search

Psychoanalytic-Electronic-Publishing / PaDS

Psychoanalysts Database System (PaDS) is a user database and authorization server with an API to manage and authenticate users for the PEP User Interface client and OPAS Document server.
0 stars 0 forks source link

Watching error logs - being hacked or system troubles? #24

Open nrshapiro opened 2 years ago

nrshapiro commented 2 years ago

I wanted to document this here, but I have not investigated who/what is behind these sessions and these problem calls/links:

> 2022-02-07T12:45:11.690-05:00 | 2022-02-07 17:45:10 opasDocPermissions/get_authserver_session_info(335): WARNING eedab33c-b561-40da-aa4f-69010d167ee3 call to pads produces 401 error. Setting user_logged_in to False
> -- | --
>   | 2022-02-07T12:45:15.723-05:00 | 2022-02-07 17:45:11 opasDocPermissions/get_authserver_session_info(335): WARNING eedab33c-b561-40da-aa4f-69010d167ee3 call to pads produces 401 error. Setting user_logged_in to False
>   | 2022-02-07T12:45:52.476-05:00 | 2022-02-07 17:45:51 opasDocPermissions/get_authserver_session_info(335): WARNING eedab33c-b561-40da-aa4f-69010d167ee3 call to pads produces 401 error. Setting user_logged_in to False
>   | 2022-02-07T12:45:56.723-05:00 | 2022-02-07 17:45:52 opasDocPermissions/get_authserver_session_info(335): WARNING eedab33c-b561-40da-aa4f-69010d167ee3 call to pads produces 401 error. Setting user_logged_in to False
>   | 2022-02-07T12:46:07.723-05:00 | 2022-02-07 17:46:03 opasDocPermissions/get_authserver_session_info(335): WARNING eedab33c-b561-40da-aa4f-69010d167ee3 call to pads produces 401 error. Setting user_logged_in to False
>   | 2022-02-07T12:46:09.738-05:00 | 2022-02-07 17:46:08 opasDocPermissions/get_authserver_session_info(335): WARNING eedab33c-b561-40da-aa4f-69010d167ee3 call to pads produces 401 error. Setting user_logged_in to False
>   | 2022-02-07T12:46:14.723-05:00 | 2022-02-07 17:46:09 opasDocPermissions/get_authserver_session_info(335): WARNING eedab33c-b561-40da-aa4f-69010d167ee3 call to pads produces 401 error. Setting user_logged_in to False
>   | 2022-02-07T12:46:28.723-05:00 | 2022-02-07 17:46:23 opasDocPermissions/get_authserver_session_info(335): WARNING eedab33c-b561-40da-aa4f-69010d167ee3 call to pads produces 401 error. Setting user_logged_in to False
>   | 2022-02-07T12:46:37.022-05:00 | 2022-02-07 17:46:36 opasDocPermissions/get_authserver_session_info(335): WARNING eedab33c-b561-40da-aa4f-69010d167ee3 call to pads produces 401 error. Setting user_logged_in to False
>   | 2022-02-07T12:46:41.723-05:00 | 2022-02-07 17:46:36 opasDocPermissions/get_authserver_session_info(335): WARNING eedab33c-b561-40da-aa4f-69010d167ee3 call to pads produces 401 error. Setting user_logged_in to False
>   | 2022-02-07T12:46:47.723-05:00 | 2022-02-07 17:46:42 opasDocPermissions/get_authserver_session_info(335): WARNING eedab33c-b561-40da-aa4f-69010d167ee3 call to pads produces 401 error. Setting user_logged_in to False
>   | 2022-02-07T12:46:49.035-05:00 | 2022-02-07 17:46:48 opasDocPermissions/get_authserver_session_info(335): WARNING eedab33c-b561-40da-aa4f-69010d167ee3 call to pads produces 401 error. Setting user_logged_in to False
>   | 2022-02-07T12:46:53.723-05:00 | 2022-02-07 17:46:48 opasDocPermissions/get_authserver_session_info(335): WARNING eedab33c-b561-40da-aa4f-69010d167ee3 call to pads produces 401 error. Setting user_logged_in to False
>   | 2022-02-07T13:08:36.723-05:00 | 2022-02-07 18:08:31 main/documents_document_fetch(5181): ERROR The document was not found on the system. Please notify PEP Support. Request: apa.065a.0152a. Session 895ffcd6-79d5-4bb9-86c4-3016a6e5ef85.
>   | 2022-02-07T13:09:06.723-05:00 | 2022-02-07 18:09:02 main/documents_document_fetch(5181): ERROR The document was not found on the system. Please notify PEP Support. Request: psyche.067c.0287a. Session dfa43b8c-1079-4eca-b159-7e4b125bc8df.
>   | 2022-02-07T13:14:59.723-05:00 | 2022-02-07 18:14:55 main/documents_document_fetch(5181): ERROR The document was not found on the system. Please notify PEP Support. Request: apa.063.1288a. Session 08c97b0a-c12d-4f98-abf1-0d9e959fca5b.
>

The document keys are not quite right either...could be an error in some link, or given all of the above, someone trying to hack the system?

jwoosnam commented 2 years ago

@nrshapiro this is not a hack. Session eedab33c-b561-40da-aa4f-69010d167ee3 is a user, Simona Barra, who registered with PEP today, but has no subscription. There are hundreds of AuthenticateFromIP & GetUser calls, which are filling up my logs, but I don't think it is anything suspicious from my end.

jwoosnam commented 2 years ago

@nrshapiro I have finished work for the day, but I just had a random look at a few sessions of people who were logged on with subscriptions, and they too are producing hundreds of what appeared to be on that necessary IP authenticate and get user calls. The session below did a few successful document reads yesterday, but has been producing IP authenticate and get user calls ever since!!!!

Screenshot 2022-02-07 at 20 28 50