Forum Firewall

Started by butchs, January 15, 2011, 11:00:37 AM

Previous topic - Next topic

Mastering

#980
Quote from: butchs on January 19, 2015, 07:40:16 PM
To do it I would have to describable the SMF password and check the text.  This could slow things down.  Best solution is to delete the log (Remove All) after logging in or keep your cookies.

That is standard practice to encrypt passwords at that point.  The slow down will not even be noticeable.  I'm sorry but I may uninstall your mod - but I like it a lot and you do provide a lot of support to users and I still think it is great.  However by human error I do not wish to know my admins passwords or them knowing mine. 

Quote from: butchs on January 19, 2015, 07:40:16 PMYou need to find the things before "Repeated!".  Since you are hanging out here try visiting the forum at the "Protected by: Forum Firewall © 2010-2014" link.  Tell me the date and time you visited.  If you do not get a 0.0.0.0 block at my site then it is on your end.


I did this about 5 minutes ago.  I entered Mastering as my username and my password was Password123 - I think this was my password. And obviously it didn't log me in.  Not all of the time I receive an IP address of 0.0.0.0 when I log in to my site

Edited:  visited your site between 5 and 10 minutes ago before posting this

butchs

#981
Your ip is 81.99.239.xx.  Could be others but you refused to give me the exact time (I had 180 visits in that time range).  You did not show up as 0.0.0.0 at my site.  You probably would have gained access if I did not block the UK.  The problem is on your end!

As far as other Admins GO, it is not my concern but ask around, what you are doing is not recommended by some highly regarded SMF experts other than myself.  They say there should only be 1 admin.  More than 1 is a security issue.  All others should be moderators.  Especially, if you do not trust your admins!

This mod is not for newbees.  If you want to come here and slap me around because you do not understand something or have a setting incorrect, prefer to ignore the recommendations and/ or do not want to put in effort; then please stop wasting my time.  I can only point you in a direction.  It is up to you to go there.

Your main complaint will be a mute point if you actually resolved the issue on your end I already gave advice for several posts ago.
:(
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Mastering

Even if you did allow UK how would I gained access - it is protect by a firewall

Please provide me with the recommendation from official SMF documentation not to have more than one administrator.  Having more than one administrator in any form of IT will be a risk but having more than one with people who are trustworthy is more of a benefit IMO.  I do not let anyone know any of my passwords and good security code should never have this bug, and your code is good. 

I am not a newbie when it comes to configurations.  I am not wasting your time - this topic is now 50 pages - if I ask a question which has already been asked before then this is because there is a lot to read through.  I do not understand what I need to edit to make your code work correctly - which and what text am I meant to be looking at?  As a developer you may understand your code but to others it may not be that simple even when your direction is clear to you; but they may still need a bit more of a push before they understand it. 

If this code is not for newbie why make it for a friendly GUI open source software?

As you aware I am from the UK and as it is pass my bedtime therefore I am now going to sleep.

Once again I think you have created a good mod and I am not testing you as I would like this to work for my site

dougiefresh

Quote from: butchs on January 19, 2015, 06:46:00 PM
I have well over 50,324 visits with no 0.0.0.0 IPs using Cloudflare.    dougiefresh already admitted his host is using cloudflare.  He needs to fix the"Visitor IP call to Proxy" and " Proxy Header ID" settings.
No, I didn't admit anything....  Matter of fact, I didn't realize that was what was happening.  Good to know.  Now how do I fix those settings?  I guess it's time to read the entire thread unless I find it....  (or someone posts the solution  :P )  And no, I don't understand HOW to fix those settings....  I know where they are, I know how to change them, but I don't know what to change them to....

margarett

Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

dougiefresh

 ;D Thanks, margarett!!!  You saved me a bunch of time looking for the answer!  8)

Mastering

Quote from: butchs on January 19, 2015, 07:10:39 PM
Here is an example reason:

      Bad Cookie: /CGI-BIN/VBOX_REDIRECT: Redirect!

Bad Cookie - This is where is found the issue.
Redirect - The phrase that caused the block that is located in the "XSS Events" list.

another one...

    Request Entity Attack: %2f!

Request Entity - The test.
%2f - the phrase in the "Request Entity Attacks" list.

Ok I have unchecked XSS Events and Request Entity and I am now not showing in any logs.

I however do not understand with how to edit the values in text so that I can enable the other features

Kindred

So, I was noticing a similar error to one of the previous folks (undefined variables or unknown actions with firewall activity even though the firewall had been uninstalled.)

This was on the 2.1 test installation --  and the firewall had been removed and reinstalled a number of times, sometimes by uninstall/reinstall, sometimes by a complete replacement of files.

At some point, there was some confusion apparently and the database entries, including the SCHEDULED TASKS for the firewall never got removed...  I believe this may have been the source of the errors....      So -- if you are seeing errors the continue, even after you uninstall -- confirm that the scheduled tasks relating to the firewall are deleted, or at least disabled.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

butchs

Hummm...  I believe that was fixed in the last version.

Status:  I am getting close to start work again.  I have xampp working, a text editor, files transferred, now I just need to find a debugger I like.

Quote from: Mastering on January 20, 2015, 02:06:55 PM
I however do not understand with how to edit the values in text so that I can enable the other features

In the Admin Setting Page there are text boxes with phrases sounded by "|".  Each phrase except for the first and last phrase must be surrounded by "|".  For example, if you want to remove "phrase_to_delete":

Change:
look_for_this|bad word|phrase_to_delete|last_one

by removing "phrase_to_delete|" and you will get:
look_for_this|bad word|last_one

Be careful, a typo will cause a bunch of errors in the log.

I think it is in the mods built in help when you click on the in your FF Admin page.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Mastering

Quote from: butchs on January 25, 2015, 06:23:29 PM


Quote from: Mastering on January 20, 2015, 02:06:55 PM
I however do not understand with how to edit the values in text so that I can enable the other features

In the Admin Setting Page there are text boxes with phrases sounded by "|".  Each phrase except for the first and last phrase must be surrounded by "|".  For example, if you want to remove "phrase_to_delete":

Change:
look_for_this|bad word|phrase_to_delete|last_one

by removing "phrase_to_delete|" and you will get:
look_for_this|bad word|last_one

Be careful, a typo will cause a bunch of errors in the log.

I think it is in the mods built in help when you click on the in your FF Admin page.

Many thanks butchs

I believe I have your MOD now working correctly  :)

tranhiep116



butchs

Quote from: Mastering on February 13, 2015, 07:37:28 PM

Many thanks butchs

I believe I have your MOD now working correctly  :)

Great news!
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

AZMazda3

Can someone point me in the right direction. I have searched this topic, unless my answer was typed in another language, I am not finding the answer I need.

I want to set up a country block, but can not find the way to do this. I know it uses info such as CC_deny and CC_allow but what I am not sure is if I am supposed to type this into the "Country" box under identification or is there something else?

The help window is confusing as it states "Country Codes must be entered in the format of "XX|YY" where XX and YY is the Country Code."

So I am lost at that point, I was thinking it was just type CC_deny where CC is the country code, am I wrong here?

butchs

It will not work unless your host has GeoIP or you are using a service like Couudflare.  The mod has built in help just click on the help icons!
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

AZMazda3

Quote from: butchs on June 30, 2015, 08:30:44 PM
It will not work unless your host has GeoIP or you are using a service like Couudflare.  The mod has built in help just click on the help icons!

Ok, so good to know that this does not work without GeoIP.

In regards to the help icons, if you did not read my concern below. The help icons only give me part of the answer. I am not familiar with the XX|YY format, so I require more context please. I tried to find examples but everything I could find regarding country blocks is a different format. So using your mod, are we supposed to type in countries CN|UA|RN and so on or what?

AZMazda3

Also, not even sure this mod is working, we had it installed on a much older version of SMF of which we just updgraded and reinstalled this mod. The only ip addresses showing up in the log are 0.0.0.0 and now we are getting about 1 registered member per day from countries we could care less about.

butchs

Something is not correct.  If you have cloudflare  then, you need to find and install the cloudflare mod.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

AZMazda3

Quote from: butchs on July 01, 2015, 07:43:00 PM
Something is not correct.  If you have cloudflare  then, you need to find and install the cloudflare mod.

Yes, something is wrong. The forum logs show ip, but the mod is not. So what is different?

We are not using CloudFlare, it is shared hosting on GoDaddy, a linux based server. So I'm not sure the cloudflare mod will help us.

Miker1029

Got a question guys, No I didn't read through all 50 pages, Sry, Read the Last one, I'm considering installing this on my SMF 2.0.10, I installed on Localhost (With Errors) but seemed to be ok,  And Honestly have the stuff in this mod, I don't know about...  So SHOULD I Install it LIve?


Mike

Advertisement: