Advertisement:

Author Topic: Forum Firewall  (Read 315922 times)

Offline quiz_modder

  • Jr. Member
  • **
  • Posts: 246
  • Gender: Male
    • SMF Modding
Re: Forum Firewall
« Reply #140 on: January 29, 2011, 10:35:54 AM »
I have a few "Invalid ip" entries in the log for the following "ip address" - could you explain what is going on here? Thanks

  • BISB_3.5.1.71
  • Keep-Alive
  • HTTP/1.1

Looking at the corresponding headers some of them look to be mobile devices. Does that mean this cannot handle them?

GET /forum/index.php?topic=536.10;wap2 HTTP/1.0 BlackBerry8520/5.0.0.681 Profile/MIDP-2.1 Configuration/CLDC-1.1 VendorID/142

GET /forum/index.php?action=pm HTTP/1.1 Mozilla/5.0 (SAMSUNG; SAMSUNG-GT-S8500/S8500XXJEE; U; Bada/1.0; en-us) AppleWebKit/533.1 (KHTML, like Gecko) Dolfin/2.0 Mobile WVGA SMM-MMS/1.2.0 OPN-B

GET /forum/index.php HTTP/1.0 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0; .NET CLR 1.0.2914)

GET /forum/index.php?action=forum HTTP/1.1 Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-us) AppleWebKit/531.9 (KHTML, like Gecko) Version/4.0.3 Safari/531.9

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,734
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #141 on: January 29, 2011, 02:16:29 PM »
Good grief.  You see bad IP addresses in your log and your first thought is that there is something wrong with the Mod?   :-X

Allow me to clarify those are not real ip addresses.  What you see is the result of badly written bots trying to spoof a ip address.  The bots are so poorly written that they are putting the wrong stuff in the wrong header location.  For example you will normally see "Keep-Alive" in the connections field of the HTTP header not the ip address.

If you want to learn more about it I suggest you study HTTP headers.  I am sorry but, I have no intension to explain what the mod is doing in detail because doing so will cause more harm than good.

All I can say is that the answer to your question is NO.  The mod can handle all known ip addresses including ipv6 (non admin).  So your forum is safe.
 :o
« Last Edit: January 29, 2011, 02:20:11 PM by butchs »
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline quiz_modder

  • Jr. Member
  • **
  • Posts: 246
  • Gender: Male
    • SMF Modding
Re: Forum Firewall
« Reply #142 on: January 29, 2011, 06:24:20 PM »
Good grief.  You see bad IP addresses in your log and your first thought is that there is something wrong with the Mod?   :-X

Allow me to clarify those are not real ip addresses.  What you see is the result of badly written bots trying to spoof a ip address.  The bots are so poorly written that they are putting the wrong stuff in the wrong header location.  For example you will normally see "Keep-Alive" in the connections field of the HTTP header not the ip address.

If you want to learn more about it I suggest you study HTTP headers.  I am sorry but, I have no intension to explain what the mod is doing in detail because doing so will cause more harm than good.

All I can say is that the answer to your question is NO.  The mod can handle all known ip addresses including ipv6 (non admin).  So your forum is safe.
 :o

I was only asking!  :D

And I have over 30 pages of stuff already  :(

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,734
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #143 on: January 29, 2011, 06:29:41 PM »
Not that bad.  I had over 2,000 my first week.  I went nuts testing and retesting...   :o
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline quiz_modder

  • Jr. Member
  • **
  • Posts: 246
  • Gender: Male
    • SMF Modding
Re: Forum Firewall
« Reply #144 on: January 30, 2011, 05:49:41 AM »
Apologies, another question if you don't mind. I have an arcade script on the site which is bringing up the following

Request Entity Attack: Repeated!

GET /forum/index.php?action=arcade;sa=play;game=92 HTTP/1.1 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET4.0C; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET CLR 3.0.30729)

GET /forum/index.php?action=arcade;sa=highscore;game=92 HTTP/1.1 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET4.0C; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET CLR 3.0.30729)

Is there a way I can ignore these ones in the settings?

Thanks again.


Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,734
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #145 on: January 30, 2011, 08:16:26 AM »
If blocking is turned on they were blocked otherwise they are logged. 

A Request Entity Attack is nothing to sneeze at.  It can do bad things.   :'(

Repeated means that they caused an infraction and returned during the cache period.  I can not tell you if that was a problem or not since you need to give me the "result" from the first offense.   ???

It could be the game or the user.  The game could have nasty stuff inside it or the user could be trying to cause harm.  I would keep an eye on that game if I were you.
 8)
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline quiz_modder

  • Jr. Member
  • **
  • Posts: 246
  • Gender: Male
    • SMF Modding
Re: Forum Firewall
« Reply #146 on: January 30, 2011, 10:59:17 AM »
Yes, I only have logging on at the moment until I understand the implications a little more. So when you say I didn't give the initial results, do you mean this one?

POSTchooseGameEndProcedure: [type Function] g_fSetGameSize: [type Function] t_fLoadGameEnd: [type Function] displayMsg: [type Function] createHelp: [type Function] showHelp: [type Function] presentHelp: [type Function] createKeyboardCommand: [type Function] smoothKeyMovement: [type Function] pressKey: [type Function] generateChangeKeyControls: [type Function] saveAndLoad: [type Function] createSound: [type Function] g_fSetSoundOn: [type Function] g_fSetSoundOff: [type Function] g_fSetMusicOn: [type Function] g_fSetMusicOff: [type Function] runTimer: [type Function] trc: [type Function] g_fGetRandomValue: [type Function] TEAEncrypt: [type Function] TEADecrypt: [type Function] charsToLongs: [type Function] longsToChars: [type Function] charsToHex: [type Function] hexToChars: [type Function] charsToStr: [type Function] strToChars: [type Function] decryptParams: [type Function] tabEnabled: false tabChildren: false startX: 0 startY: 0 gameWidth: 618 gameHeight: 498 frameRate: 30 timer: 0 timeWarningAt: 5 crypto: 0 blnStartGame: false blnGameOver: false blnGameOn: true userVars: [object Object] myVariables: onLoad=%5Btype%20Function%5D puzzle_XML: xmlGameEnd: playAgain: [type Function] helpMessageNames: msgToPresent: blnWaitForKey: false keyboardCommands: smoothKeyboardCommands: waitingCommandName: numSounds: 16 soundOnBln: true musicOnBln: true g_sndGlobalSound: [object Object] soundsArray: [object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object] globalMusic: [object Object] globalSound: [object Object] clockSound: [object Object] g_A: 3423313 g_C: 2435 g_numRandomSeed: 983 globSnd: [object Object] blnFirstGame: false DBorder: [object Object] afterHit: [object Object] airBorder: [object Object] boardFall: [object Object] border: [object Object] rollSnd: [object Object] rollStart: [object Object] digBeepSound: [object Object] hitBallSound: [object Object] alarmSnd: [object Object] clickSound: [object Object] rolloverSound: [object Object] ambientLoop: [object Object] hitSound: [object Object] pulseSound: [object Object] gameoverSound: [object Object] createNewUser: [type Function] saveUserData: [type Function] loadUserData: [type Function] highestPoints: NaN newBall: [type Function] boardInit: [type Function] sqr: [type Function] roundInit: [type Function] tre: [type Function] msgX: 0 msgY: 0 g_numGameWidth: 618 g_numGameHeight: 498 bonusScores: 600 scores: 290 ballsLeft: 0 numBallsTotal: 9 ball******: 9 blnPause: false PI: 3.14159265358979 leftBorder: 109 rightBorder: 509 center: 309 trampY: 272 borderTop: 227 leftBoard: 239 rightBoard: 379 borderAngle: 1.04879579594295 borderProect: 0.501145532644875 bATang: 1.73846153846154 reflectRatio: 0.8 borderTopLeft: 226 borderTopRight: 392 leftGutter: 118 rightGutter: 252 holeRad: 30 holeRadExt: 15.5 holeRadExt2: 240.25 holeHeight: 21 leftHoleX: 249.5 rightHoleX: 368.5 topHoleY: 219.303816078334 midHoleY: 189.037409802142 bottomHoleY: 154.030482061005 circleY: 153.165133789588 circleYT: 136.016500494211 arcY: 136.016500494211 circleRad: 51 circleRad_2: 2601 arcRad: 83 arcRad_2: 6889 borderGapY: 67.4612670011503 circleGapY: 113.04320416409 ballPreviewY: 439 arrXHoles: 249.5,309,368.5,309,309 arrYHoles: 219.303816078334,219.303816078334,219.303816078334,189.037409802142,154.030482061005 arrNameHoles: ,,,,,, arrBackHoleDepths: 100,200,300,800,1000 arrFrontHoleDepths: 400,500,600,900,1100 viewHeight: 270 viewHeight_2: 72900 viewHeightDist: 646.520067800189 ballR: 10 ballR_2: 100 ballDepth: 1150 moveAngle: 1.59627926333118 viewDistStart: 287.923600977759 viewDist: 287.923600977759 dY: -56.5337004649263 dY1: -12.7142010670194 dX: -1.19799857743301 dX1: -0.531746161413689 numCalc: 1 viewCos: 0.505159772372779 distRatio: 0.343721920989708 minDistRatio: 0.28 lastCursorPosX: null lastCursorPosY: null curVelX: -7 curVelY: -113 speedRatio: 8 minVel: -32 maxVel: -70 maxSpeed: 4.4 blnSpeedRestrict: true x1: 309.009650216116 y1: 208.89958476837 z1: -71.0496245921465 vX: -0.00131217667864941 vY: -0.318780813782276 vZ: -3.83373178370822 beta: 0.815398163397448 mg: 0.54 alpha: 0.523598775598299 sinAlpha: 0.5 sinBeta: 0.727998628597419 tanBeta: 1.06187480778988 dRend: 5.27998628597419 circleH: 55.8612086435654 h: 1.0831563982682 hX: 309 hY: 219.303816078334 hObj: holeVel: 5.05329969019498 holeAccel: 1.01 blnToHole: true dPreDepth: 26.2668427778292 strState: wait blnAllowThr: true blnRoll: true maxBlinks: 4 blnRules: false blnCircles: false borderCollision: 0 maxAngle: 0.6 blnRolled: false rollIntervalId: null blnRollInterval: false highHole: -1 toHoleState: 0 blnBonus: false bonusRatio: 1 arrXPreview: undefined,536,516,500,485,471,458,442,429,416 arrScalePreview: undefined,100,91,83,78,73,69,65,62,59 previewTan: 1.5352 firstPreviewY: 472 previewScaleRatio: 1.013 bitPreviewScale: 1.0035 ledFrames: 0 snd1: [object Object] snd2: [object Object] snd3: [object Object] onEnterFrame: [type Function] onMouseDown: [type Function] onMouseUp: [type Function] onReleaseOutside: [type Function] onKeyDown: [type Function] blnRollOver: false blnEmptyThrow: false arrPreviewBalls: i: 5 ballNumber: 9 blnStars: false arrLedText: gameOver arrLedTime: 60 ballPos: [type Function] throwB: [type Function] roll: [type Function] syncAngle: [type Function] air: [type Function] board: [type Function] topCircle: [type Function] bottomCircle: [type Function] checkHoles: [type Function] toHole: [type Function] hit: [type Function] render: [type Function] rollInterval: [type Function] extCollision: [type Function] topBrdCollision: [type Function] circleBorder3D: [type Function] checkBallToHole: [type Function] internalCollision: [type Function] checkDepth: [type Function] toRollState: [type Function] holesExtCollision: [type Function] gameOver: [type Function] removeMovies: [type Function] printScores: [type Function] advancedRemove: [type Function] speedRestrict: [type Function] adRem: 314 boardCollision: 0 r: 220.651502761895 arctan: -0.32784048108803 tmp: 1 sd: 204.911342772483 blinks: 0 gameScore: 290 value1: 2 myVal1: 4 value2: 9 myVal2: 11 value3: 0 myVal3: 2 value4: NaN myVal4: NaN treID: 249 gy: false vel: 2.09514676517766 tmpVel: -3.15225105415903 dd: 6.54092014971986 arrXCoords: 313,318,317,318,318 arrYCoords: 376,429,472,482,482 gname: skeeballMT gscore: 290 /forum/index.php?act=Arcade&do=newscore HTTP/1.1 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET4.0C; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET CLR 3.0.30729)

It comes from a game called skeeballMT.swf

Offline THE BRA1N

  • Jr. Member
  • **
  • Posts: 133
  • Gender: Male
    • The Third Rail Forum
Re: Forum Firewall
« Reply #147 on: January 30, 2011, 01:29:24 PM »
I am no expert but from looking at the log it appears to me that the reason some of my members are getting DOS bans is because it is counting requests to load attached avatars on a page as simultaneous page requests.

Thus, one thread click turns into several requests in less than a second as it loads attached avatars in particular threads with multiple members using attached av's and it triggers the DOS ban. At least that is my theory. Any merit to this?

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,734
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #148 on: January 30, 2011, 01:52:50 PM »
It comes from a game called skeeballMT.swf

Information overload...   :o

Try the small column on the right.  It will tell you the key word that cause the flag.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,734
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #149 on: January 30, 2011, 01:57:09 PM »
I am no expert but from looking at the log it appears to me that the reason some of my members are getting DOS bans is because it is counting requests to load attached avatars on a page as simultaneous page requests.

I have not been able to duplicate that.   Do not know unless there is a mod doing it or the members are trying to edit avatars all the time.  I know that some of my members had a problem with the feature and I had to whitelist them.  The reason was because of their security software validating every inch of the page.  I guess you will need to set DOS to logging.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline quiz_modder

  • Jr. Member
  • **
  • Posts: 246
  • Gender: Male
    • SMF Modding
Re: Forum Firewall
« Reply #150 on: January 30, 2011, 02:56:50 PM »
It comes from a game called skeeballMT.swf

Information overload...   :o

Try the small column on the right.  It will tell you the key word that cause the flag.

Request Entity Attack: %5b!

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,734
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #151 on: January 30, 2011, 03:31:45 PM »
That code does not match the rest in the post and does not conform to internet standards.  It could be either a user or a program hack.

If I were you I would try playing the game as a non-admin test member and see if you get the error.  If you do NOT get the error then it was the user.  If you do get the error then find another skeeball game form a reputable source like ipdownloads.
« Last Edit: January 30, 2011, 05:19:02 PM by butchs »
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline quiz_modder

  • Jr. Member
  • **
  • Posts: 246
  • Gender: Male
    • SMF Modding
Re: Forum Firewall
« Reply #152 on: January 30, 2011, 04:24:36 PM »
That code doe snot match the rest in the post and does not conform to internet standards.  It could be either a user or a program hack.

If I were you I would try playing the game as a non-admin test member and see if you get the error.  If you do NOT get the error then it was the user.  If you do get the error then find another skeeball game form a reputable source like ipdownloads.

Thanks for the advice, I will give it a go.

Pretty sure I got the game from there, but will double check.

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,734
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #153 on: January 30, 2011, 05:18:13 PM »
I looked for it there and was not able to find it.   ::)
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,734
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #154 on: January 30, 2011, 07:08:12 PM »
I do not think I did.  My Avatar folder is the "attachment directory". But, I used to see many calls for "action=dlattach" from bad bots that scanned for weaknesses.  Most the time they were trying to break the caputua.  They do not visit me anymore.

This mod has some tests that you will not see elsewhere so it will catch some extra activity.  As a matter of fact when I first created this mod  I saw a whole mess of weird things going on.  You are going to see things that you never expected expressly, if you do not have much protection from your host.  Like I said I blocked 3,000+ visits a week for some time.  Bandwidth was over 8gb, now it is much less.  Much of that is gone now that I am off the spam lists.

All is well since google, and etc are visiting.  I tested this mod for over 6 months before it was released.  Now the mod caches one every now and then and I use it as a country blocker and backup for cloudflare burps.

Who knows there may be some weird configuration I did not test?
« Last Edit: January 30, 2011, 07:12:24 PM by butchs »
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,734
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #155 on: January 30, 2011, 07:25:49 PM »
I use the "Avatar_Verification" mod with 100 images which gets a bunch of "action=dlattach" calls .

I consider all input...  You are making a mountain out of a mole hill.  I provided solutions for that post.  Plain and simple, some peoples computer security software will cause DOS errors, in those cases you need to "whitelist" the members and tell them to log in before doing their thing.  If it is an issue in your region then you can turn off the DOS long term ban.  In this case, no security is lost and they will be blocked for the cache duration, then the admin can still look at the log and manually ban for longer time periods.
 8)
« Last Edit: January 30, 2011, 07:38:51 PM by butchs »
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline mutluokul

  • Semi-Newbie
  • *
  • Posts: 30
Re: Forum Firewall
« Reply #156 on: January 31, 2011, 04:59:25 PM »
Tried installing the latest version on 1.1.12 and got:

Code: [Select]
Fatal error: Call to undefined function FFCopyright() in /home/dark/public_html/forum/Sources/Load.php(1733) : eval()'d code on line 373
Haven't been able to work it out yet ...  :)

same problem happened to me. What should I do? What is the solution for this problem? thanks


no problems .. I solve them all

« Last Edit: January 31, 2011, 05:44:43 PM by mutluokul »

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,734
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #157 on: January 31, 2011, 07:05:19 PM »
Me, I'm doing nothing of the sort, I'm just saying that it might be wise not to jump to conclusions as to how things are being requested, as has been proven here - I did not know you were using the avatar verification mod... though I'm honestly surprised that it's modifying action=dlattach to serve the modified avatar images.

Everything I do is based on facts.

Is your hatred for SMF so great that now you have turned to trolling mod authors?
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,734
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #158 on: January 31, 2011, 07:07:15 PM »
no problems .. I solve them all

I am happy you fixed it.   :)
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,734
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #159 on: January 31, 2011, 07:34:28 PM »
No assumptions were made.  I started the mod over a year ago long before RC4.  This mod was programmed with RC3 & 1.1.11 in mind, then adapted.  Older SMF versions were not considered.  So image checking was done another way.  All your points will be considered.  But for now I have other priorities and other mods to update.  I will get back to it when I have time.

It is one thing to give a point of view, it is another thing to purposely taunt someone.  So I called it correctly.   Why not start on another foot and treat others as you wish to be treated.  :o
« Last Edit: January 31, 2011, 07:37:30 PM by butchs »
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.