Posted: Sat Jul 07, 2018 22:59 Post subject: Anybody know what might be causing the following error?
I enabled syslogd and my log file is filled up with errors that look like this:
Jul 7 17:50:34 ROUTER daemon.err httpd[1173]: Request Error Code 401: Authorization required. please note that the default username is "root" in all newer releases
They're happening about once every 30 seconds as long as I'm in the GUI. _________________ Routing:.......Asus RT-AX88U (Asuswrt-Merlin 384.14) Switching:....Netgear GS608_V3 & GS605_V4, TrendNet TEG-S82G & TEG-S50G
Joined: 03 Jan 2010 Posts: 7568 Location: YWG, Canada
Posted: Sat Jul 07, 2018 23:59 Post subject:
httpd is very buggy and full of shit for the last several months, i have it too. brainslayer broke it, and refuses to believe he broke it... _________________ LATEST FIRMWARE(S)
BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
I'm using Kong's build, r36175. I guess I'll just have to disable my syslog server's notification daemon for now. It's spamming me with emails. _________________ Routing:.......Asus RT-AX88U (Asuswrt-Merlin 384.14) Switching:....Netgear GS608_V3 & GS605_V4, TrendNet TEG-S82G & TEG-S50G
Joined: 05 Oct 2008 Posts: 666 Location: Helsinki, Finland / nr. Alkmaar, Netherlands
Posted: Mon Jul 09, 2018 20:20 Post subject: Possibly related observation
Could this have something to do with what I observed when using to access the webGUI in Chrome or Chromium using the HTTPS protocol as I described in the following thread (page 2)?
(Sorry for being unable to post a link to the very posts)
When I changed to access the webGUI using HTTP instead of HTTPS (I had routinely disabled this option in de GUI), browsing the GUI in Chromium performed at normal speed, loading new pages instantaneously.
Posted: Mon Jul 09, 2018 21:00 Post subject: Re: Possibly related observation
I saw your post earlier and thought it might be related. When I see these errors, I see repeated login requests to httpd from my mgmt station. The full log entry looks like this:
Jul 7 18:20:14 ROUTER daemon.info httpd[1173]: httpd login attempt from 192.168.1.100 . Sending authorization request.
Jul 7 18:20:14 ROUTER daemon.err httpd[1173]: Request Error Code 401: Authorization required. please note that the default username is "root" in all newer releases
It appears to happen nearly every time I change pages or tabs. I really would prefer to use HTTPS for access rather than HTTP but if that fixes it, I guess it's worth a shot.
ArjenR49 wrote:
Could this have something to do with what I observed when using to access the webGUI in Chrome or Chromium using the HTTPS protocol as I described in the following thread (page 2)?
(Sorry for being unable to post a link to the very posts)
When I changed to access the webGUI using HTTP instead of HTTPS (I had routinely disabled this option in de GUI), browsing the GUI in Chromium performed at normal speed, loading new pages instantaneously.
Joined: 05 Oct 2008 Posts: 666 Location: Helsinki, Finland / nr. Alkmaar, Netherlands
Posted: Mon Jul 09, 2018 21:30 Post subject:
What browsers have you tried?
Initially I had the syslog option enabled, just to try it. But as I couldn't make much of the entries, I switched it off again.
I did notice a few highlighted errors. However, the router didn't crash ... I figured I can always switch it back on, if needed.
Joined: 29 May 2008 Posts: 243 Location: United Kingdom
Posted: Fri Jul 13, 2018 15:27 Post subject: Re: Possibly related observation
htismaqe wrote:
Jul 7 18:20:14 ROUTER daemon.info httpd[1173]: httpd login attempt from 192.168.1.100 . Sending authorization request.
Jul 7 18:20:14 ROUTER daemon.err httpd[1173]: Request Error Code 401: Authorization required. please note that the default username is "root" in all newer releases
Double check your not double NATed aswell as this maybe an attack but coming from the 192.168.1.100 and quite common if you put your first router to DMZ to the dd-wrt router
Heres some IP Ranges that most common port scan me, Most from ### AS 10439 ### i always seem to get a full scan from them!
Code:
iptables -I INPUT -p tcp -d 66.240.192.0/18 -j DROP
iptables -I INPUT -p tcp -d 71.6.128.0/17 -j DROP
iptables -I INPUT -p tcp -d 135.84.216.0/24 -j DROP
iptables -I INPUT -p tcp -d 209.126.128.0/17 -j DROP
iptables -I INPUT -p tcp -d 216.75.0.0/18 -j DROP
iptables -I INPUT -p tcp -d 216.98.128.0/19 -j DROP
It's definitely not coming from outside and there's no double NAT. My management workstation is 192.168.1.100 and I see one of these errors generated every time I change pages/tabs in the GUI. It's definitely a bug in HTTPD. _________________ Routing:.......Asus RT-AX88U (Asuswrt-Merlin 384.14) Switching:....Netgear GS608_V3 & GS605_V4, TrendNet TEG-S82G & TEG-S50G
I wonder if it will even do any good. I might drop a line to Kong and see what he says. Right now, it's making syslog data really hard to use, it's so cluttered. Plus I have to setup my notifications to filter out those messages or I get spammed with alerts. _________________ Routing:.......Asus RT-AX88U (Asuswrt-Merlin 384.14) Switching:....Netgear GS608_V3 & GS605_V4, TrendNet TEG-S82G & TEG-S50G
I wonder if it will even do any good. I might drop a line to Kong and see what he says. Right now, it's making syslog data really hard to use, it's so cluttered. Plus I have to setup my notifications to filter out those messages or I get spammed with alerts.
iirc, its r33006 is the last build before httpd was fucked with _________________ LATEST FIRMWARE(S)
BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers