Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> nukeFeed/FeedCreator
Author Message
spasticdonkey
RavenNuke(tm) Development Team


Joined: Dec 02, 2006
Posts: 1693
Location: Texas, USA

PostPosted: Thu Jan 07, 2010 3:31 pm Reply with quote

Well I have to say I went awhile without checking the admin email address associated with one of my sites, and found 34,711 nukesentinel bans for links associated with using feedburner with nukeFEED. Shocked Embarassed

Appears that NukeSentinel doesn't like how feedburner is appending the URL's of the feeds. For instance:

forums.html?file=viewtopic&p=41202&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+YourFeedTitle-MoreFeedInfo+%28more+stuff+here%29#41202

I have to say I like the feedburner service but am undecided on my course of action...

try clicking a link in here Only registered users can see links on this board! Get registered or login!


Last edited by spasticdonkey on Thu Jan 07, 2010 3:43 pm; edited 1 time in total 
View user's profile Send private message Visit poster's website
jakec
Site Admin


Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom

PostPosted: Thu Jan 07, 2010 3:35 pm Reply with quote

What reason is NS giving for the ban?
 
View user's profile Send private message
spasticdonkey
PostPosted: Thu Jan 07, 2010 3:48 pm Reply with quote

Date & Time: 2010-01-07 16:41:54 EST GMT -0500
Blocked IP: xxx.xxx.xxx.xxx
User ID: Anonymous (1)
Reason: Abuse-Script
--------------------
Referer: none
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)
HTTP Host: Only registered users can see links on this board! Get registered or login!
Script Name: /modules.php
Query String: name=Forums&file=viewtopic&p=41354&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+somestuffaboutyourfeed-somemorestuff+(more+info+more+info)
Get String: name=Forums&file=viewtopic&p=41354&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+somestuffaboutyourfeed-somemorestuff+(more+info+more+info)
Post String: Not Available
Forwarded For: none
Client IP: none
Remote Address: xx.xxx.xxx.xxx
Remote Port: 12339
Request Method: GET
 
spasticdonkey
PostPosted: Fri Jan 08, 2010 3:36 pm Reply with quote

I'm not sure if kguske missed this post but all the links to his feed items are forwarding to the fbi.gov site.... same type of issue I'm having Sad
Only registered users can see links on this board! Get registered or login! Only registered users can see links on this board! Get registered or login!

I tried disabling some of the tracking features within feedburner but they still add all that extra info to the URL's.....
 
meotoo
Hangin' Around


Joined: Aug 04, 2009
Posts: 36

PostPosted: Fri Jan 08, 2010 4:07 pm Reply with quote

I've started noticing the same issue a few days ago, and thats one of the reasons i'm optimizing NS myself... check:
Only registered users can see links on this board! Get registered or login!

Looking at Google why users coming from feedburner was being banned i've found this post:
Only registered users can see links on this board! Get registered or login!

it's from 2004! and where Raven explain URLs with parenthesis are threaded as scripting attacks..

for now i've replaced the eregi() usage over Scripting attack filter, my next step (once this pattern is found to be quite ok) will be to properly skip users coming from feedburner, keep listening Wink
 
View user's profile Send private message Visit poster's website
spasticdonkey
PostPosted: Fri Jan 08, 2010 5:25 pm Reply with quote

ok it took some digging at feedburner but you can adjust these settings for each one of your feeds. go to:
my feeds > your feed > analyze > configure stats >
click on customize
Image

edit Campaign setting and remove the (${feedName})
Image
 
meotoo
PostPosted: Fri Jan 08, 2010 5:34 pm Reply with quote

sweet! thx for the tip, this is indeed more elegant than adding "more slowness" code to NS Smile
 
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Sat Jan 09, 2010 9:34 am Reply with quote

Thanks, montego, for pointing me to this thread. Thanks, spasticdonkey, for finding this and for finding a solution. When I tested it before making the change, it appears to work, but I believe that's because I'm an admin.

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
spasticdonkey
PostPosted: Sat Jan 09, 2010 12:29 pm Reply with quote

np, when I'm having a problem I usually try to reproduce it somewhere else to make sure I didn't do something misguided.. so you were the lucky winner this time Smile

on a side note I don't use google analytics so I'm not sure what effect these changes will have for analytics users; I'm assuming you would lose the campaign level of stats though... but better than none of your links working Smile
 
spasticdonkey
PostPosted: Wed Dec 08, 2010 12:28 am Reply with quote

are there parenthesis in the link ()?

if so did you try the above fix?

if not try deactivating the santy worm protection in NS and see what happens
 
PHrEEkie
Subject Matter Expert


Joined: Feb 23, 2004
Posts: 358

PostPosted: Wed Dec 08, 2010 2:30 am Reply with quote

The Santy worm was targeted specifically at phpBB installations back in 2004. that's a lotta years ago, and phpBB devs immediately patched (that was the 2.0.11 patch, we're up to 2.0.23 now).

Not sure I'd be real worried about...
Only registered users can see links on this board! Get registered or login!

_________________
PHP - Breaking your legacy scripts one build at a time. 
View user's profile Send private message
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6793
Location: Ha Noi, Viet Nam

PostPosted: Wed Dec 08, 2010 3:20 am Reply with quote

Your web host should also be checking for Santy Worm attacks in Apache's mod_security settings so you can always check with your web host to make sure that is the case.
 
View user's profile Send private message Send e-mail
spasticdonkey
PostPosted: Wed Dec 08, 2010 7:28 am Reply with quote

technocrat wrote:
The sanity attack is pretty much old news. There really isnt a reason to continue to block against. Even more so if you have been keeping up on your forum patches.


I've had it off for at least a couple years on one of my sites. If I remember right in the next version of RN, the default setting will be off.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> nukeFeed/FeedCreator

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©