Local Access Issue [the bot / IP blacklist thread] [fixed in v1.660]

Recently I've noticed that every time I try to access my SDR from the local IP address, it sends me to the All Channels are busy page regardless of whether they're all full or not. I thought it may have been a software issue so I upgraded to 1.498 this morning but nothing changed. When I access it through my public link, everything appears normal. Attached is a snip of what I get when I try accessing it via the 192.168.XXX.XXX address. You can see that all channels were empty at the time. Any ideas?

Thanks!


«1345

Comments

  • What happens when you hit reload, or (Windows) control+F5?

  • It reloads the page but doesn't drop me into a channel. If I connect to it in another tab using the public link, it updates to show that that particular channel is in use and 3 others are empty but still doesn't drop me in there. This is the same if I hit reload in the Window itself or hit the browser refresh button.

    It's happening in Chrome, Edge, and FireFox so it doesn't appear to be a browser issue either.

    This just started happening over the last week or so as I typically use the local address to connect to it.

  • OK and what does the admin log show as the connecting IP when using the using the public link, and then the private?

    By public address do you mean the address as would be listed on rx.kiwisdr.com? and private IP as an IPv4 address like 192.168.0.1:8073?

    on the client what does "nslookup [public link]" return? - does it return an IPv6 and IPv4 address?

  • edited March 2022

    I can only connect to the non waterfall channels on mine. It is in 8CH mode. This is both local and remotely. Once the 6 audio only channels are full, it puts me on the que page for camping.

    Update: A beagle reboot from the admin seems to have cleared my issue. Maybe not the same issue, but I did end up on the all channels are busy page, while the two waterfall channels were available. This is with local connection, and two channels set for password protection, which were in use. The reboot fixed my non waterfall channel only problem.

  • edited March 2022

    What does the admin log show in the working and non working connection?

    Second question is this a public Kiwi, or at least one with a port forward so that is could be found by scanning?

  • When connecting locally, the log shows my local IP, the 192.168.X.X address.

    When connecting via kiwisdr.ku4by.com, the log shows my public IP address.

    NSLookup only returns an IPV4 Address for my public address.

    One difference I am seeing is that when I login from kiwisdr.ku4by.com, the log shows SND Allowed whereas when I log into it locally, it shows MON Allowed. Is this a Monitor mode?

  • jksjks
    edited March 2022

    Yeah, what Stu said: to debug this I need to see the log messages from the admin log tab from when the local user tries to connect. Only then will I know exactly what it is doing. They will look like this (edit out the appearance of your user password, if any):

    Mon Mar 14 19:40:42 00:01:24.337 0... 0      PWD isLocal_if_ip: flg=0x18 fam=2 socktype=1 proto=6 addrlen=16 192.168.1.3
    Mon Mar 14 19:40:42 00:01:24.338 0... 0    L PWD isLocal_if_ip: TRUE IPv4/4_6 remote_ip 192.168.1.3 ip_client 192.168.1.3/0xc0a80103 ip_server[IPv4] 192.168.1.103/0xc0a80167 nm /24 0xffffff00
    Mon Mar 14 19:40:42 00:01:24.339 0... 0      PWD kiwi SND conn #1 force_notLocal=0 isLocal=1 is_local=1 auth=0 auth_kiwi=0 auth_prot=0 auth_admin=0 check_ip_against_restricted=0 restricted_ip_match=0 from 192.168.1.3
    Mon Mar 14 19:40:42 00:01:24.340 0... 0      PWD kiwi SND ALLOWED: config pwd set, but is_local and auto-login set
    Mon Mar 14 19:40:42 00:01:24.341 0... 0      PWD kiwi SND RESULT: allow=1 pwd_s=<> pwd_m=<> cant_determine=0 is_local=1 isLocal(enum)=1 192.168.1.3
    Mon Mar 14 19:40:42 00:01:24.342 0... 0    L PWD kiwi SND ALLOWED: from 192.168.1.3
    Mon Mar 14 19:40:42 00:01:24.346 0... 0      PWD kiwi SND AUTH=1 badp=0 auth_kiwi=1 auth_prot=0 auth_admin=0
    Mon Mar 14 19:40:42 00:01:24.470 0... 0      PWD isLocal_if_ip: flg=0x18 fam=2 socktype=1 proto=6 addrlen=16 192.168.1.3
    Mon Mar 14 19:40:42 00:01:24.470 0... 0    L PWD isLocal_if_ip: TRUE IPv4/4_6 remote_ip 192.168.1.3 ip_client 192.168.1.3/0xc0a80103 ip_server[IPv4] 192.168.1.103/0xc0a80167 nm /24 0xffffff00
    Mon Mar 14 19:40:42 00:01:24.471 0... 0      PWD kiwi W/F conn #2 force_notLocal=0 isLocal=1 is_local=1 auth=0 auth_kiwi=0 auth_prot=0 auth_admin=0 check_ip_against_restricted=0 restricted_ip_match=0 from 192.168.1.3
    Mon Mar 14 19:40:42 00:01:24.473 0... 0      PWD kiwi W/F ALLOWED: config pwd set, but is_local and auto-login set
    Mon Mar 14 19:40:42 00:01:24.473 0... 0      PWD kiwi W/F RESULT: allow=1 pwd_s=<> pwd_m=<> cant_determine=0 is_local=1 isLocal(enum)=1 192.168.1.3
    Mon Mar 14 19:40:42 00:01:24.474 0... 0    L PWD kiwi W/F ALLOWED: from 192.168.1.3
    Mon Mar 14 19:40:42 00:01:24.474 0... 0      PWD kiwi W/F AUTH=1 badp=0 auth_kiwi=1 auth_prot=0 auth_admin=0
    


  • Also, what happens when you add the URL parameter "nolocal" ? This is a way to make a connection from the local network look like it's not. I use it for debugging.

    As in: my_kiwi:8073/?nolocalor my_kiwi:8073/?something_else&nolocal

  • Nolocal made no difference and should be included in the following:


    Mon Mar 14 19:49:34 06:46:32.811 0123 [01]   PWD isLocal_if_ip: flg=0x18 fam=2 socktype=1 proto=6 addrlen=16 192.168.0.43
    Mon Mar 14 19:49:34 06:46:32.811 0123 [01] L PWD isLocal_if_ip: TRUE IPv4/4_6 remote_ip 192.168.0.43 ip_client 192.168.0.43/0xc0a8002b ip_server[IPv4] 192.168.0.50/0xc0a80032 nm /24 0xffffff00
    Mon Mar 14 19:49:34 06:46:32.816 0123 [01]   PWD kiwi MON conn #1 force_notLocal=1 isLocal=0 is_local=0 auth=0 auth_kiwi=0 auth_prot=0 auth_admin=0 check_ip_against_restricted=0 restricted_ip_match=0 from 192.168.0.43
    Mon Mar 14 19:49:34 06:46:32.816 0123 [01]   PWD TLIMIT exempt password check: ipl=<(null)> tlimit_exempt_pwd=<>
    Mon Mar 14 19:49:34 06:46:32.816 0123 [01]   PWD kiwi MON ALLOWED: no config pwd set, allow any (192.168.0.43)
    Mon Mar 14 19:49:34 06:46:32.816 0123 [01]   PWD kiwi MON RESULT: allow=1 pwd_s=<> pwd_m=<(null)> cant_determine=0 is_local=0 isLocal(enum)=0 192.168.0.43
    Mon Mar 14 19:49:34 06:46:32.816 0123 [01] L PWD kiwi MON ALLOWED: from 192.168.0.43
    Mon Mar 14 19:49:34 06:46:32.821 0123 [01]   PWD kiwi MON AUTH=1 badp=0 auth_kiwi=1 auth_prot=0 auth_admin=0
    Mon Mar 14 19:49:39 06:46:37.509 0123 [01]   PWD isLocal_if_ip: flg=0x18 fam=2 socktype=1 proto=6 addrlen=16 192.168.0.43
    Mon Mar 14 19:49:39 06:46:37.509 0123 [01] L PWD isLocal_if_ip: TRUE IPv4/4_6 remote_ip 192.168.0.43 ip_client 192.168.0.43/0xc0a8002b ip_server[IPv4] 192.168.0.50/0xc0a80032 nm /24 0xffffff00
    Mon Mar 14 19:49:39 06:46:37.512 0123 [01]   PWD kiwi MON conn #1 force_notLocal=1 isLocal=0 is_local=0 auth=0 auth_kiwi=0 auth_prot=0 auth_admin=0 check_ip_against_restricted=0 restricted_ip_match=0 from 192.168.0.43
    Mon Mar 14 19:49:39 06:46:37.512 0123 [01]   PWD TLIMIT exempt password check: ipl=<(null)> tlimit_exempt_pwd=<>
    Mon Mar 14 19:49:39 06:46:37.512 0123 [01]   PWD kiwi MON ALLOWED: no config pwd set, allow any (192.168.0.43)
    Mon Mar 14 19:49:39 06:46:37.512 0123 [01]   PWD kiwi MON RESULT: allow=1 pwd_s=<> pwd_m=<(null)> cant_determine=0 is_local=0 isLocal(enum)=0 192.168.0.43
    Mon Mar 14 19:49:39 06:46:37.512 0123 [01] L PWD kiwi MON ALLOWED: from 192.168.0.43
    Mon Mar 14 19:49:39 06:46:37.515 0123 [01]   PWD kiwi MON AUTH=1 badp=0 auth_kiwi=1 auth_prot=0 auth_admin=0
    Mon Mar 14 19:50:02 06:47:00.839 0123 [01]   PWD isLocal_if_ip: flg=0x18 fam=2 socktype=1 proto=6 addrlen=16 192.168.0.43
    Mon Mar 14 19:50:02 06:47:00.839 0123 [01] L PWD isLocal_if_ip: TRUE IPv4/4_6 remote_ip 192.168.0.43 ip_client 192.168.0.43/0xc0a8002b ip_server[IPv4] 192.168.0.50/0xc0a80032 nm /24 0xffffff00
    Mon Mar 14 19:50:02 06:47:00.843 0123 [01]   PWD kiwi MON conn #1 force_notLocal=1 isLocal=0 is_local=0 auth=0 auth_kiwi=0 auth_prot=0 auth_admin=0 check_ip_against_restricted=0 restricted_ip_match=0 from 192.168.0.43
    Mon Mar 14 19:50:02 06:47:00.843 0123 [01]   PWD TLIMIT exempt password check: ipl=<(null)> tlimit_exempt_pwd=<>
    Mon Mar 14 19:50:02 06:47:00.843 0123 [01]   PWD kiwi MON ALLOWED: no config pwd set, allow any (192.168.0.43)
    Mon Mar 14 19:50:02 06:47:00.843 0123 [01]   PWD kiwi MON RESULT: allow=1 pwd_s=<> pwd_m=<(null)> cant_determine=0 is_local=0 isLocal(enum)=0 192.168.0.43
    Mon Mar 14 19:50:02 06:47:00.843 0123 [01] L PWD kiwi MON ALLOWED: from 192.168.0.43
    Mon Mar 14 19:50:02 06:47:00.846 0123 [01]   PWD kiwi MON AUTH=1 badp=0 auth_kiwi=1 auth_prot=0 auth_admin=0
    Mon Mar 14 19:50:30 06:47:29.167 0123 [01]   PWD isLocal_if_ip: flg=0x18 fam=2 socktype=1 proto=6 addrlen=16 192.168.0.43
    Mon Mar 14 19:50:30 06:47:29.167 0123 [01] L PWD isLocal_if_ip: TRUE IPv4/4_6 remote_ip 192.168.0.43 ip_client 192.168.0.43/0xc0a8002b ip_server[IPv4] 192.168.0.50/0xc0a80032 nm /24 0xffffff00
    Mon Mar 14 19:50:30 06:47:29.170 0123 [01]   TLIMIT exempt local connection from 192.168.0.43
    Mon Mar 14 19:50:30 06:47:29.171 0123 [01]   PWD kiwi MON ALLOWED: config pwd set, but is_local and auto-login set
    Mon Mar 14 19:50:30 06:47:29.171 0123 [01] L PWD kiwi MON ALLOWED: from 192.168.0.43
    Mon Mar 14 19:50:46 06:47:44.769 0123 [02]   PWD isLocal_if_ip: flg=0x18 fam=2 socktype=1 proto=6 addrlen=16 192.168.0.43
    Mon Mar 14 19:50:46 06:47:44.769 0123 [02] L PWD isLocal_if_ip: TRUE IPv4/4_6 remote_ip 192.168.0.43 ip_client 192.168.0.43/0xc0a8002b ip_server[IPv4] 192.168.0.50/0xc0a80032 nm /24 0xffffff00
    Mon Mar 14 19:50:46 06:47:44.772 0123 [02]   TLIMIT exempt local connection from 192.168.0.43
    Mon Mar 14 19:50:46 06:47:44.773 0123 [02] L PWD admin config pwd set TRUE, auto-login TRUE
    Mon Mar 14 19:50:46 06:47:44.775 0123 [02] L PWD admin ALLOWED: config pwd set, but is_local and auto-login set
    Mon Mar 14 19:50:46 06:47:44.775 0123 [02] L PWD admin admin ALLOWED: from 192.168.0.43
    


  • "When connecting via kiwisdr.ku4by.com, the log shows my public IP address."

    That's a little unusual, many router/firewalls won't normally do that by default.

    I wonder if your router is dual stack and hijacking the internal v4 traffic, I suppose you could disable IPv6 for a test (from experience you have to disable it on all interfaces or Windows tries the dead links before trying a live working v4).

    Another option is that something is tying up the connection but not showing on the logs, to test that (tin foil hat theory) disable port forward on the router then reboot the Beaglebone.

  • I'm not local, but in this very moment (~20:03 UTC), I see also the busy page, with only one entry (10.000 KHz) and all the others empty.

  • It's always shown my public IP address.


    Something I just noticed in the log is that the SDR does think all channels are busy. I currently have one connection to it but here is the log entry.

    Mon Mar 14 20:04:01 07:01:00.084 0123        SNR_meas: all channels busy
    

    No idea why it's only busy for the SNR measurement and local connections but that is where I'm at right now.

  • Yeah I'm getting that now too but I've been able to get in all day until now.

  • I just saw a few more connection attempts and they are all saying MON Allowed. The only thing I haven't tried on this end is to actually power down the kiwi and see if letting it sit for a few minutes helps is out. I'm just not sure if I'll be able to get back into it after that.

  • jksjks
    edited March 2022

    From that log I can tell all those connection attempts are dropping into monitor mode immediately because all channels are busy (what you just said). We need to figure out who (or what) is tying them up.

    Use the "dump" button on the log tab and then cut/paste the log messages here that look like the following:

    Mon Mar 14 20:15:37 00:36:19.937 0...      L dump --------
    Mon Mar 14 20:15:37 00:36:19.938 0...      L RX0 en1 busy1 conn-01 0x3a691d8
    Mon Mar 14 20:15:37 00:36:19.938 0...      L RX1 en0 busy0 conn-9999 (nil)
    Mon Mar 14 20:15:37 00:36:19.939 0...      L RX2 en0 busy0 conn-9999 (nil)
    Mon Mar 14 20:15:37 00:36:19.939 0...      L RX3 en0 busy0 conn-9999 (nil)
    Mon Mar 14 20:15:37 00:36:19.939 0...      L 
    Mon Mar 14 20:15:37 00:36:19.940 0...      L CONNS: used 3/136 is_locked=0
    Mon Mar 14 20:15:37 00:36:19.940 0...      L CONN-00 0x3a68f58 admin rx=-1 auth1 kiwi0 prot0 admin1 local1 isP0 tle10 KA=03/60 KC=00418 mc=0x7585080 ip=192.168.1.3:57515 other=-1 
    Mon Mar 14 20:15:37 00:36:19.941 0...      L CONN-01 0x3a691d8 SND rx=0 auth1 kiwi1 prot0 admin0 local1 isP0 tle10 KA=04/60 KC=00418 mc=0x756d918 ip=192.168.1.3:57535 other=CONN-2 
    Mon Mar 14 20:15:37 00:36:19.941 0...      L        user=<ZL/KF6VO> isUserIP=0 geo=<Tauranga, New Zealand>
    Mon Mar 14 20:15:37 00:36:19.942 0...      L CONN-02 0x3a69458 W/F rx=0 auth1 kiwi1 prot0 admin0 local1 isP0 tle10 KA=04/60 KC=00418 mc=0x756e9e0 ip=192.168.1.3:57536 other=CONN-1 
    


  • Also, that log showed your Kiwi up for over 6 hours. How is it after you restart? (use restart button on admin page, control tab)

  • edited March 2022

    I X'd out my public IP but have no idea who the 182.150.24.15 (Appears to be Chinanet) is and why they're not showing up in the monitor. I'll wait for your response before I blacklist it to see if anything changes.


    Mon Mar 14 20:19:10 07:16:08.795 0123   L dump --------
    Mon Mar 14 20:19:10 07:16:08.798 0123   L RX0 en0 busy1 conn-00 0x3aef770
    Mon Mar 14 20:19:10 07:16:08.798 0123   L RX1 en1 busy1 conn-05 0x3af03f0
    Mon Mar 14 20:19:10 07:16:08.799 0123   L RX2 en0 busy1 conn-03 0x3aefef0
    Mon Mar 14 20:19:10 07:16:08.799 0123   L RX3 en0 busy1 conn-04 0x3af0170
    Mon Mar 14 20:19:10 07:16:08.799 0123   L CONNS: used 8/136 is_locked=0
    Mon Mar 14 20:19:10 07:16:08.799 0123   L CONN-00 0x3aef770 W/F rx=0 auth1 kiwi1 prot0 admin0 local0 isP0 tle00 KA=00/60 KC=04373 mc=0x8a0d838 ip=182.150.24.15:34818 other=-1 
    Mon Mar 14 20:19:10 07:16:08.799 0123   L CONN-02 0x3aefc70 admin rx=-1 auth1 kiwi0 prot0 admin1 local1 isP0 tle10 KA=03/60 KC=00261 mc=0x8a64880 ip=192.168.0.43:64351 other=-1 
    Mon Mar 14 20:19:10 07:16:08.799 0123   L CONN-03 0x3aefef0 W/F rx=2 auth1 kiwi1 prot0 admin0 local0 isP0 tle00 KA=04/60 KC=03919 mc=0x8a6b3d8 ip=182.150.24.15:60314 other=-1 
    Mon Mar 14 20:19:10 07:16:08.799 0123   L CONN-04 0x3af0170 W/F rx=3 auth1 kiwi1 prot0 admin0 local0 isP0 tle00 KA=01/60 KC=03915 mc=0x8a6b7f0 ip=182.150.24.15:60578 other=-1 
    Mon Mar 14 20:19:10 07:16:08.799 0123   L CONN-05 0x3af03f0 SND rx=1 auth1 kiwi1 prot0 admin0 local0 isP0 tle00 KA=04/60 KC=00745 mc=0x8a724f0 ip=XX.XXX.XXX.XXX:64135 other=CONN-7 
    Mon Mar 14 20:19:10 07:16:08.799 0123   L    user=<XX.XXX.XX.XXX> isUserIP=1 geo=<Elizabeth City, North Carolina, USA>
    Mon Mar 14 20:19:10 07:16:08.804 0123   L CONN-06 0x3af0670 MON rx=-1 auth1 kiwi1 prot0 admin0 local1 isP0 tle10 KA=01/60 KC=04128 mc=0x8a74448 ip=192.168.0.43:61205 other=-1 
    Mon Mar 14 20:19:10 07:16:08.804 0123   L CONN-07 0x3af08f0 W/F rx=1 auth1 kiwi1 prot0 admin0 local0 isP0 tle00 KA=04/60 KC=00745 mc=0x8a19bb8 ip=XX.XXX.XX.XXX:64136 other=CONN-5 
    Mon Mar 14 20:19:10 07:16:08.804 0123   L CONN-08 0x3af0b70 MON rx=-1 auth1 kiwi1 prot0 admin0 local0 isP0 tle00 KA=11/60 KC=00206 mc=0x8a69ec0 ip=XX.XXX.XX.XXX:65276 other=-1 
    
  • jksjks
    edited March 2022

    Okay, this is super interesting.

    First of all, it's clear these are bot connections not using the full Kiwi API. That's why they appear as "waterfall only" connections in the dump information with no corresponding sound connection. Like how Marco and linkfanel poll to get their SNR data.

    One bug is that there are never supposed to be blank entries in the connection status panels even for a partial API connection. That's what is misleading us into thinking there are free channels. So I need to do some work there.

    Something I'd like to know: If you connect as admin, on the status tab, on the connection entries (RX0 RX1 ...) do you see a round "kick" button at the end of each line? If so, could you try clicking it to free up a channel and then quickly trying to make a local user connection? Do it work then? Depending on how often the bot is hitting you, you might have to try this several times. Or kick a couple of channels instead of just one.

  • jksjks
    edited March 2022

    Besides using the dump button, the other easy way to tell which channels are in use is to look at any log message, e.g.

    Mon Mar 14 20:04:01 07:01:00.084 0123        SNR_meas: all channels busy
    

    See the 0123 after the uptime? That shows the current channel occupancy. It will be 01234567 for all channels busy on an 8-channel Kiwi etc. The blank space after it holds an indicator of which channel a log message belongs to (some log messages don't belong to any channel). So for example

    Mon Mar 14 20:50:25 01:11:07.921 01..  1   L    10.00 kHz cwn z0  "ZL/KF6VO" 192.168.1.3 (ARRIVED)
    

    means channels 0 & 1 are occupied and the "arrived" log message belongs to channel 1.

  • I'd still be tempted (as long as it does not break logs jks is looking for) to

    "disable port forward on the router then reboot the Beaglebone." as I said before.

    My assumption is that it will be fine then get tied up again about ten minutes after port forward re enabled.

  • The Admin Status Tab only shows my one active connection to the kiwi. No entries or Kick buttons on the other 3 receivers which is what began this confusion for me.

    Thanks for the log info, I'm not really proficient in the logs.

    So should I just blacklist the bot's IP address and wait for the next one?

  • Thanks for that. I need to figure out how they are evading the connection detection so I can fix it. No kick button gives me a big clue.

    That detail about the logs isn't documented anywhere 🙄 so I though I'd mention it.

    Yeah, go ahead and block them. That ip is not in a cloud provider range. So I can't really add the entire 182.150/16 block to the download blacklist because it might deny legit users.

  • Maybe using "Yes" on "Prevent multiple connections from the same IP address?" on the Network Admin tab will be helpful for prevent full exhaustion of all channels from one bot.

  • Rgr. I added the IP to the black list and then tried a Beagle Reboot but the reboot didn't work. Nothing happened. I then hit the restart server button and that restarted the server. Now I'm just waiting to see what happens next... 😂

  • I had that set in the past, not sure why it changed. Also, I noticed after the restart that my local blacklist was empty???

  • edited March 2022

    I'm not sure if it is possible to have a stale admin connection so you think you have added to the local blacklist but it has not been successfully appended, if you restarted at that stage it would just show the real situation.

    I'd be tempted to open an SSH connection to the local Kiwi so you can use commands directly, would not like to be denied a reboot while there are remote connections.

  • @rz3dvp Thanks! Kiwi code complex + me getting old = I can't even remember my own stuff, lol

    A reboot takes a while. There is a built-in 30 sec delay after Linux reboot before the Kiwi server comes up to allow NTP et al to settle down.

    Don't know why your local blacklist would have been cleared. Shouldn't happen..

  • Yeah, Stu's right once again. May times during development I have restarted the server from an ssh window and then began typing stuff into an open admin page, which it happily accepts, and then wonder why my changes don't seem to do anything. Eventually I figure out I needed to refresh that admin page to reestablish a server connection. I should probably actively detect this situation..

  • Well it's been about 6 and a half hours since I re-added that IP to the blacklist and so far so good. As far as I can tell, the kiwi never rebooted after I hit the button but it did restart after I hit the restart server button so I'm not sure about the stale Admin tab but I'll try rebooting again in the morning and see what happens.

    Thanks for all the help!

  • @KU4BY The stale admin connection is cleared (most simply) by closing the local browser and reopening it's is just a browser session that needs to be refreshed.

    I prefer to make it prompt for a password even if local then I know it really did just reconnect because it challenged for the password if I just Ctrl-F5.

    Admin - Security - 'User auto-login from local net even if password set?' set to 'NO'

Sign In or Register to comment.