Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • May 10 16:15
    mikeruss1 commented #219
  • May 10 06:23

    Maikuolan on v2

    composer.json update. (compare)

  • May 10 06:23

    Maikuolan on v1

    composer.json update. (compare)

  • May 10 01:28
    Maikuolan commented #219
  • May 10 01:27
    Maikuolan commented #219
  • May 09 18:03
    mikeruss1 commented #219
  • May 09 18:03
    mikeruss1 commented #219
  • May 09 16:27
    mikeruss1 commented #219
  • May 09 16:18
    Maikuolan labeled #219
  • May 09 16:18
    Maikuolan unlabeled #219
  • May 09 16:17
    Maikuolan commented #219
  • May 09 16:11

    Maikuolan on v2

    Bug-fix (#219). Changelog exce… (compare)

  • May 09 16:11

    Maikuolan on v1

    Bug-fix (#219). Changelog exce… (compare)

  • May 09 15:59
    Maikuolan commented #219
  • May 09 15:07
    mikeruss1 commented #219
  • May 09 14:18
    Maikuolan labeled #219
  • May 09 14:18
    Maikuolan unlabeled #219
  • May 09 14:18
    Maikuolan commented #219
  • May 09 13:44
    mikeruss1 commented #219
  • May 09 13:24
    Maikuolan closed #222
Caleb Mazalevskis
@Maikuolan

I am surprised this is tripping, if it is the cause? As an experiment is it worth me modding it to 15 secs and seeing what happens?

Is it worth it..? Maybe..? Difficult to say. TBH, there are so many different edge-case things which could be causing the problem, and with no definitive evidence to suggest one particular possibility over any of the others, I'm not entirely sure where to start. My gut is telling me that the current flock timeout isn't the problem (like you said, already quite generous), but who knows..? It's possible (albeit, I think, relatively unlikely).

I still need to make those changes to how it handles tracked data that I'd mentioned a few months back. Still planning on doing so, too. Hopefully those changes will help a bit. Due to being a relatively large shift in how data is handled though, although the changes to the code itself should be relatively small in its own right, there's a fair bit to sort out first. Hopefully I'll be able to start on it soon.
mikeruss1
@mikeruss1
So there are other mechanisms that could cause it apart from the flock timeout?
Aaron
@737simpilot
10-4 on the rollback and Swatch time. I should get a watch like that. LOL I wonder, would it be prudent to add a Swatch time calculator to CIDRAM's Home page or somewhere there? That way I can enter the date and time and get a conversion.
Aaron
@737simpilot
@Maikuolan @mikeruss1 asked a question.
Caleb Mazalevskis
@Maikuolan
Yeah, sorry. Been tired because of work.

So there are other mechanisms that could cause it apart from the flock timeout?

Presumably, yes, since the problem is occurring. Can't say for sure which ones though, since I don't know for sure which ones. Just speculations that there are lots of possible things which, without being eliminated as possibilities, remain possibilities.

It's certainly a very weird problem.
IP tracking fix should help, hopefully. (When I get around to implementing it, anyhow).
Aaron
@737simpilot
@Maikuolan I've been suppressing Azure hits in the log because of the few false positives from Bing bot. This has been working, but just now I see a log for a Bing hit (or what looks like a Bing hit. Has no PTR) and I'm wondering why it logged? I looked carefully at the why reason in my rule and the one in the log and don't see a difference.
ID: 1619004178-018761-8825532326
Date/Time: Wed, 21 Apr 2021 05:22:58 -0600
IP Address: 40.77.139.79
Query: v=2180135197
Referrer: https://mywebsite.com/
Signatures Count: 1
Signatures Reference: 40.77.138.0/23
Why Blocked: Cloud service ("msaz_cidram.inc-IPv4", L840:F11)!
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534+ (KHTML, like Gecko) BingPreview/1.0b
Reconstructed URI: https://mywebsite.com/app.php/extrastyle/showtopicstarter__css?v=2180135197
CAPTCHA State: Disabled.
Azure:
Logic: "Any"
Reason: "403"
Suppress output template: true
Don't log:
If matches:
WhyReason:
- "Cloud service ("msaz_cidram.inc-IPv4""

And I don't know why markup just did that to the last part there. I thought that worked with just single quotes.

Interesting to note though, I didn't know CS files were protected by CIDRAM. Maybe the query there isn't jiving with the auxiliary rules. I have seen Bing bot do this before with queries and other things that make no sense for a search engine bot. Kinda evasive.

Aaron
@737simpilot
Here's a better look without markup interfering. https://pastebin.com/2p0MMgBD Password: cidram. Will expire in a month.
Aaron
@737simpilot

OFF TOPIC

After I log out of Github I always see this message and it just gets me with my imagination. So I created this meme to reflect my inner thoughts. LOL!

https://imgur.com/nIyBeu5

OFF TOPIC

mikeruss1
@mikeruss1

So there are other mechanisms that could cause it apart from the flock timeout?

Presumably, yes, since the problem is occurring. Can't say for sure which ones though, since I don't know for sure which ones. Just speculations that there are lots of possible things which, without being eliminated as possibilities, remain possibilities.

would it be possible to log the event in a way that defines the source of the problem?
Aaron
@737simpilot
@Maikuolan The SFS module is blocking what looks like regular cell phone users. If I add all the CIDRs for this ASN in a signature file and mark it for reCAPTCHA, would that bypass the SFS module's straight block and offer a captcha instead? Just not exactly sure how to go about this. I could do the ASN in the auxiliary rules, but the ASN lookup wasn't working for me when I tried it last. Rather have something more permanent rather than an API request.
Caleb Mazalevskis
@Maikuolan

would it be possible to log the event in a way that defines the source of the problem?

I'll look into it further once I've finished with the current captcha stuff I'm working on.

(Not sure how to do this currently, but maybe there's a way).

@Maikuolan The SFS module is blocking what looks like regular cell phone users. If I add all the CIDRs for this ASN in a signature file and mark it for reCAPTCHA, would that bypass the SFS module's straight block and offer a captcha instead? Just not exactly sure how to go about this. I could do the ASN in the auxiliary rules, but the ASN lookup wasn't working for me when I tried it last. Rather have something more permanent rather than an API request.

Are the blocks occurring just because of SFS, or are there other signatures/modules/rules/etc triggering the block alongside SFS?

Aaron
@737simpilot
Just with the SFS module. I'm wondering if the code you're working on for captcha could be used to add some kind of marker to the SFS module so that I can mark it for reCAPTCHA in the auxiliary rules or perhaps add a configuration option to the SFS module for a reCAPTCHA option.
Caleb Mazalevskis
@Maikuolan
That could work.
Aaron
@737simpilot
Holy crap, Caleb! I just updated now and I see you coded your butt off! LOL Looks like there's around 23 or 26 K of code in the core alone that's been added. I see you added Hcaptcha. I didn't know they offered an invisible version as well. This might fulfill the whole JS challenge idea just on that alone. So after I try some hacking on my site to try and get pass the invisible reCAPTCHA and Hcaptcha, I'll revisit the JS blocking module idea again and close or add remarks if needed. Thanks again!
Aaron
@737simpilot

-OffTopic-

I wasn't sure if the proper word is pass or passed so I looked it up. Out of all the so-called "experts" in their field, Jen freaking nailed it! LOL And she doesn't indicate any credentials FFS. HAHAHA https://preply.com/en/question/which-is-correct-please-let-me-get-past-or-please-let-me-get-passed

Although, I'm still not completely sure if I got that right or not. The word hacking can be a noun or a verb, etc. Ugh.

Aaron
@737simpilot
@Maikuolan What happens if a user uses both captcha types of Hcaptcha and reCAPTCHA? Maybe a fail safe needs to be built in so if both use the same parameters the other is deactivated? The user may want one captcha for certain things and another captcha for others?
Aaron
@737simpilot

And I see this error_log:

[2021-04-29T02:54:58-06:00] Error at classes/ReCaptcha.php:L299 (error code 8): "Undefined variable: Loggable". Eep.. Something went wrong during "Reporting".

If this is related to a POST like how hCaptcha works, it's because of my auxiliary rule on POST for creating URLs.

Caleb Mazalevskis
@Maikuolan

@Maikuolan What happens if a user uses both captcha types of Hcaptcha and reCAPTCHA? Maybe a fail safe needs to be built in so if both use the same parameters the other is deactivated? The user may want one captcha for certain things and another captcha for others?

They both check the same cookies, files, flags, etc at the back-end to confirm whether someone has successfully completed the CAPTCHA or not, so as soon as one of them has been passed, it's basically the same as passing both of them. Good on that front. As to which would execute, would depend on the exact usemode values set for each, and the exact context, but in general, it'll end up being whichever one fires off first in the code (the way I've coded it means that it'll be reCAPTCHA in most cases, but could potentially be the other way around if set up in particular ways).

And I see this error_log:

[2021-04-29T02:54:58-06:00] Error at classes/ReCaptcha.php:L299 (error code 8): "Undefined variable: Loggable". Eep.. Something went wrong during "Reporting".

If this is related to a POST like how hCaptcha works, it's because of my auxiliary rule on POST for creating URLs.

Cheers. I'll investigate that now.

Caleb Mazalevskis
@Maikuolan
So.. Interestingly.. That error actually demonstrates two separate bugs. One, the missing index. Two, the wrong error stage is being reported (it shows "Reporting", but the actual stage isn't the reporting stage, but rather, the final non-blocked CAPTCHA stage). Anyway, I'll sort that out now.
Caleb Mazalevskis
@Maikuolan
Done. :-)
Still having some other issues with the new HCaptcha integration; Hoping to get them sorted out soon.
Caleb Mazalevskis
@Maikuolan
CAPTCHA options added to config. :-)
(Re: Modules).
Aaron
@737simpilot
Thanks, Caleb. I'll update now.
Aaron
@737simpilot

Question:

If the AbuseIPDB and Project Honeypot max score is set to say a 6 and the min is set to a 10, is their some kind of ripple in time? LOL I mean, what would the outcome be in this case? Just wondering how I should set this given the new options I see here. Right now the min and max are the same which sound prudent.

Caleb Mazalevskis
@Maikuolan
If the max is lower than the min, it just means they'll never be served a CAPTCHA, nothing more special than that. :-)
Since min is for blocking, and max is for serving the CAPTCHA.
Aaron
@737simpilot
@Maikuolan You might want to mark AS12552 for CAPTCHA since this ASN has Viasat in it and that's a satellite ISP.
Caleb Mazalevskis
@Maikuolan
Cheers. I'll get that sorted out now.
Caleb Mazalevskis
@Maikuolan
Looks like invisible mode for HCaptcha is only available for "Enterprise" users.
Might need to stick with reCAPTCHA for the invisible mode, I guess.
Anyway, almost have it working now.
Aaron
@737simpilot
Yeah, and about reCAPTCHA, I don't see an invisible version on my end. Tried a couple browsers as well. I think the difficulty setting needs to be turned way down for that to be actually invisible.
Caleb Mazalevskis
@Maikuolan
Yeah.. Makes sense.
I think it'll still force the challenge if it scores above a certain threshold (whatever Googles determines for it).
Aaron
@737simpilot
Yep, just did some testing in invisible mode and my Firefox version of 83 gets a captcha challenge and so does the niche browser Pale Moon. But in Chrome 88 (Actually UnGoogled Chromium) I get an invisible captcha pause for a second and I'm let through. So it's like if you use a Google product you're more than welcome to breeze right through the captcha.
Caleb Mazalevskis
@Maikuolan
Interesting.
I'm using Edge at my end at the moment, and it seems to work properly for me (reCAPTCHA, at least; hCAPTCHA needs their enterprise thing though, I'm pretty sure).
Aaron
@737simpilot

@Maikuolan This IP Geo location service looks interesting in addition to BGPView.io https://ip-api.com

Though, the last part of the "as": part there would need to have the lettering dropped as to just pick up on the AS number part. So I'm thinking this could be incorporated into the Auxiliary rules for ASN matching and what you have based on all the parameters given. I do like the "hosting": attribute because if it is hosting we can use that in the auxiliary rules to say, serve up a captcha or something. I'm not sure how reliable their data is however.