Announcement

Collapse
No announcement yet.

Is this a security concern

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Is this a security concern

    Now that I have installed CloudFlare I am noticing some interesting log data. Abusive traffic to the forum appears to include doing random searches (even though search for guests is captcha limited).

    But this I can't figure out;

    Click image for larger version  Name:	Capture.PNG Views:	0 Size:	245.4 KB ID:	4432350
    This is a report on one particular CloudFlare challenge to a visitor request. Is this a concern? It makes me wonder if the attacker has access to resources it shouldn't.

    This IP address sent a dozen requests to the forum in less than 2 seconds. Just before that an IP address in Hong Kong sent 30 requests in unde a minute - most of them searches for garbage text.

    Any tips for dealing with this malicious traffic is welcome - there are lots of ways of patching WordPress installations, which I have implemented, so any guide for hardening vBulletin installs would be most welcome.

  • #2
    This particular notification is loading CSS files that are used to format the output of your page. The css.php file isn't something that can be exploited really. It asks for a stylesheet name, styleid, and date stamp. It does not insert data into your database under any circumstance.

    In regards to search, every thing displayed on the page in vBulletin is a search. Your list of forums is a search, your latest topics is a search, a list of topics is a search, a list of users is a search. Even if you have recaptcha on Keyword search, guest users will be running a lot of searches when they visit your site.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API - Full / Mobile
    Vote for your favorite feature requests and the bugs you want to see fixed.

    Comment


    • #3
      Originally posted by Wayne Luke View Post
      This particular notification is loading CSS files that are used to format the output of your page. The css.php file isn't something that can be exploited really. It asks for a stylesheet name, styleid, and date stamp. It does not insert data into your database under any circumstance.

      In regards to search, every thing displayed on the page in vBulletin is a search. Your list of forums is a search, your latest topics is a search, a list of topics is a search, a list of users is a search. Even if you have recaptcha on Keyword search, guest users will be running a lot of searches when they visit your site.
      Yes, I understand that but I believe the bots were using garbage terms to overload the text search engine. I have disabled guest searching for now to see if it makes a difference - I will report back.

      Comment


      • #4
        Captcha doesn't prevent people from entering text into the search field. It just sends back an error if they don't fill out the captcha. This will still use server resources.

        A better solution would be to use server tools like mod_evasive that prevents heavy access from specific IP addresses and to temporarily ban those IP addresses. Maybe CloudFlare has a similar feature as well.
        Translations provided by Google.

        Wayne Luke
        The Rabid Badger - a vBulletin Cloud demonstration site.
        vBulletin 5 API - Full / Mobile
        Vote for your favorite feature requests and the bugs you want to see fixed.

        Comment


        • #5
          Originally posted by Wayne Luke View Post
          Captcha doesn't prevent people from entering text into the search field. It just sends back an error if they don't fill out the captcha. This will still use server resources.

          A better solution would be to use server tools like mod_evasive that prevents heavy access from specific IP addresses and to temporarily ban those IP addresses. Maybe CloudFlare has a similar feature as well.
          I looked at mode_evasive but the hosting admins don't recommend it and it's apparently no longer being developed.

          Comment

          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
          Working...
          X