCredentialsEvent: 7006; details: org.acegisecurity.ui.webauthenticationdeta...@1de6: RemoteIpAddress: 172.16.0.60; *SessionId: null*; *exception: Bad credentials"* "2010-02-24T08:58:13.488000Z":661:JAVA:INFO:scsuk.thruhere.net:background:00000000:XmlRpcClientInterceptor:"XML/RPC Alarm.raiseAlarm with [scsuk.thruhere.net, LOGIN_FAILED, [7006]] on https://scsuk.thruhere.net:8092/RPC2"; "2010-02-24T08:58:15.580000Z":662:JAVA:WARNING:scsuk.thruhere.net:P1-14:00000000:LoggerListener:"Authentication event AuthenticationFailureBadCredentialsEvent: 7006; details: org.acegisecurity.ui.webauthenticationdeta...@7798: RemoteIpAddress: 172.16.0.35; *SessionId: null*; *exception: Bad credentials"* "2010-02-24T08:58:15.594000Z":663:JAVA:INFO:scsuk.thruhere.net:background:00000000:XmlRpcClientInterceptor:"XML/RPC Alarm.raiseAlarm with [scsuk.thruhere.net, LOGIN_FAILED, [7006]] on https://scsuk.thruhere.net:8092/RPC2"; 

In *sipxconfig-logins.log* (many times):

"2010-02-24 08:58:43,519": WARN:login:?:LOGIN *FAILED,* user 7006, 
remote IP 172.16.0.60
"2010-02-24 08:58:45,586": WARN:login:?:LOGIN *FAILED,* user 7006, 
remote IP 172.16.0.35


In *sipxsupervisor.log:*

"2010-02-24T08:58:13.489976Z":2528:KERNEL:INFO:scsuk.thruhere.net:HttpServer-2:B7DEDB90:Supervisor:"OsConnectionSocket::_[2] 
((null), 7)"
"2010-02-24T08:58:13.499271Z":2529:SIP:INFO:scsuk.thruhere.net:HttpServer-2:B7DEDB90:Supervisor:"OsSSLConnectionSocket::peerIdentity 
0xb130b5c8 OsSSL returned trusted"
"2010-02-24T08:58:13.499812Z":2530:SIP:INFO:scsuk.thruhere.net:HttpServer-2:B7DEDB90:Supervisor:"HttpServer::processRequest 
POST '/RPC2'"
"2010-02-24T08:58:13.499865Z":2531:XMLRPC:INFO:scsuk.thruhere.net:HttpServer-2:B7DEDB90:Supervisor:"XmlRpcDispatch::processRequest 
requestBody = \n<?xml 
version=\"1.0\"?><methodCall><methodName>Alarm.raiseAlarm</methodName><params><param><value>scsuk.thruhere.net</value></param><param><value>*LOGIN_FAILED*</value></param><param><value><array><data><value>7006</value></data></array></value></param></params></methodCall>"
"2010-02-24T08:58:13.499972Z":2532:ALARM:INFO:scsuk.thruhere.net:HttpServer-2:B7DEDB90:Supervisor:"Alarm 
'LOGIN_FAILED' not logged due to thresholds"
"2010-02-24T08:58:13.500006Z":2533:XMLRPC:INFO:scsuk.thruhere.net:HttpServer-2:B7DEDB90:Supervisor:"XmlRpcDispatch::processRequest 
method 'Alarm.raiseAlarm' response status=OK\n<?xml version=\"1.0\" 
encoding=\"UTF-8\"?>\n<methodResponse><!-- Alarm.raiseAlarm 
-->\n<params>\n<param>\n<value><boolean>1</boolean></value>\n</param>\n</params>\n</methodResponse>"

"2010-02-24T08:58:13.500082Z":2534:KERNEL:INFO:scsuk.thruhere.net:HttpServer-2:B7DEDB90:Supervisor:"*OsSSLConnectionSocket::close*"
"2010-02-24T08:58:13.500176Z":2535:KERNEL:INFO:scsuk.thruhere.net:HttpServer-2:B7DEDB90:Supervisor:"*OsSSLConnectionSocket::close*"
"2010-02-24T08:58:13.500194Z":2536:KERNEL:INFO:scsuk.thruhere.net:HttpServer-2:B7DEDB90:Supervisor:"OsConnectionSocket::~"

"2010-02-24T08:58:15.595619Z":2537:KERNEL:INFO:scsuk.thruhere.net:HttpServer-2:B7DEDB90:Supervisor:"OsConnectionSocket::_[2] 
((null), 7)"
"2010-02-24T08:58:15.602376Z":2538:SIP:INFO:scsuk.thruhere.net:HttpServer-2:B7DEDB90:Supervisor:"OsSSLConnectionSocket::peerIdentity 
0xb130b5c8 OsSSL returned trusted"
"2010-02-24T08:58:15.602871Z":2539:SIP:INFO:scsuk.thruhere.net:HttpServer-2:B7DEDB90:Supervisor:"HttpServer::processRequest 
POST '/RPC2'"
"2010-02-24T08:58:15.602947Z":2540:XMLRPC:INFO:scsuk.thruhere.net:HttpServer-2:B7DEDB90:Supervisor:"XmlRpcDispatch::processRequest 
requestBody = \n<?xml 
version=\"1.0\"?><methodCall><methodName>Alarm.raiseAlarm</methodName><params><param><value>scsuk.thruhere.net</value></param><param><value>*LOGIN_FAILED*</value></param><param><value><array><data><value>7006</value></data></array></value></param></params></methodCall>"
"2010-02-24T08:58:15.603059Z":2541:ALARM:INFO:scsuk.thruhere.net:HttpServer-2:B7DEDB90:Supervisor:"Alarm 
'LOGIN_FAILED' not logged due to thresholds"
"2010-02-24T08:58:15.603090Z":2542:XMLRPC:INFO:scsuk.thruhere.net:HttpServer-2:B7DEDB90:Supervisor:"XmlRpcDispatch::processRequest 
method 'Alarm.raiseAlarm' response status=OK\n<?xml version=\"1.0\" 
encoding=\"UTF-8\"?>\n<methodResponse><!-- Alarm.raiseAlarm 
-->\n<params>\n<param>\n<value><boolean>1</boolean></value>\n</param>\n</params>\n</methodResponse>"

"2010-02-24T08:58:15.603153Z":2543:KERNEL:INFO:scsuk.thruhere.net:HttpServer-2:B7DEDB90:Supervisor:"*OsSSLConnectionSocket::close*"
"2010-02-24T08:58:15.603235Z":2544:KERNEL:INFO:scsuk.thruhere.net:HttpServer-2:B7DEDB90:Supervisor:"*OsSSLConnectionSocket::close*"
"2010-02-24T08:58:15.603250Z":2545:KERNEL:INFO:scsuk.thruhere.net:HttpServer-2:B7DEDB90:Supervisor:"OsConnectionSocket::~"


Has anyone any idea why this user tries to login so often and form 
different IP addresses?


Regards,
Laurentiu


_______________________________________________
sipx-dev mailing list [email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-dev
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
sipXecs IP PBX -- http://www.sipfoundry.org/





















					Reply via email to