IPv6 session errors - address not showing

Started by Kolya, January 10, 2018, 06:32:11 PM

Previous topic - Next topic

Kolya

It started a few months ago, now I'm getting at least a dozen errors like that daily. (I obscured the domain for obvious reasons.)

https://www.test.com/index.php?topic=142.0+[PLM=0]+GET+https://www.test.com/index.php?topic=142.0+[0,26104,432]+-%3E+[N]+POST+https://www.test.com/index.php?PHPSESSID=as3rh0oaeiefqdjd0v7u9eldv3&board=15;action=post2+[0,43595,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43511,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43511,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43511,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43507,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43508,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43509,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43508,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43508,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43506,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43507,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,43507,432]+-%3E+[N]+POST+https://www.test.com/index.php?action=post2;start=0;board=15+[0,0,59692]
2: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'
/home/test/web/htdocs/Sources/Load.php
Line: 2543

I can't ban those guys because their IP doesn't even show up in SMF.
Is anything being done about this? I mean will you address the current immunity of IPv6 addresses in future updates?


Kolya

Thanks, this is appreciated. Although I don't think this is mod territory.

Illori

SMF 2.0 by default does not support ipv6, you need to use that mod.

drewactual

something to consider is stopping them butt cold at the server by demanding they use a preferred cipher... and then choosing what ciphers are available to their browser.

ECDHE-ECDSA-AES128-GCM-SHA256
:ECDHE-ECDSA-AES256-GCM-SHA384
:ECDHE-ECDSA-AES128-SHA
:ECDHE-ECDSA-AES256-SHA
:ECDHE-ECDSA-AES128-SHA256
:ECDHE-ECDSA-AES256-SHA384
:ECDHE-RSA-AES128-GCM-SHA256
:ECDHE-RSA-AES256-GCM-SHA384
:ECDHE-RSA-AES128-SHA
:ECDHE-RSA-AES256-SHA
:ECDHE-RSA-AES128-SHA256
:ECDHE-RSA-AES256-SHA384
:DHE-RSA-AES128-GCM-SHA256
:DHE-RSA-AES256-GCM-SHA384
:DHE-RSA-AES128-SHA
:DHE-RSA-AES256-SHA
:DHE-RSA-AES128-SHA256
:DHE-RSA-AES256-SHA256


and protocol:
  SSLProtocol All -SSLv2 -SSLv3


^which prefers TLS1.2 while disallows s sslv3 which is likely your issue.

i just completed this on my server, and scored nicely on the test @ ssllabs.com

that^ list of ciphers requires a current openssl mod to apache, or a equiv depending on what system you're using.  each of those provides a secure transport (avoiding RSA altogether) ... folks making an approach to your forum requesting a session via compromised protocol will get stiff armed, and the only real drawback is some users using antiquated browsers (windows 8 w/ ie 6 for instance) will have to update their browsers to use your forum.

ip4 or 6... doesn't matter... you nail 'em down before they make it to your SMF.

Aleksi "Lex" Kilpinen

Did you try the mod? Do you still need help with this?
If this is solved feel free to mark it as solved, or otherwise let us know how we could help you further :)

Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Kolya

I tried the mod now. First I had to get it of their GitHub because the GZ archive here doesn't install: https://custom.simplemachines.org/mods/index.php?mod=3051
All tests were successful so I went ahead but right after I found errors in the log:

https://www.blah.com/index.php?action=admin;area=packages;sa=install2;package=smfmod_ipv6-master.zip;pid=0Apply
mysqli_fetch_assoc(): Couldn't fetch mysqli_result
/Packages/temp/database_install.php
Line: 64

https://www.blah.com/index.php?action=admin;area=packages;sa=install2;package=smfmod_ipv6-master.zip;pid=0
Missing argument 3 for smf_db_change_column(), called in /Packages/temp/database_install.php on line 49 and defined
/Sources/DbPackages-mysql.php
Line: 285


https://www.blah.com/index.php?action=admin;area=packages;sa=install2;package=smfmod_ipv6-master.zip;pid=0
Missing argument 3 for smf_db_change_column(), called in /Packages/temp/database_install.php on line 49 and defined
/Sources/DbPackages-mysql.php
Line: 285


That looks like a botched install to me.

I think I'll wait for SMF 2.1

Advertisement: