Advertisement:

Author Topic: Your attachment has failed security checks and cannot be uploaded (SMF 2.0.14)  (Read 1162 times)

Offline Frankenstien

  • Newbie
  • *
  • Posts: 5
Hey all ... I'm new at this forum and am not a forum mod or admin ... however, because I hate doing things twice unnecessarily, I thought I'd search the Subject topic here and see what I could learn ... unfortunately, the latest thread to deal with this topic tends to employ forum s/w terminology and concepts I am unfamiliar with.

I am a member at 'forum.w116.org' and lost an elaborate technical post (and attachments - due to the attachments) on Monday, 10JUL17, because SMF 2.0.14 does not employ any sort of Auto-Save functionality ... a feature I have come to expect from most of the forums I participate in ... quite often I will take the precaution of capturing and saving a long post in a text editor (in case of being logged out, ect.), this time I did not ...

From what I read, the causes of the Subject error (in my particular case) are likely not worth me pursuing.

However, perhaps someone here can comment on why SMF has no Auto-Save functionality, and, would there be any way of recovering the textual content of my lost post in my Firefox 54.0.1 (64-bit) browser's cache?  I still have the error tab live but pushing the Back button returned me to a blank Reply template ... any help along these lines would be appreciated.

Thanks, FFF


Offline Sir Osis of Liver

  • SMF Hero
  • ******
  • Posts: 7,941
  • 'Tis the gift to be simple (duh)
Unfortunately, there's no way to recover the post text.  There are several reasons why an attachment may be rejected, most likely cause is described in the topic you linked.  There is an admin option in attachment settings to 'Perform extensive security checks on uploaded image attachments' which is disabled by default.  If enabled, it can cause attachments to be blocked -

Selecting this option will enable very strict security checks on image attachments. Warning! These extensive checks can fail on valid images too. It is strongly recommended to only use this option together with image re-encoding, in order to have SMF try to resample the images which fail the security checks: if successful, they will be sanitized and uploaded. Otherwise, if image re-encoding is not enabled, all attachments failing checks will be rejected.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 68,806
    • Arantor on GitHub
Because when 2.0.0 finally came out in 2011, it wasn't actually a common feature across forum platforms, and versions 2.0.1 through 2.0.14 don't add new features, only bug fixes. The new version, 2.1, does have auto save, though 2.1 isn't finished yet - and there are multiple add-ons for 2.0 that provide it in the meantime.

I doubt there is any way to recover it from your cache at this point; if you had literally hit the back button at the time, it might have been possible to recover though Firefox has historically been pretty poor about that too.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

Offline Frankenstien

  • Newbie
  • *
  • Posts: 5
Thank you for the Replies ... I understand ... I'll upload the error screenshot anyways (in case it offers a clue as to whether the admin option in attachment settings to 'Perform extensive security checks on uploaded image attachments' has been enabled [contrary to the default setting] at forum.w116.org) ... although ... otherwise ... you folks seem to have this issue all dialed in.

Regards, FFF

Offline Frankenstien

  • Newbie
  • *
  • Posts: 5
Arantor ... I was going to add to my last that re: the loss of the textual content of my posting attempt, I did immediately click on the embedded 'Back' link in the error dialog page ... perhaps I should have tried using the Ff browser's 'Go backwards one page ... ' arrow instead?

FFF

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 68,806
    • Arantor on GitHub
Yup, if you had used the browser back button, it might have been salvageable, but historically Firefox has generally taken the view that 'privacy' is more important than convenience about form submission data... there's no guarantees whatsoever where FF is concerned.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

Offline Frankenstien

  • Newbie
  • *
  • Posts: 5
Thanks Arantor ... I've pointed the forum.w116.org Admins to this thread ... we'll see if, and then what they have to say about the forum Admin attachments option setting they are currently using.

FFF

Offline landyvlad

  • Full Member
  • ***
  • Posts: 578
    • Michael Reed on Facebook
    • GSX1400 Owners ORG
This seems to be the most recent thread on the topic..

has there been any advance on this issue?

My members have been experiencing an increased number of these "failed security checks" errors recently.
Please do not PM, IM or Email me with questions on astrophysics or theology.  You will get better and faster responses by asking homeless people in the street. Thank you.

Offline Frankenstien

  • Newbie
  • *
  • Posts: 5
No ... I gave up on all concerned / involved at forum.w116.org long ago.  There was no follow-through by the admnistrators there on this issue that I raised.

FYI - my content thread there: hxxp:forum.w116.org/mechanicals/73-280sel-(116-025)-clutch-master-cylinder-r-r-unique-hose-fitting-top-front/new/?topicseen#new [nonactive]

landyvlad ... you may have more success with the folks here at simplemachines.org in t/s your current issues ...

Offline shawnb61

  • Support Specialist
  • Sr. Member
  • *
  • Posts: 824
    • sbulen on GitHub
I'm a photographer, & this drove me nuts...

This was addressed in 2.1.   If you're brave, you could apply the same fix in 2.0.

Issue:
https://github.com/SimpleMachines/SMF2.1/issues/3928

PR:
https://github.com/SimpleMachines/SMF2.1/pull/3961

I don't think there are plans to port this back to 2.0.x.

I believe the reason you are seeing more of them is simply that photos are getting bigger, and the odds of matching the suspect text in random-ish pixel data are increasing.
Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp

Offline kfoster17

  • Newbie
  • *
  • Posts: 4
I believe the reason you are seeing more of them is simply that photos are getting bigger, and the odds of matching the suspect text in random-ish pixel data are increasing.

The users on my forum have always been required to resize pics - so they know better than to try big pics. So that's not the problem in my case at least.

This seems to be the most recent thread on the topic..

has there been any advance on this issue?

My members have been experiencing an increased number of these "failed security checks" errors recently.

Same here. Starting about 2 weeks ago. I'm now getting several PMs a day with people unable to post pics. No changes to forum at all. Using 2.0.15.

Wonder if there was an update to iphones/androids camera app recently? It's affecting users that have both types of phones.

And also using various types of photo editing software to resize pics. I haven't been able to find a common scenario - it's all types of phones and software being used.


Offline shawnb61

  • Support Specialist
  • Sr. Member
  • *
  • Posts: 824
    • sbulen on GitHub
Have you tried the fix ID'd above?

Just take one of the pics that fails & do a simple A/B test.  If you need test pics, I have plenty.  The fix above works.
Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp

Offline kfoster17

  • Newbie
  • *
  • Posts: 4
Have you tried the fix ID'd above?

Just take one of the pics that fails & do a simple A/B test.  If you need test pics, I have plenty.  The fix above works.

No - the text 'If you're brave, you could apply the same fix in 2.0.' kept me from trying it.

I do have 'perform extensive security checks' turned on and might try turning it off. I guess the 'Re-encode potentially dangerous image attachments' would be good enough.
 
LOL - Not sure though - this is pretty complicated and haven't decided if I want a secure forum with users complaining about not able to post pics or a less secure forum and posting pics easy. Hard decision since I don't know much about malicious pics. I've read numerous links above and am just as confused as when I started researching this.

Offline shawnb61

  • Support Specialist
  • Sr. Member
  • *
  • Posts: 824
    • sbulen on GitHub
A good start would be to turn off the extensive security checks.  You should see a dramatic improvement.

But you will still get plenty of false positives until applying the edit outlined in the PR - in addition to disabling the extensive checks.

Those security edits are quite old and outdated, and don't really apply anymore.  You should only use them if you have serious doubts about your host's security config.

Hope this helps,

Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp

Offline landyvlad

  • Full Member
  • ***
  • Posts: 578
    • Michael Reed on Facebook
    • GSX1400 Owners ORG
But you will still get plenty of false positives until applying the edit outlined in the PR - in addition to disabling the extensive checks.

I had a look at that link and can't see what to actually do ! :)

(as in what to delete/change/replace etc)

Little help?
Please do not PM, IM or Email me with questions on astrophysics or theology.  You will get better and faster responses by asking homeless people in the street. Thank you.

Online Aleksi "Lex" Kilpinen

  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 17,088
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • aleksi-kilpinen on LinkedIn
I do have 'perform extensive security checks' turned on and might try turning it off. I guess the 'Re-encode potentially dangerous image attachments' would be good enough.
The extensive security checks are known to cause false positives.
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.

How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas