Task force TalkChess access

[Rebel]

This is an example I found in the viewforum.php

I didn't read PHP for ages, but this snippet does not contain information how $user and all its fields are filled. The inner if clause depends on these variables. Also, it seems that code is blocking access for users who are *not* ANONYMOUS, whatever it means and wherever it is set.

I remember (about 2 years ago) there was (according to Sam) a forced phpBB update from the provider and suddenly the "real names" were gone, the poll option suddenly did not work any longer. Isn't that exactly the time the 403-forbidden problem showed up? You as one of the first victims probably will remember?

[PK]

could pHpBB update force change or update of auth module via some dependency? BTW I updated my last post, mentioning auth and linking to one of its multiple versions.

As for polls, I vaguely recall some problems with them just before I got blocked. To be more precise, there was a short-term block, lasting about a week, later it was lifted, and later still it became permanent.

[Rebel]

could pHpBB update force change or update of auth module via some dependency? BTW I updated my last post, mentioning auth and linking to one of its multiple versions.

As for polls, I vaguely recall some problems with them just before I got blocked. To be more precise, there was a short-term block, lasting about a week, later it was lifted, and later still it became permanent.

So it's not completely unlikely the 403-forbidden problem is linked to the phpBB update.

I also found a virus on the server, removing it did not solve the problem but (and that's speculation) the damage could have already be done and can't be undone.

[smatovic]

Srdja, do you understand PHP?

This is an example I found in the viewforum.php

...

Note the notorious 403 - Forbidden

This type of code is also found in other crucial php files.

At first we should clarify, is there IP blocking going on (what kind of error) or are there 403 http errors? As mentioned in another thread, 403 is thrown by the webserver resp. the web-application. Second you should check if the .php files from TC host are identical to the official version from phpBB (via diff) or if there are custom made changes. Different kind of apps may have different kind of ways to deal with simple flood-attacks via some kind of lists. I can read PHP and SQL, some interesting parts happen in the file session.php, there are several blockings going on, limit_load, check_dnsbl and check_ban. If you tell me the version of current TC phpBB I will download the official version and take a closer look how the 403 error might be triggered by phpBB. The TC admin can take a look in the forum backend if there is some kind of load-limit, ip-blacklisting or ip-user-ban set. A simple explanation would be that block by ip is activated but the system can not handle IPv6 and all users with IPv6 get an 403, just a first guess...

--
Srdja

[Rebel]

The version is : phpBB 3.2.x

I went to the phpBB forum and searched for 403 - forbidden. Most of the time it is related to the : mod_security settings.

Useful readings -

https://www.phpbb.com/community/viewtopic.php?t=2547341

https://www.phpbb.com/community/viewtopic.php?t=2475811

[dkappe]

The version is : phpBB 3.2.x

I went to the phpBB forum and searched for 403 - forbidden. Most of the time it is related to the : mod_security settings.

Useful readings -

https://www.phpbb.com/community/viewtopic.php?t=2547341

https://www.phpbb.com/community/viewtopic.php?t=2475811

Just a word of warning: make sure to secure this server as the bots searching for and exploiting WordPress, phpbb, etc., is pretty much nonstop and on a massive scale. You can expect an attack within seconds of setting it up.

[hgm]

Just a word of warning: make sure to secure this server as the bots searching for and exploiting WordPress, phpbb, etc., is pretty much nonstop and on a massive scale. You can expect an attack within seconds of setting it up.

I have no idea how to do that.

[Rebel]

The version is : phpBB 3.2.x

I went to the phpBB forum and searched for 403 - forbidden. Most of the time it is related to the : mod_security settings.

Useful readings -

https://www.phpbb.com/community/viewtopic.php?t=2547341

https://www.phpbb.com/community/viewtopic.php?t=2475811

Just a word of warning: make sure to secure this server as the bots searching for and exploiting WordPress, phpbb, etc., is pretty much nonstop and on a massive scale. You can expect an attack within seconds of setting it up.

With secure server you mean SSL and https ? That's on the to-do-list.

The main important thing is that we secured the database.

[dkappe]

The version is : phpBB 3.2.x

I went to the phpBB forum and searched for 403 - forbidden. Most of the time it is related to the : mod_security settings.

Useful readings -

https://www.phpbb.com/community/viewtopic.php?t=2547341

https://www.phpbb.com/community/viewtopic.php?t=2475811

Just a word of warning: make sure to secure this server as the bots searching for and exploiting WordPress, phpbb, etc., is pretty much nonstop and on a massive scale. You can expect an attack within seconds of setting it up.

With secure server you mean SSL and https ? That's on the to-do-list.

The main important thing is that we secured the database.

https://geekflare.com/cloud-waf-to-stop ... e-attacks/

[smatovic]

The version is : phpBB 3.2.x

I went to the phpBB forum and searched for 403 - forbidden. Most of the time it is related to the : mod_security settings.

Useful readings -

https://www.phpbb.com/community/viewtopic.php?t=2547341

https://www.phpbb.com/community/viewtopic.php?t=2475811

I am not sure on this, AFAIK mod_security is not installed by default and should be a primary matter of shared hosting systems, webspaces from ISPs, and it affects only some users. If it is installed you can disable it for all sites via:

Code: Select all

sudo a2dismod mod-security2
sudo apache2ctl restart 

Test if 403 still appears, and reactivate again via:

Code: Select all

sudo a2enmod mod-security2
sudo apache2ctl restart 

As I posted already on the other thread, I don't get quite why these 403 still appear, in my understanding this should not happen with Cloudflare, maybe phpBB thinks it gets flooded by Cloudflare and blocks their hosts? Dunno. Will take a look into vers. 3.2.x for some hints.

--
Srdja