Read the blogs!
Started by butchs, January 15, 2011, 11:00:37 AM
Quote from: ljunatic on February 13, 2011, 08:32:26 PMI see the update for 1.1.13 is out. THANKS! Should I uninstall and reinstall to get the upgrade?
Quote from: MCK on February 14, 2011, 12:55:31 AMSeeing some new type of attacks in my logs that I didn't see before. In case this is of interest. Request Entity Attack: base64_decode!
Quote from: lethal-danger on February 14, 2011, 10:52:47 AMThe firewall mod seemed to download and install, but the admin tabs aren't displaying, and the option screen seems to be incomplete. I am using smf 1.1.13
Quote from: Bigguy on February 14, 2011, 03:33:38 PMQuote from: ljunatic on February 13, 2011, 08:32:26 PMI see the update for 1.1.13 is out. THANKS! Should I uninstall and reinstall to get the upgrade?Yes I think it would be a good idea.
Quote from: ExWizzard on February 17, 2011, 12:00:00 PMCan you please explain "Proxy bypass protection" a bit more? i got over 35000 log entrys in a few hours after enabling this :/
Quote from: DarkBlizz on February 17, 2011, 07:31:33 AMAnyone verify if 220.127.116.11 is an authentic google bot IP and not some spoof...(edit: Yep looks like its the correct user-agent, currently that IP is browsing forum without being banned )
Quote from: DarkBlizz on February 17, 2011, 07:31:33 AMAlso a suggestion for the EMail notification; if it could also include in the email msg the ID/IP, so one could go back to the Visitor Log and easily look it up. )
Quote from: butchs on February 17, 2011, 07:11:30 PMQuote from: ExWizzard on February 17, 2011, 12:00:00 PMCan you please explain "Proxy bypass protection" a bit more? i got over 35000 log entrys in a few hours after enabling this :/Uncheck "Enable Bypass Protection", I bet it is set incorrectly. make sure "Block Violations" is not checked until you work out the bugs in your settings.
action=register22: htmlspecialchars() expects parameter 1 to be string, array givenFile: /Sources/Subs-ForumFirewall.phpLine: 1044
Quote from: owg on February 18, 2011, 12:58:01 AMHi butchs, great mod!I've been running FF for a few days in log mode, and just now turned it to block mode. The log was full of mostly invalid IPs, and a few DOS reports (that were actually members). Almost immediately one of my global moderators reported that he received the 403 error page - I asked his IP and it was not in the log, but there were lots of IPs in the 10.*.*.* ranges. I assume that one of his is one of those, but if he is using a proxy, it is a legitimate corporate proxy. I know very little about security, most of this is new to me. Is there a way I can find the identity of the proxy, or is there a way to pass certain invalid IPs through?One other thing - I see an invalid IP 127.0.0.1 in the log - sorry for my ignorance - do I need to worry about the localhost IP?Thanks!
Quote from: butchs on February 18, 2011, 08:20:10 PMIf you do not know his ip or when he was there how could I help you? As I stated in earlier posts proxys can be compromised.Well... The mod only inspects traffic to your site so localhost should never be seen unless you have your server in your bed room. Traffic between SMF and the DB is not watched with this mod.If you want invalid ips to pass then turn off the ip check.