Mikorist

For Nginx ciphers are located in /etc/nginx/nginx.conf For Apache2 https://httpd.apache.org/docs/trunk/ssl/ssl_howto.html Strange, but i have problems with same IP adress -same location........

I also changed ciphers according to Probely's advice. server { listen 443 ssl; ... ssl_protocols TLSv1.2 TLSv1.3; ... } TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHERSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHERSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128- SHA256

Onother part on Nginx location / { try_files $uri $uri/ /index.php$is_args$args; if ($http_user_agent ~* "(java)") {return 404;} if ($http_user_agent ~* "(winhttp|HTTrack|clshttp|archiver|loader)") {return 404;} if ($http_user_agent ~* "(email|harvest|extract|grab|miner)") {return 404;} if ($http_user_agent ~* "(libwww-perl|python|nikto|scan)") {return 404;} ## Block SQL injections set $block_sql_injections 0; if ($query_string ~ "union.*select.*\(") { set $block_sql_injections 1; } if ($query_string ~ "union.*all.*select.*") { set $block_sql_injections 1; } if ($query_string ~ "concat.*\(") { set $block_sql_injections 1; } if ($block_sql_injections = 1) { return 403; } ## Block file injections set $block_file_injections 0; if ($query_string ~ "[a-zA-Z0-9_]=https://") { set $block_file_injections 1; } if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") { set $block_file_injections 1; } if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") { set $block_file_injections 1; } if ($block_file_injections = 1) { return 403; } ## Block common exploits set $block_common_exploits 0; if ($query_string ~ "(<|%3C).*script.*(>|%3E)") { set $block_common_exploits 1; } if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") { set $block_common_exploits 1; } if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") { set $block_common_exploits 1; } if ($query_string ~ "proc/self/environ") { set $block_common_exploits 1; } if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") { set $block_common_exploits 1; } if ($query_string ~ "base64_(en|de)code\(.*\)") { set $block_common_exploits 1; } if ($block_common_exploits = 1) { return 403; }

I cannot reproduce where the problem is. Except that I see that the IP address is from Russia. It simply takes over various users who were never spammers. It looks like some kind of SQL injection. I made paranoid protection on the forum. And now it has eased a bit. Otherwise, spam goes every 10 minutes... https://securityheaders.com/?q=diyaudio.rs&hide=on&followRedirects=on

I have never had anything like this in 12 years. I've had spam users but never like this.

Same here too. After update to 4.7.6. Another forum that is not updated does not have this problem.

Can we have some option in post that can insert the content of a single post into the new private message ? Reply to the post somebody privately in PM ? Send post like PM in IPB 3.0.x ? Thanks :thumbsup: