Advertisement:

Author Topic: IPv6 session errors - address not showing  (Read 229 times)

Offline Kolya

  • Full Member
  • ***
  • Posts: 412
  • systemshock.org
IPv6 session errors - address not showing
« on: January 10, 2018, 06:32:11 PM »
It started a few months ago, now I'm getting at least a dozen errors like that daily. (I obscured the domain for obvious reasons.)

https://www.test.com/index.php?topic=142.0+[PLM=0]+GET+https://www.test.com/index.php?topic=142.0+[0,26104,432]+-%3E+[N]+POST+https://www.test.com/index.php?PHPSESSID=as3rh0oaeiefqdjd0v7u9eldv3&board=15;action=post2+[0,43595,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43511,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43511,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43511,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43507,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43508,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43509,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43508,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43508,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43506,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43507,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43507,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,0,59692]
2: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'
/home/test/web/htdocs/Sources/Load.php
Line: 2543

I can't ban those guys because their IP doesn't even show up in SMF.
Is anything being done about this? I mean will you address the current immunity of IPv6 addresses in future updates?

Offline br360

  • Lead Support Specialist
  • SMF Hero
  • *
  • Posts: 2,084
    • GenXcommunity
Re: IPv6 session errors - address not showing
« Reply #1 on: January 10, 2018, 06:35:56 PM »

Offline Kolya

  • Full Member
  • ***
  • Posts: 412
  • systemshock.org
Re: IPv6 session errors - address not showing
« Reply #2 on: January 11, 2018, 10:55:31 AM »
Thanks, this is appreciated. Although I don't think this is mod territory.

Offline Illori

  • Project Manager
  • SMF Master
  • *
  • Posts: 48,369
Re: IPv6 session errors - address not showing
« Reply #3 on: January 11, 2018, 10:57:41 AM »
SMF 2.0 by default does not support ipv6, you need to use that mod.

Offline drewactual

  • Jr. Member
  • **
  • Posts: 143
    • College Football Fan Site CFB51
Re: IPv6 session errors - address not showing
« Reply #4 on: January 11, 2018, 11:16:08 AM »
something to consider is stopping them butt cold at the server by demanding they use a preferred cipher... and then choosing what ciphers are available to their browser.

Code: [Select]
ECDHE-ECDSA-AES128-GCM-SHA256
:ECDHE-ECDSA-AES256-GCM-SHA384
:ECDHE-ECDSA-AES128-SHA
:ECDHE-ECDSA-AES256-SHA
:ECDHE-ECDSA-AES128-SHA256
:ECDHE-ECDSA-AES256-SHA384
:ECDHE-RSA-AES128-GCM-SHA256
:ECDHE-RSA-AES256-GCM-SHA384
:ECDHE-RSA-AES128-SHA
:ECDHE-RSA-AES256-SHA
:ECDHE-RSA-AES128-SHA256
:ECDHE-RSA-AES256-SHA384
:DHE-RSA-AES128-GCM-SHA256
:DHE-RSA-AES256-GCM-SHA384
:DHE-RSA-AES128-SHA
:DHE-RSA-AES256-SHA
:DHE-RSA-AES128-SHA256
:DHE-RSA-AES256-SHA256

and protocol:
Code: [Select]
  SSLProtocol All -SSLv2 -SSLv3

^which prefers TLS1.2 while disallows s sslv3 which is likely your issue.

i just completed this on my server, and scored nicely on the test @ ssllabs.com

that^ list of ciphers requires a current openssl mod to apache, or a equiv depending on what system you're using.  each of those provides a secure transport (avoiding RSA altogether) ... folks making an approach to your forum requesting a session via compromised protocol will get stiff armed, and the only real drawback is some users using antiquated browsers (windows 8 w/ ie 6 for instance) will have to update their browsers to use your forum.

ip4 or 6... doesn't matter... you nail 'em down before they make it to your SMF.
https://www.cfb51.com is a College Football Fan Site, Store, and Publisher, launched in July of 2017

Online Aleksi "Lex" Kilpinen

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 15,927
  • Gender: Male
  • The Artist Formerly Known as LexArma
    • Aleksi.Kilpinen on Facebook
    • aleksi-kilpinen on LinkedIn
Re: IPv6 session errors - address not showing
« Reply #5 on: January 17, 2018, 02:57:22 PM »
Did you try the mod? Do you still need help with this?
If this is solved feel free to mark it as solved, or otherwise let us know how we could help you further :)
 
Finnish Native Language Support Specialist & Former (Lead) Support Specialist