alarmdecoder.com

I've had the alarm decoder for several years and for the first time, with my wife and I sitting on the couch, we hear a ding, no one else home, and the alarm suddenly was armed. I figured the ding would have been a low battery signal. We didn't not hear the keypad, as we would if it were set locally, so I assume it was remotely set. I do not see any invalid login attempts. But I would like to see if there were any valid login attempts before it was set or anything else that could help me understand what occurred. Any ideas on where to look or what occurred?

jscherer26 wrote:I've had the alarm decoder for several years and for the first time, with my wife and I sitting on the couch, we hear a ding, no one else home, and the alarm suddenly was armed. I figured the ding would have been a low battery signal. We didn't not hear the keypad, as we would if it were set locally, so I assume it was remotely set. I do not see any invalid login attempts. But I would like to see if there were any valid login attempts before it was set or anything else that could help me understand what occurred. Any ideas on where to look or what occurred?

That's an interesting one. Well, you can view users login history by going Settings->Users->User and at the bottom there is a login history link. Such as https://alarmdecoder-docker.local/user/1/history for user 1.

Do you have any panel programming that tells the alarm to arm at specific times? Do you have any home automation system components that may have triggered an event? Do you have any fobs that might have accidentally got pressed? It is unlikely somebody has your alarm code that you do not know and it is unlikely they got into the system itself unless you have strange things exposed to the outside...

You can connect to the ser2sock port on port 10000 and get a livestream of all messages - if it happens again and you capture the message stream, it is possible we can figure it out.

Thanks. I'll just sleep with one eye open the next couple of months. I don't see any logins that I suspect. I would assume that I login more then is shown, and surely my wife has login in many more times then once it shows in the last 8 months, so I suspect they aren't all recorded. Actually It doesn't seem to show any from my Android phone using the lastpass application browser, so that is likely why. I just tried through the regular browser on my phone and it registers it as Linux Android. FYI, the ip address is always 127.0.0.1, and I login from many locations. The time seems to be displaying in GMT, which you may not intend for it to do.

I don't have any panel programming that tells the alarm to arm at specific times. I don't have any home automation system components that may have triggered an event. I don't own any fobs.

I assume it will never happen again. We had an alarm trip a few months ago, then a week later the motion device that tripped it started giving a low battery and I changed them.

jscherer26 wrote:Thanks. I'll just sleep with one eye open the next couple of months. I don't see any logins that I suspect. I would assume that I login more then is shown, and surely my wife has login in many more times then once it shows in the last 8 months, so I suspect they aren't all recorded. Actually It doesn't seem to show any from my Android phone using the lastpass application browser, so that is likely why. I just tried through the regular browser on my phone and it registers it as Linux Android. FYI, the ip address is always 127.0.0.1, and I login from many locations. The time seems to be displaying in GMT, which you may not intend for it to do.

I don't have any panel programming that tells the alarm to arm at specific times. I don't have any home automation system components that may have triggered an event. I don't own any fobs.

I assume it will never happen again. We had an alarm trip a few months ago, then a week later the motion device that tripped it started giving a low battery and I changed them.

The reason it shows 127.0.0.1 is because the alarmdecoder app isn't handling the HTTP connection. A seperate HTTP server is running called nginx answers the HTTP(s) connection and passes it off to gunicorn (running alarmdecoder). Thus the request is coming from localhost (127.0.0.1) to the gunicorn server running alarm decoder..


<your browser> -> <nginx HTTP server> -> (gunicorn - alarm decoder)

The alarm decoder is showing the IP address from the connection from the nginx server.

They need to change the code to look at "X-Fowarded-For" header to get the IP of the remote requester. There is also this in the works (https://tools.ietf.org/html/rfc7239). Maybe I'll commit a fix for this to the git repo... I modified it to show requesting IP.

I'm just short on time... I'll try and do it sometime in next week or so.

I have a fix for the IP issue as well coming soon, sorry about that - we never tested that feature with the proxy enabled

It's not as simple as just looking at the x-forwarded-for header though, because that can be spoofed - so there's a different fix than that I have in testing so I think it will be pushed up soon.


As far as logins not showing up in the history - is it "remembering" you, or are you actually logging in every time you access? It will only log if there was an actual login.

If you want to see if somebody was accessing your alarmdecoder at that time, look at the nginx access logs.