-
Posts
258 -
Joined
Content Type
Downloads
Release Notes
IPS4 Guides
IPS4 Developer Documentation
Invision Community Blog
Development Blog
Deprecation Tracker
Providers Directory
Forums
Events
Store
Gallery
Posts posted by Mikorist
-
-
I also changed ciphers according to Probely's advice.
server { listen 443 ssl; ... ssl_protocols TLSv1.2 TLSv1.3; ... }
TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHERSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHERSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128- SHA256
-
7 minutes ago, Mikorist said:
I cannot reproduce where the problem is. Except that I see that the IP address is from Russia. It simply takes over various users who were never spammers. It looks like some kind of SQL injection. I made paranoid protection on the forum. And now it has eased a bit. Otherwise, spam goes every 10 minutes...
https://securityheaders.com/?q=diyaudio.rs&hide=on&followRedirects=on
Onother part on Nginx
location / { try_files $uri $uri/ /index.php$is_args$args; if ($http_user_agent ~* "(java)") {return 404;} if ($http_user_agent ~* "(winhttp|HTTrack|clshttp|archiver|loader)") {return 404;} if ($http_user_agent ~* "(email|harvest|extract|grab|miner)") {return 404;} if ($http_user_agent ~* "(libwww-perl|python|nikto|scan)") {return 404;} ## Block SQL injections set $block_sql_injections 0; if ($query_string ~ "union.*select.*\(") { set $block_sql_injections 1; } if ($query_string ~ "union.*all.*select.*") { set $block_sql_injections 1; } if ($query_string ~ "concat.*\(") { set $block_sql_injections 1; } if ($block_sql_injections = 1) { return 403; } ## Block file injections set $block_file_injections 0; if ($query_string ~ "[a-zA-Z0-9_]=https://") { set $block_file_injections 1; } if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") { set $block_file_injections 1; } if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") { set $block_file_injections 1; } if ($block_file_injections = 1) { return 403; } ## Block common exploits set $block_common_exploits 0; if ($query_string ~ "(<|%3C).*script.*(>|%3E)") { set $block_common_exploits 1; } if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") { set $block_common_exploits 1; } if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") { set $block_common_exploits 1; } if ($query_string ~ "proc/self/environ") { set $block_common_exploits 1; } if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") { set $block_common_exploits 1; } if ($query_string ~ "base64_(en|de)code\(.*\)") { set $block_common_exploits 1; } if ($block_common_exploits = 1) { return 403; }
-
I cannot reproduce where the problem is. Except that I see that the IP address is from Russia. It simply takes over various users who were never spammers. It looks like some kind of SQL injection. I made paranoid protection on the forum. And now it has eased a bit. Otherwise, spam goes every 10 minutes...
https://securityheaders.com/?q=diyaudio.rs&hide=on&followRedirects=on
-
I have never had anything like this in 12 years. I've had spam users but never like this.
-
-
Can we have some option in post that can insert the content of a single post into the new private message ?
Reply to the post somebody privately in PM ?
Send post like PM in IPB 3.0.x ?
Thanks :thumbsup:
spam
in Classic self-hosted technical help
Posted
For Nginx ciphers are located in
/etc/nginx/nginx.conf
For Apache2
https://httpd.apache.org/docs/trunk/ssl/ssl_howto.html
Strange, but i have problems with same IP adress -same location........