Hi all,
Our happy go lucky team of technical folks will be doing a security upgrade over the next few weeks. They will be testing the new system out before bringing it over to the board so impact will (hopefully) be minimal. However, if you notice anything wrong feel free to post a thread in the Site Support & Help section.
If you see the errors 403 FORBIDDEN message, or a 404 NOT FOUND message then please send an email to admin@singledivers.com or PM to Tech-Admin with the page location you could not see and when you saw the error is also important. (The time is displayed in the lower right of every SD page so that is easy to do.) We need the time to check out logs to trace the error so it is pretty important.
Thanks everyone!
Security Upgrade in Progress
Started by
shadragon
, Aug 18 2008 01:59 PM
4 replies to this topic
#1
shadragon
-
- Member
-
- 3,055 posts
Tech Admin
- Location:On De Island...
- Gender:Male
- Cert Level:MSD / DM / Solo
- Logged Dives:534' ish
Posted 18 August 2008 - 01:59 PM
Remember, email is an inefficient communications forum. You may not read things the way it was intended. Give people the benefit of the doubt before firing back... Especially if it is ME...! 
Tech Support - The hard we do right away; the impossible takes us a little longer...
"I like ponies on no-stop diving. They convert "ARGH!! I'M GOING TO DIE" into a mere annoyance." ~Nigel Hewitt
Tech Support - The hard we do right away; the impossible takes us a little longer...
"I like ponies on no-stop diving. They convert "ARGH!! I'M GOING TO DIE" into a mere annoyance." ~Nigel Hewitt
#2
Tech-Admin
-
- Staff
-
- 64 posts
On a roll now.....
- Gender:Male
- Logged Dives:130something
Posted 23 August 2008 - 11:27 AM
Sorry for the brief authentication message just now, I forgot to remove the password lock from the test site! 
Should be all better now.
If I missed something, you might see a 404 - NOT FOUND or 403 - FORBIDDEN message, so kindly let me know.
The new security is on-line as of now, but might still need some tweaks so that our members AND guests can all see the forums and continue playing like you always have.
Should be all better now.
If I missed something, you might see a 404 - NOT FOUND or 403 - FORBIDDEN message, so kindly let me know.
The new security is on-line as of now, but might still need some tweaks so that our members AND guests can all see the forums and continue playing like you always have.
#3
Tech-Admin
-
- Staff
-
- 64 posts
On a roll now.....
- Gender:Male
- Logged Dives:130something
Posted 26 August 2008 - 09:18 AM
So far the new security has blocked a LOT of the script kiddies from attacking the forum... a WHOLE lot of 'em. 
With the newer protocols, even if there's a security hole in the software the new layer blocks the malignant children from using a loophole.
I've seen a few legitimate requests get caught and thrown out with a 403 - FORBIDDEN that I'm trying to debug, and two from a BlackBerry phone that I can't allow...
The BlackBerry access was working off of a stored or messaged link in at least one of two cases, but in both cases it sent out an illegal URL that looks identical to a number of "cross site scripting" exploits. I haven't seen this reported in any other security forums, but here's what the BlackBerry sent (twice yesterday):
"GET /surfaceinterval/index.php?http://www.singledivers.com/surfaceinterval/ HTTP/1.1"
That SHOULD have looked like this:
"GET /surfaceinterval/index.php? HTTP/1.1" -or- "GET /surfaceinterval/index.php?act=Login&CODE=01 HTTP/1.1"
The question mark and full URL afterwards is typical of a hack exploit, and wouldn't have worked in any event so I can't un-block it. The phone HAS to send out valid URLs or there's nothing I can do to fix it.
I'll get the other errors figured out and corrected. Out of tens of thousands of 'requests' in the last few days, only 5 that SHOULD have passed through got bounced (4 image uploads and one search request).
With the newer protocols, even if there's a security hole in the software the new layer blocks the malignant children from using a loophole.
I've seen a few legitimate requests get caught and thrown out with a 403 - FORBIDDEN that I'm trying to debug, and two from a BlackBerry phone that I can't allow...
The BlackBerry access was working off of a stored or messaged link in at least one of two cases, but in both cases it sent out an illegal URL that looks identical to a number of "cross site scripting" exploits. I haven't seen this reported in any other security forums, but here's what the BlackBerry sent (twice yesterday):
"GET /surfaceinterval/index.php?http://www.singledivers.com/surfaceinterval/ HTTP/1.1"
That SHOULD have looked like this:
"GET /surfaceinterval/index.php? HTTP/1.1" -or- "GET /surfaceinterval/index.php?act=Login&CODE=01 HTTP/1.1"
The question mark and full URL afterwards is typical of a hack exploit, and wouldn't have worked in any event so I can't un-block it. The phone HAS to send out valid URLs or there's nothing I can do to fix it.
I'll get the other errors figured out and corrected. Out of tens of thousands of 'requests' in the last few days, only 5 that SHOULD have passed through got bounced (4 image uploads and one search request).
#4
Tech-Admin
-
- Staff
-
- 64 posts
On a roll now.....
- Gender:Male
- Logged Dives:130something
Posted 28 August 2008 - 09:20 AM
We should be good at the moment. I've corrected the added security so that legit image uploads won't bounce you out.
We're still getting the occasional hit from a 'script kiddie' in Canada (as well as a few from Turkey and China) but they're all caught and rejected.
I find China's 'official stance' on hacking to be utterly hilarious. They have a VERY aggressive firewall around their entire country that blocks hack attempts coming INTO China, but they let absolutely everything go OUT. Their firewall could automatically find, report and halt those Chinese hackers, but they've chosen to allow all of it to continue unabated. Every e-mail I've sent reporting them (including the full attack logs) has gone unread and no action has been taken on the addresses I've reported. I've been on the verge of blocking two large chunks of China due to the number of hack attempts I've seen from them, but I really don't want to get into the habit of denying entire countries just because their government are liars:
quote: "The Chinese government has consistently opposed and vigorously attacked according to the law all Internet-wrecking crimes, including hacking." (Foreign Ministry spokeswoman Jiang Yu in Beijing)
Yeah, well, that's a load of BS if you ask me...
We're still getting the occasional hit from a 'script kiddie' in Canada (as well as a few from Turkey and China) but they're all caught and rejected.
I find China's 'official stance' on hacking to be utterly hilarious. They have a VERY aggressive firewall around their entire country that blocks hack attempts coming INTO China, but they let absolutely everything go OUT. Their firewall could automatically find, report and halt those Chinese hackers, but they've chosen to allow all of it to continue unabated. Every e-mail I've sent reporting them (including the full attack logs) has gone unread and no action has been taken on the addresses I've reported. I've been on the verge of blocking two large chunks of China due to the number of hack attempts I've seen from them, but I really don't want to get into the habit of denying entire countries just because their government are liars:
quote: "The Chinese government has consistently opposed and vigorously attacked according to the law all Internet-wrecking crimes, including hacking." (Foreign Ministry spokeswoman Jiang Yu in Beijing)
Yeah, well, that's a load of BS if you ask me...
#5
Tech-Admin
-
- Staff
-
- 64 posts
On a roll now.....
- Gender:Male
- Logged Dives:130something
Posted 02 September 2008 - 12:53 PM
Other than one person yesterday in St. Louis running Firefox 3.0.1 under Linux that got DENIED, everything else seems to be working OK. I've looked and tested, and they SHOULDN'T have had any issues (I can simulate the same 'referrer' and 'user agent' strings) so I don't know what happened there. The only thing I can't simulate is that the newer security checks the cookie to make sure that they're not trying to hide any of the common server exploits inside the cookie, and we can't see cookies... they're merely tested.
It looks like things have quieted down on the server security front.
I have better things to do than run obnoxious children off...
I guess the little kids are FINALLY figuring out that the stunts they've been trying to pull are going right into the toilet;
the server has successfully rejected all illegal accesses these last 2 weeks, and the attacks are dwindling.
It looks like things have quieted down on the server security front.
I have better things to do than run obnoxious children off...
I guess the little kids are FINALLY figuring out that the stunts they've been trying to pull are going right into the toilet;
the server has successfully rejected all illegal accesses these last 2 weeks, and the attacks are dwindling.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
