Device Identification
The Device Identification log tracks which physical devices — computers, tablets, mobile phones — have been used to access the ISPBills admin panel. This provides a security audit trail showing where and how your admin panel has been accessed.
Accessing Device Identification
Navigate to Logs > Device Identification in the left sidebar.
What Is Device Identification?
When an operator or admin logs in to ISPBills, the platform records a device fingerprint — a combination of browser type, operating system, screen resolution, and other browser-reported attributes — along with the IP address of the login. This allows ISPBills to identify whether a login is coming from a known, trusted device or from a new and potentially unauthorised one.
Device Identification is useful for:
- Security auditing — Reviewing which devices have accessed the admin panel over time.
- Anomaly detection — Identifying logins from unfamiliar locations or devices.
- Operator accountability — Tracking which computers or phones each operator uses to access the system.
- Incident investigation — If unauthorised changes are discovered, device logs can help identify the source.
What the Log Shows
Each entry in the Device Identification log represents a login event or a new device being recognised:
| Column | Description |
|---|---|
| Operator / User | The ISPBills account (admin, manager, reseller) that performed the login. |
| Device Fingerprint | A hash or description identifying the browser/device combination. |
| IP Address | The IP address from which the login was made. |
| Browser / OS | The browser and operating system reported by the client (e.g., Chrome on Windows, Safari on iPhone). |
| Location | Approximate geographic location derived from the IP address (if geo-IP is enabled). |
| First Seen | When this device was first used to access ISPBills. |
| Last Seen | The most recent login from this device. |
| Login Count | Number of times this device has been used to log in. |
Filtering and Searching
| Filter | Description |
|---|---|
| Operator / User | Show device logs for a specific operator or admin account. |
| Date Range | Filter entries to a specific period. |
| IP Address | Search for logins from a specific IP or subnet. |
Use the search bar to find entries by operator name, IP address, or device fingerprint.
Use Cases
Detecting Unauthorised Access
If you notice an unusual device fingerprint or an IP address you do not recognise in the log, it may indicate:
- An operator logging in from a new location (e.g., working from home)
- A compromised account being used from an attacker's device
Review the login time alongside the Operators Action Log (Logs > Operators Action Log) to determine what actions were performed during the suspicious session.
Verifying Operator Activity
For resellers or managers who should only be accessing the system from the office, Device Identification lets you confirm that logins are consistently coming from the expected IP address and device.
Incident Response
If a customer account is modified without authorisation or a payment record is deleted, check the Device Identification log for logins around the time of the event to identify the source device.
Security Recommendations
- If you see an unrecognised device in the log, immediately change the affected operator's password via their account settings.
- Enable Two-Factor Authentication (2FA) for all admin and manager accounts. See Settings > Two-Factor Authentication.
- Encourage operators to log out after each session rather than leaving the panel open in a browser.
- Periodically review the Device Identification log as part of your regular security audit routine.