SMF Support > SMF 2.0.x Support

IPv6 session errors - address not showing

(1/2) > >>

Kolya:
It started a few months ago, now I'm getting at least a dozen errors like that daily. (I obscured the domain for obvious reasons.)

https://www.test.com/index.php?topic=142.0+[PLM=0]+GET+https://www.test.com/index.php?topic=142.0+[0,26104,432]+-%3E+[N]+POST+https://www.test.com/index.php?PHPSESSID=as3rh0oaeiefqdjd0v7u9eldv3&board=15;action=post2+[0,43595,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43511,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43511,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43511,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43507,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43508,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43509,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43508,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43508,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43506,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43507,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43507,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,0,59692]
2: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'
/home/test/web/htdocs/Sources/Load.php
Line: 2543

I can't ban those guys because their IP doesn't even show up in SMF.
Is anything being done about this? I mean will you address the current immunity of IPv6 addresses in future updates?

br360:
Take a look at this mod- https://custom.simplemachines.org/mods/index.php?mod=3051

Kolya:
Thanks, this is appreciated. Although I don't think this is mod territory.

Illori:
SMF 2.0 by default does not support ipv6, you need to use that mod.

drewactual:
something to consider is stopping them butt cold at the server by demanding they use a preferred cipher... and then choosing what ciphers are available to their browser.


--- Code: ---ECDHE-ECDSA-AES128-GCM-SHA256
:ECDHE-ECDSA-AES256-GCM-SHA384
:ECDHE-ECDSA-AES128-SHA
:ECDHE-ECDSA-AES256-SHA
:ECDHE-ECDSA-AES128-SHA256
:ECDHE-ECDSA-AES256-SHA384
:ECDHE-RSA-AES128-GCM-SHA256
:ECDHE-RSA-AES256-GCM-SHA384
:ECDHE-RSA-AES128-SHA
:ECDHE-RSA-AES256-SHA
:ECDHE-RSA-AES128-SHA256
:ECDHE-RSA-AES256-SHA384
:DHE-RSA-AES128-GCM-SHA256
:DHE-RSA-AES256-GCM-SHA384
:DHE-RSA-AES128-SHA
:DHE-RSA-AES256-SHA
:DHE-RSA-AES128-SHA256
:DHE-RSA-AES256-SHA256
--- End code ---

and protocol:

--- Code: ---  SSLProtocol All -SSLv2 -SSLv3

--- End code ---

^which prefers TLS1.2 while disallows s sslv3 which is likely your issue.

i just completed this on my server, and scored nicely on the test @ ssllabs.com

that^ list of ciphers requires a current openssl mod to apache, or a equiv depending on what system you're using.  each of those provides a secure transport (avoiding RSA altogether) ... folks making an approach to your forum requesting a session via compromised protocol will get stiff armed, and the only real drawback is some users using antiquated browsers (windows 8 w/ ie 6 for instance) will have to update their browsers to use your forum.

ip4 or 6... doesn't matter... you nail 'em down before they make it to your SMF.

Navigation

[0] Message Index

[#] Next page

Go to full version