I remember (about 2 years ago) there was (according to Sam) a forced phpBB update from the provider and suddenly the "real names" were gone, the poll option suddenly did not work any longer. Isn't that exactly the time the 403-forbidden problem showed up? You as one of the first victims probably will remember?PK wrote: ↑Tue Sep 07, 2021 11:36 amI didn't read PHP for ages, but this snippet does not contain information how $user and all its fields are filled. The inner if clause depends on these variables. Also, it seems that code is blocking access for users who are *not* ANONYMOUS, whatever it means and wherever it is set.
Task force TalkChess access
Moderators: hgm, Rebel, chrisw
-
- Posts: 7025
- Joined: Thu Aug 18, 2011 12:04 pm
- Full name: Ed Schröder
Re: Task force TalkChess access
90% of coding is debugging, the other 10% is writing bugs.
-
- Posts: 895
- Joined: Mon Jan 15, 2007 11:23 am
- Location: Warsza
Re: Task force TalkChess access
could pHpBB update force change or update of auth module via some dependency? BTW I updated my last post, mentioning auth and linking to one of its multiple versions.
As for polls, I vaguely recall some problems with them just before I got blocked. To be more precise, there was a short-term block, lasting about a week, later it was lifted, and later still it became permanent.
As for polls, I vaguely recall some problems with them just before I got blocked. To be more precise, there was a short-term block, lasting about a week, later it was lifted, and later still it became permanent.
Pawel Koziol
http://www.pkoziol.cal24.pl/rodent/rodent.htm
http://www.pkoziol.cal24.pl/rodent/rodent.htm
-
- Posts: 7025
- Joined: Thu Aug 18, 2011 12:04 pm
- Full name: Ed Schröder
Re: Task force TalkChess access
So it's not completely unlikely the 403-forbidden problem is linked to the phpBB update.PK wrote: ↑Tue Sep 07, 2021 12:04 pm could pHpBB update force change or update of auth module via some dependency? BTW I updated my last post, mentioning auth and linking to one of its multiple versions.
As for polls, I vaguely recall some problems with them just before I got blocked. To be more precise, there was a short-term block, lasting about a week, later it was lifted, and later still it became permanent.
I also found a virus on the server, removing it did not solve the problem but (and that's speculation) the damage could have already be done and can't be undone.
90% of coding is debugging, the other 10% is writing bugs.
-
- Posts: 2692
- Joined: Wed Mar 10, 2010 10:18 pm
- Location: Hamburg, Germany
- Full name: Srdja Matovic
Re: Task force TalkChess access
At first we should clarify, is there IP blocking going on (what kind of error) or are there 403 http errors? As mentioned in another thread, 403 is thrown by the webserver resp. the web-application. Second you should check if the .php files from TC host are identical to the official version from phpBB (via diff) or if there are custom made changes. Different kind of apps may have different kind of ways to deal with simple flood-attacks via some kind of lists. I can read PHP and SQL, some interesting parts happen in the file session.php, there are several blockings going on, limit_load, check_dnsbl and check_ban. If you tell me the version of current TC phpBB I will download the official version and take a closer look how the 403 error might be triggered by phpBB. The TC admin can take a look in the forum backend if there is some kind of load-limit, ip-blacklisting or ip-user-ban set. A simple explanation would be that block by ip is activated but the system can not handle IPv6 and all users with IPv6 get an 403, just a first guess...
--
Srdja
-
- Posts: 7025
- Joined: Thu Aug 18, 2011 12:04 pm
- Full name: Ed Schröder
Re: Task force TalkChess access
The version is : phpBB 3.2.x
I went to the phpBB forum and searched for 403 - forbidden. Most of the time it is related to the : mod_security settings.
Useful readings -
https://www.phpbb.com/community/viewtopic.php?t=2547341
https://www.phpbb.com/community/viewtopic.php?t=2475811
I went to the phpBB forum and searched for 403 - forbidden. Most of the time it is related to the : mod_security settings.
Useful readings -
https://www.phpbb.com/community/viewtopic.php?t=2547341
https://www.phpbb.com/community/viewtopic.php?t=2475811
90% of coding is debugging, the other 10% is writing bugs.
-
- Posts: 1632
- Joined: Tue Aug 21, 2018 7:52 pm
- Full name: Dietrich Kappe
Re: Task force TalkChess access
Just a word of warning: make sure to secure this server as the bots searching for and exploiting WordPress, phpbb, etc., is pretty much nonstop and on a massive scale. You can expect an attack within seconds of setting it up.Rebel wrote: ↑Tue Sep 07, 2021 4:52 pm The version is : phpBB 3.2.x
I went to the phpBB forum and searched for 403 - forbidden. Most of the time it is related to the : mod_security settings.
Useful readings -
https://www.phpbb.com/community/viewtopic.php?t=2547341
https://www.phpbb.com/community/viewtopic.php?t=2475811
Fat Titz by Stockfish, the engine with the bodaciously big net. Remember: size matters. If you want to learn more about this engine just google for "Fat Titz".
-
- Posts: 27837
- Joined: Fri Mar 10, 2006 10:06 am
- Location: Amsterdam
- Full name: H G Muller
-
- Posts: 7025
- Joined: Thu Aug 18, 2011 12:04 pm
- Full name: Ed Schröder
Re: Task force TalkChess access
With secure server you mean SSL and https ? That's on the to-do-list.dkappe wrote: ↑Tue Sep 07, 2021 5:11 pmJust a word of warning: make sure to secure this server as the bots searching for and exploiting WordPress, phpbb, etc., is pretty much nonstop and on a massive scale. You can expect an attack within seconds of setting it up.Rebel wrote: ↑Tue Sep 07, 2021 4:52 pm The version is : phpBB 3.2.x
I went to the phpBB forum and searched for 403 - forbidden. Most of the time it is related to the : mod_security settings.
Useful readings -
https://www.phpbb.com/community/viewtopic.php?t=2547341
https://www.phpbb.com/community/viewtopic.php?t=2475811
The main important thing is that we secured the database.
90% of coding is debugging, the other 10% is writing bugs.
-
- Posts: 1632
- Joined: Tue Aug 21, 2018 7:52 pm
- Full name: Dietrich Kappe
Re: Task force TalkChess access
https://geekflare.com/cloud-waf-to-stop ... e-attacks/Rebel wrote: ↑Tue Sep 07, 2021 6:28 pmWith secure server you mean SSL and https ? That's on the to-do-list.dkappe wrote: ↑Tue Sep 07, 2021 5:11 pmRebel wrote: ↑Tue Sep 07, 2021 4:52 pm The version is : phpBB 3.2.x
I went to the phpBB forum and searched for 403 - forbidden. Most of the time it is related to the : mod_security settings.
Useful readings -
https://www.phpbb.com/community/viewtopic.php?t=2547341
https://www.phpbb.com/community/viewtopic.php?t=2475811
Just a word of warning: make sure to secure this server as the bots searching for and exploiting WordPress, phpbb, etc., is pretty much nonstop and on a massive scale. You can expect an attack within seconds of setting it up.
The main important thing is that we secured the database.
Fat Titz by Stockfish, the engine with the bodaciously big net. Remember: size matters. If you want to learn more about this engine just google for "Fat Titz".
-
- Posts: 2692
- Joined: Wed Mar 10, 2010 10:18 pm
- Location: Hamburg, Germany
- Full name: Srdja Matovic
Re: Task force TalkChess access
I am not sure on this, AFAIK mod_security is not installed by default and should be a primary matter of shared hosting systems, webspaces from ISPs, and it affects only some users. If it is installed you can disable it for all sites via:Rebel wrote: ↑Tue Sep 07, 2021 4:52 pm The version is : phpBB 3.2.x
I went to the phpBB forum and searched for 403 - forbidden. Most of the time it is related to the : mod_security settings.
Useful readings -
https://www.phpbb.com/community/viewtopic.php?t=2547341
https://www.phpbb.com/community/viewtopic.php?t=2475811
Code: Select all
sudo a2dismod mod-security2
sudo apache2ctl restart
Code: Select all
sudo a2enmod mod-security2
sudo apache2ctl restart
--
Srdja