Announcement

Collapse
No announcement yet.

combating iplogging scripts that bypass CloudFlare and Incapsula.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • mentalrz
    replied
    Found a work around which doesn't break facebook intergration! was quite simple! noticed vbulletin had two checks in order to disable remote retrieval, so i just simple removed curl.

    in php.ini set

    Code:
    allow_url_fopen = Off
    allow_url_include = Off
    in includes/class_upload.php find

    Code:
    if (ini_get('allow_url_fopen') == 0 AND !function_exists('curl_init'))
    and change to

    Code:
                if (ini_get('allow_url_fopen') == 0)

    Sorted


    vbulletin.org: http://www.vbulletin.org/forum/showthread.php?t=313353
    Last edited by mentalrz; Wed 30th Jul '14, 12:49pm.

    Leave a comment:


  • mentalrz
    replied
    Originally posted by Zachery View Post
    Your next choice is to either use plugins to disable the remote fetching or make code modifications.

    I bet if you wanted to it wouldn't be hard to add another machine to act as a relay to fetch the data you want safely.
    Well i got some huge stuff going on for my site atm so this really wont be an issue but it still would be nice to get resolved for other people. i'll look into it further and share what i find.

    Leave a comment:


  • Zachery
    replied
    Your next choice is to either use plugins to disable the remote fetching or make code modifications.

    I bet if you wanted to it wouldn't be hard to add another machine to act as a relay to fetch the data you want safely.

    Leave a comment:


  • mentalrz
    replied
    I did this before posting this thread. I disabled fopen in php and removed all curl options in the code and it still didnt fix the problem.
    EDIT

    I need curl
    Last edited by mentalrz; Tue 29th Jul '14, 1:47pm.

    Leave a comment:


  • Zachery
    replied
    Disable allow_url_fopen and curl in your php.

    Leave a comment:


  • combating iplogging scripts that bypass CloudFlare and Incapsula.

    Hi

    It recently came to my attention that majority if not all of the websites that are behind CF or Incapsula get their ip leaked by image retrievals (plus mail servers and so on..). Vbulletin has two methods, 1... retrieve by url and 2 upload from HDD. Option 1 is the offender and so the simple solution is to just remove all code of it from the template, wrong! You're still able to edit the HTML from your browser and inject the code which just nullifies this method.

    The real way to fix would be to edit class_upload.php particularly the following uploadurl . One of the problems that I came across is even when attempting to remove any possible reference to uploadurl causes all uploading to break, so in the mean time i've just totally removed the file until a working fix is found.

    Any suggestions on 100% stopping image retrieval from urls? It's a killer!
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X