Sub Menu
Links Menu
Online Users

In total there are 305 users online :: 3 registered, 0 hidden and 302 guests

Most users ever online was 1091 on Wed Aug 16, 2023 5:27 pm

Registered users: Bing [Bot], Google [Bot], Majestic-12 [Bot] based on users active over the past 60 minutes

phpBBSecurity_disallowed_referers

This is where youll find security related information.
Discuss Integramod/phpbb security issues here.

Moderator: Integra Moderator

phpBBSecurity_disallowed_referers

PostAuthor: Leadfoot » Wed Jan 30, 2008 1:13 pm

The character limit in this field is only 255. I tried to add several urls to this field and when it broke the 255 char. limit I ended up being banned from my website and when I added the one that broke the field the only letter it was able to take was the "H" in http and ended up banning all referers with an "H".

Can this field be made with no character limit? Or can it be made so that each entry is calculated seperately
Last edited by Leadfoot on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

Leadfoot
Integra Member
Integra Member
 
Posts: 131
Likes: 0 post
Liked in: 0 post
Joined: Sun Oct 01, 2006 4:02 pm
Cash on hand: 0.00

Re: phpBBSecurity_disallowed_referers

PostAuthor: CaNNon » Wed Jan 30, 2008 1:23 pm

How much of it was is the db, just the H or everything?
Last edited by CaNNon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00

Re: phpBBSecurity_disallowed_referers

PostAuthor: Leadfoot » Wed Jan 30, 2008 2:01 pm

all the ones I added where in the db. But because of the character limit when I added the last one. only the "H" in the url http... was included as character 255 and it proceeded to block everyone because of the "H"
Last edited by Leadfoot on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

Leadfoot
Integra Member
Integra Member
 
Posts: 131
Likes: 0 post
Liked in: 0 post
Joined: Sun Oct 01, 2006 4:02 pm
Cash on hand: 0.00

Re: phpBBSecurity_disallowed_referers

PostAuthor: CaNNon » Wed Jan 30, 2008 5:30 pm

I understood the how part the first time.
I was after if it had been limited in size trough db or code. Could you do one more thing go to admin and check the phpbb security version number off your forum.

1.0.3 ?
Last edited by CaNNon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00

Re: phpBBSecurity_disallowed_referers

PostAuthor: CaNNon » Wed Jan 30, 2008 6:30 pm

Unless the limit is imposed on the install, I don't see it.
I'll check in the db next.
Last edited by CaNNon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00

PostAuthor: Leadfoot » Thu Jan 31, 2008 1:32 am

Hey Cannon just got off work. Sorry if I misunderstood you. The only thing I can tell you is that if you look at that line in the db it says there is a 255 char. limit. I have done no changes to the install so I assume it is installed like that. And I am on 1.0.3

I really hope there is a way to change the character limit. Take a look at this. Almost 3000 hits in 12.5 hours from this dam one.

Referrer Host Hits First visit Last visit
http://www.ixtractor.com 2973 Wed Jan 30, 2008 5:22 pm Thu Jan 31, 2008 6:02 am
musicforum.org.ua 1354 Wed Jan 30, 2008 5:22 pm Thu Jan 31, 2008 6:03 am
Last edited by Leadfoot on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

Leadfoot
Integra Member
Integra Member
 
Posts: 131
Likes: 0 post
Liked in: 0 post
Joined: Sun Oct 01, 2006 4:02 pm
Cash on hand: 0.00

Re: phpBBSecurity_disallowed_referers

PostAuthor: CaNNon » Thu Jan 31, 2008 6:04 am

If you can see the limit in the db, can you change it there?
I asked the version because I have updated some security stuff before it's included in the package and wanted to make sure we were looking at the same versions.
Last edited by CaNNon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00

Re: phpBBSecurity_disallowed_referers

PostAuthor: Helter » Thu Jan 31, 2008 7:55 am

you should add that url to your htaccess file.
Last edited by Helter on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Always use Protection
Image


Please do not PM for support
User avatar
Helter
Administrator
Administrator
 
Posts: 4167
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Sat Mar 11, 2006 3:46 pm
Cash on hand: 172.60
Location: Seattle Wa
IntegraMOD version: IM 3

Re: phpBBSecurity_disallowed_referers

PostAuthor: Leadfoot » Thu Jan 31, 2008 10:23 am

My host has been trying to add them to the hta access file but it is not working for some reason.


--------------------------------------------------------------------------------
Hello,

I have looked into the http referer issue, and for some reason can't get the .htaccess to block it. For the the time being, please just block it with the existing .script you have. Kaumil has advised me to remind you of the 255 character limit.

See how we're making Vistapages better: http://www.vistapagesforum.com/showthread.php?t=3885

Peter Wakefield
Customer Service Manager
VistaPages, Inc.
WWW: http://www.vistapages.com
SUPPORT: http://support.vistapages.com
BILLING: http://billing.vistapages.com


http://www.vistapagesforum.com/showthread.php?t=3885

Peter Wakefield
Customer Service Manager
VistaPages, Inc.
WWW: http://www.vistapages.com
SUPPORT: http://support.vistapages.com
BILLING: http://billing.vistapages.com



I dont know if I can change the limit but I dont think so. Anyone have any ideas on how to do that..
Last edited by Leadfoot on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

Leadfoot
Integra Member
Integra Member
 
Posts: 131
Likes: 0 post
Liked in: 0 post
Joined: Sun Oct 01, 2006 4:02 pm
Cash on hand: 0.00

Re: phpBBSecurity_disallowed_referers

PostAuthor: CaNNon » Thu Jan 31, 2008 4:43 pm

"phpBBSecurity_disallowed_referers" This is the table name?
Last edited by CaNNon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00

PostAuthor: sanji » Thu Jan 31, 2008 4:52 pm

This is a serious problem...

I noticed already that the number of sites you can block is quite small. The reason is that the list of URL is stocked in the config table, and the config_value is limited to 255 characters (config_name : phpBBSecurity_disallowed_referers).

Either we can increase the size of that field, but this would be applied for all fields in the config table, or we should use this with care. As you explain, it is easy to block URL starting with "www.", too...

sanji
Last edited by sanji on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[img]http://www.secret-japan.com/forum/images/banners/fuji%20secret-japan%2088x31.gif[/img] [url=http]Secret Japan[/url] : discover Japan off the beaten tracks

sanji
Sr Integra Member
Sr Integra Member
 
Posts: 291
Likes: 0 post
Liked in: 0 post
Joined: Wed Apr 12, 2006 8:18 pm
Cash on hand: 0.00

Re: phpBBSecurity_disallowed_referers

PostAuthor: CaNNon » Thu Jan 31, 2008 5:03 pm

On my install I don't even seem to have the table... <img>
Last edited by CaNNon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00

PostAuthor: sanji » Thu Jan 31, 2008 5:38 pm

You MUST have the config table, it is the basis of the IM... search for "phpBBSecurity_disallowed_referers", it is an entry in that config table

sanji
Last edited by sanji on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[img]http://www.secret-japan.com/forum/images/banners/fuji%20secret-japan%2088x31.gif[/img] [url=http]Secret Japan[/url] : discover Japan off the beaten tracks

sanji
Sr Integra Member
Sr Integra Member
 
Posts: 291
Likes: 0 post
Liked in: 0 post
Joined: Wed Apr 12, 2006 8:18 pm
Cash on hand: 0.00

Re: phpBBSecurity_disallowed_referers

PostAuthor: CaNNon » Thu Jan 31, 2008 6:19 pm

thanks sanji you know I was thinking it should be in php_phpbbsecurity. <img>

*** edit it was a stupid idea
Last edited by CaNNon on Thu Jan 31, 2008 6:34 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00

PostAuthor: sanji » Thu Jan 31, 2008 6:34 pm

*** edit - idea removed -> comment on idea removed <img>

Clearly, either we increase the size of all fields, or we have to reprogram the way the URL are checked - adding them in a different table, for example.

sanji
Last edited by sanji on Fri Feb 01, 2008 4:26 pm, edited 1 time in total.
[img]http://www.secret-japan.com/forum/images/banners/fuji%20secret-japan%2088x31.gif[/img] [url=http]Secret Japan[/url] : discover Japan off the beaten tracks

sanji
Sr Integra Member
Sr Integra Member
 
Posts: 291
Likes: 0 post
Liked in: 0 post
Joined: Wed Apr 12, 2006 8:18 pm
Cash on hand: 0.00

Next

Return to Forum Security

Who is online

Registered users: Bing [Bot], Google [Bot], Majestic-12 [Bot]

cron