Announcement

Collapse
No announcement yet.

combating iplogging scripts that bypass CloudFlare and Incapsula.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • combating iplogging scripts that bypass CloudFlare and Incapsula.

    Hi

    It recently came to my attention that majority if not all of the websites that are behind CF or Incapsula get their ip leaked by image retrievals (plus mail servers and so on..). Vbulletin has two methods, 1... retrieve by url and 2 upload from HDD. Option 1 is the offender and so the simple solution is to just remove all code of it from the template, wrong! You're still able to edit the HTML from your browser and inject the code which just nullifies this method.

    The real way to fix would be to edit class_upload.php particularly the following uploadurl . One of the problems that I came across is even when attempting to remove any possible reference to uploadurl causes all uploading to break, so in the mean time i've just totally removed the file until a working fix is found.

    Any suggestions on 100% stopping image retrieval from urls? It's a killer!

  • #2
    Disable allow_url_fopen and curl in your php.

    Comment


    • #3
      I did this before posting this thread. I disabled fopen in php and removed all curl options in the code and it still didnt fix the problem.
      EDIT

      I need curl
      Last edited by mentalrz; Tue 29th Jul '14, 1:47pm.

      Comment


      • #4
        Your next choice is to either use plugins to disable the remote fetching or make code modifications.

        I bet if you wanted to it wouldn't be hard to add another machine to act as a relay to fetch the data you want safely.

        Comment


        • #5
          Originally posted by Zachery View Post
          Your next choice is to either use plugins to disable the remote fetching or make code modifications.

          I bet if you wanted to it wouldn't be hard to add another machine to act as a relay to fetch the data you want safely.
          Well i got some huge stuff going on for my site atm so this really wont be an issue but it still would be nice to get resolved for other people. i'll look into it further and share what i find.

          Comment


          • #6
            Found a work around which doesn't break facebook intergration! was quite simple! noticed vbulletin had two checks in order to disable remote retrieval, so i just simple removed curl.

            in php.ini set

            Code:
            allow_url_fopen = Off
            allow_url_include = Off
            in includes/class_upload.php find

            Code:
            if (ini_get('allow_url_fopen') == 0 AND !function_exists('curl_init'))
            and change to

            Code:
                        if (ini_get('allow_url_fopen') == 0)

            Sorted


            vbulletin.org: http://www.vbulletin.org/forum/showthread.php?t=313353
            Last edited by mentalrz; Wed 30th Jul '14, 12:49pm.

            Comment

            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
            Working...
            X