Advertisement:

Author Topic: IPv6 session errors - address not showing  (Read 481 times)

Offline Kolya

  • Full Member
  • ***
  • Posts: 427
  • systemshock.org
IPv6 session errors - address not showing
« on: January 10, 2018, 06:32:11 PM »
It started a few months ago, now I'm getting at least a dozen errors like that daily. (I obscured the domain for obvious reasons.)

https://www.test.com/index.php?topic=142.0+[PLM=0]+GET+https://www.test.com/index.php?topic=142.0+[0,26104,432]+-%3E+[N]+POST+https://www.test.com/index.php?PHPSESSID=as3rh0oaeiefqdjd0v7u9eldv3&board=15;action=post2+[0,43595,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43511,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43511,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43511,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43507,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43508,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43509,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43508,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43508,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43506,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43507,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43507,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,0,59692]
2: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'
/home/test/web/htdocs/Sources/Load.php
Line: 2543

I can't ban those guys because their IP doesn't even show up in SMF.
Is anything being done about this? I mean will you address the current immunity of IPv6 addresses in future updates?

Offline br360

  • Support Specialist
  • SMF Hero
  • *
  • Posts: 2,233
    • GenXcommunity
Re: IPv6 session errors - address not showing
« Reply #1 on: January 10, 2018, 06:35:56 PM »

Offline Kolya

  • Full Member
  • ***
  • Posts: 427
  • systemshock.org
Re: IPv6 session errors - address not showing
« Reply #2 on: January 11, 2018, 10:55:31 AM »
Thanks, this is appreciated. Although I don't think this is mod territory.

Offline Illori

  • Project Manager
  • SMF Master
  • *
  • Posts: 49,849
Re: IPv6 session errors - address not showing
« Reply #3 on: January 11, 2018, 10:57:41 AM »
SMF 2.0 by default does not support ipv6, you need to use that mod.

Offline drewactual

  • Jr. Member
  • **
  • Posts: 311
    • College Football Fan Site CFB51
Re: IPv6 session errors - address not showing
« Reply #4 on: January 11, 2018, 11:16:08 AM »
something to consider is stopping them butt cold at the server by demanding they use a preferred cipher... and then choosing what ciphers are available to their browser.

Code: [Select]
ECDHE-ECDSA-AES128-GCM-SHA256
:ECDHE-ECDSA-AES256-GCM-SHA384
:ECDHE-ECDSA-AES128-SHA
:ECDHE-ECDSA-AES256-SHA
:ECDHE-ECDSA-AES128-SHA256
:ECDHE-ECDSA-AES256-SHA384
:ECDHE-RSA-AES128-GCM-SHA256
:ECDHE-RSA-AES256-GCM-SHA384
:ECDHE-RSA-AES128-SHA
:ECDHE-RSA-AES256-SHA
:ECDHE-RSA-AES128-SHA256
:ECDHE-RSA-AES256-SHA384
:DHE-RSA-AES128-GCM-SHA256
:DHE-RSA-AES256-GCM-SHA384
:DHE-RSA-AES128-SHA
:DHE-RSA-AES256-SHA
:DHE-RSA-AES128-SHA256
:DHE-RSA-AES256-SHA256

and protocol:
Code: [Select]
  SSLProtocol All -SSLv2 -SSLv3

^which prefers TLS1.2 while disallows s sslv3 which is likely your issue.

i just completed this on my server, and scored nicely on the test @ ssllabs.com

that^ list of ciphers requires a current openssl mod to apache, or a equiv depending on what system you're using.  each of those provides a secure transport (avoiding RSA altogether) ... folks making an approach to your forum requesting a session via compromised protocol will get stiff armed, and the only real drawback is some users using antiquated browsers (windows 8 w/ ie 6 for instance) will have to update their browsers to use your forum.

ip4 or 6... doesn't matter... you nail 'em down before they make it to your SMF.
https://www.cfb51.com is a College Football Fan Site, Store, and Publisher, launched in July of 2017

Offline Aleksi "Lex" Kilpinen

  • A Peculiar Finn
  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 17,401
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • aleksi-kilpinen on LinkedIn
Re: IPv6 session errors - address not showing
« Reply #5 on: January 17, 2018, 02:57:22 PM »
Did you try the mod? Do you still need help with this?
If this is solved feel free to mark it as solved, or otherwise let us know how we could help you further :)
 
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.

How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Offline Kolya

  • Full Member
  • ***
  • Posts: 427
  • systemshock.org
Re: IPv6 session errors - address not showing
« Reply #6 on: February 01, 2018, 04:58:01 PM »
I tried the mod now. First I had to get it of their GitHub because the GZ archive here doesn't install: https://custom.simplemachines.org/mods/index.php?mod=3051
All tests were successful so I went ahead but right after I found errors in the log:

Code: [Select]
https://www.blah.com/index.php?action=admin;area=packages;sa=install2;package=smfmod_ipv6-master.zip;pid=0Apply
mysqli_fetch_assoc(): Couldn't fetch mysqli_result
/Packages/temp/database_install.php
Line: 64

https://www.blah.com/index.php?action=admin;area=packages;sa=install2;package=smfmod_ipv6-master.zip;pid=0
Missing argument 3 for smf_db_change_column(), called in /Packages/temp/database_install.php on line 49 and defined
/Sources/DbPackages-mysql.php
Line: 285


https://www.blah.com/index.php?action=admin;area=packages;sa=install2;package=smfmod_ipv6-master.zip;pid=0
Missing argument 3 for smf_db_change_column(), called in /Packages/temp/database_install.php on line 49 and defined
/Sources/DbPackages-mysql.php
Line: 285

That looks like a botched install to me.

I think I'll wait for SMF 2.1