Jump to content

Mikorist

Clients
  • Posts

    258
  • Joined

2 Followers

Contact Methods

Profile Information

  • Gender
    Male
  • Location
    diyaudio.rs

Recent Profile Visitors

12,484 profile views

Mikorist's Achievements

  1. For Nginx ciphers are located in /etc/nginx/nginx.conf For Apache2 https://httpd.apache.org/docs/trunk/ssl/ssl_howto.html Strange, but i have problems with same IP adress -same location........
  2. I also changed ciphers according to Probely's advice. server { listen 443 ssl; ... ssl_protocols TLSv1.2 TLSv1.3; ... } TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHERSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHERSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128- SHA256
  3. Onother part on Nginx location / { try_files $uri $uri/ /index.php$is_args$args; if ($http_user_agent ~* "(java)") {return 404;} if ($http_user_agent ~* "(winhttp|HTTrack|clshttp|archiver|loader)") {return 404;} if ($http_user_agent ~* "(email|harvest|extract|grab|miner)") {return 404;} if ($http_user_agent ~* "(libwww-perl|python|nikto|scan)") {return 404;} ## Block SQL injections set $block_sql_injections 0; if ($query_string ~ "union.*select.*\(") { set $block_sql_injections 1; } if ($query_string ~ "union.*all.*select.*") { set $block_sql_injections 1; } if ($query_string ~ "concat.*\(") { set $block_sql_injections 1; } if ($block_sql_injections = 1) { return 403; } ## Block file injections set $block_file_injections 0; if ($query_string ~ "[a-zA-Z0-9_]=https://") { set $block_file_injections 1; } if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") { set $block_file_injections 1; } if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") { set $block_file_injections 1; } if ($block_file_injections = 1) { return 403; } ## Block common exploits set $block_common_exploits 0; if ($query_string ~ "(<|%3C).*script.*(>|%3E)") { set $block_common_exploits 1; } if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") { set $block_common_exploits 1; } if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") { set $block_common_exploits 1; } if ($query_string ~ "proc/self/environ") { set $block_common_exploits 1; } if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") { set $block_common_exploits 1; } if ($query_string ~ "base64_(en|de)code\(.*\)") { set $block_common_exploits 1; } if ($block_common_exploits = 1) { return 403; }
  4. I cannot reproduce where the problem is. Except that I see that the IP address is from Russia. It simply takes over various users who were never spammers. It looks like some kind of SQL injection. I made paranoid protection on the forum. And now it has eased a bit. Otherwise, spam goes every 10 minutes... https://securityheaders.com/?q=diyaudio.rs&hide=on&followRedirects=on
  5. I have never had anything like this in 12 years. I've had spam users but never like this.
  6. Same here too. After update to 4.7.6. Another forum that is not updated does not have this problem.
  7. Can we have some option in post that can insert the content of a single post into the new private message ? Reply to the post somebody privately in PM ? Send post like PM in IPB 3.0.x ? Thanks :thumbsup:
×
×
  • Create New...