Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Weird Ip address


knifeman

Recommended Posts

This IP is all over my site.

127.0.0.1

 

No Ip sites I have been to can identify it. Anyone here have any idea where this is?

 

Tim

Localhost

 

That's the IP you put in your HOSTS file (on your PC) to block a site.

 

I can't explain how it's all over your site though.

:'(

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

127.0.0.1 is the "loopback" address. It refers to you (your server). Can you be more specific by what you mean that it's "all over your site"? I would expect to see it in a number of places, but if you've been hacked and the hack code is doing strange things (such as attempting to read or write where it shouldn't), you might see "too much" of it. Where are you seeing the loopback address and in what context?

Link to comment
Share on other sites

I did not see any hack attempt. The 'customer' was viewing numerous pages. Mostly info pages like my FAQ, about us, shipping, that sort of thing. By the time I finished reading the link Jim supplied, the customer was gone.

 

There were no strange URLs in the whos online. For some reason the IP looked different and when I checked whos online. So I tried looking it up and I could not find a location. That really puzzled me and set off the concern alarm.

 

Tim

 

 

127.0.0.1 is the "loopback" address. It refers to you (your server). Can you be more specific by what you mean that it's "all over your site"? I would expect to see it in a number of places, but if you've been hacked and the hack code is doing strange things (such as attempting to read or write where it shouldn't), you might see "too much" of it. Where are you seeing the loopback address and in what context?

Link to comment
Share on other sites

I did not see any hack attempt. The 'customer' was viewing numerous pages. Mostly info pages like my FAQ, about us, shipping, that sort of thing. By the time I finished reading the link Jim supplied, the customer was gone.

 

There were no strange URLs in the whos online. For some reason the IP looked different and when I checked whos online. So I tried looking it up and I could not find a location. That really puzzled me and set off the concern alarm.

 

Tim

Describe your setup for us. Do you use a hosting service? Do you own your own server? Are you running OSC on Windows XP or some other Windows box at home with a service like DynIP or DynDNS?

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Link to comment
Share on other sites

My stores are on a dedicated server running Linux 2.6.18-128.7.1.el5. Paid hosting.

 

Tim

 

Describe your setup for us. Do you use a hosting service? Do you own your own server? Are you running OSC on Windows XP or some other Windows box at home with a service like DynIP or DynDNS?

Link to comment
Share on other sites

Ok, like mrPhil said, the 127.0.0.1 address is the loopback address. The only way that address can be noted is when someone is sitting at the console of the machine using a browser, or a script is run. It could be a script that is wget'ing the code and ftp'ing it somewhere. It does not necessarily need to be in your file space. it could be anywhere on the server. Notify your host of this and see if they can make anything of it.

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Link to comment
Share on other sites

My host had this to say:

When the Apache HTTP Server manages its child processes, it needs a way to wake up processes that are listening for new connections.
To do this, it sends a simple HTTP request back to itself.
This request will appear in the access_log file with the remote address set to the loop-back interface,
typically 127.0.0.1.

These requests are perfectly normal and you do not, in general, need to worry about them.
They can simply be ignored. 

 

 

 

Ok, like mrPhil said, the 127.0.0.1 address is the loopback address. The only way that address can be noted is when someone is sitting at the console of the machine using a browser, or a script is run. It could be a script that is wget'ing the code and ftp'ing it somewhere. It does not necessarily need to be in your file space. it could be anywhere on the server. Notify your host of this and see if they can make anything of it.

Link to comment
Share on other sites

My host had this to say:

When the Apache HTTP Server manages its child processes, it needs a way to wake up processes that are listening for new connections.
To do this, it sends a simple HTTP request back to itself.
This request will appear in the access_log file with the remote address set to the loop-back interface,
typically 127.0.0.1.

These requests are perfectly normal and you do not, in general, need to worry about them.
They can simply be ignored. 

I can understand that. What I do not understand is that it is making requests to specific pages in your store. Or did I read you original post incorrectly.

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Link to comment
Share on other sites

I can understand that. What I do not understand is that it is making requests to specific pages in your store. Or did I read you original post incorrectly.

No you read correctly. It was browsing specific pages. I questioned my host further. I mentioned this info coming from whos online not my access logs. Their response was:

Please note that module is also working based on your domains access log and it will show whatever webserver access log have.

 

This happened yesterday and as best as I can remember the ip was on several info pages. Shipping, faq, that sort of thing. I just flipped through my supertracker mod and could not find a record with this IP, but I know I saw it yesterday.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...