| Author |
Message |
spasticdonkey
RavenNuke(tm) Development Team
Joined: Dec 02, 2006
Posts: 1364
Location: Texas, USA
|
 Posted:
Thu Jan 07, 2010 3:31 pm |
 
|
Well I have to say I went awhile without checking the admin email address associated with one of my sites, and found 34,711 nukesentinel bans for links associated with using feedburner with nukeFEED.  
Appears that NukeSentinel doesn't like how feedburner is appending the URL's of the feeds. For instance:
forums.html&file=viewtopic&p=41202&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+YourFeedTitle-MoreFeedInfo+%28more+stuff+here%29#41202
I have to say I like the feedburner service but am undecided on my course of action...
try clicking a link in here
|
Last edited by spasticdonkey on Thu Jan 07, 2010 3:43 pm; edited 1 time in total |
|
|
|
jakec
Site Admin
Joined: Feb 06, 2006
Posts: 3038
Location: United Kingdom
|
| Posted:
Thu Jan 07, 2010 3:35 pm |
|
What reason is NS giving for the ban? |
|
|
|
|
|
spasticdonkey
RavenNuke(tm) Development Team
Joined: Dec 02, 2006
Posts: 1364
Location: Texas, USA
|
| Posted:
Thu Jan 07, 2010 3:48 pm |
|
Date & Time: 2010-01-07 16:41:54 EST GMT -0500
Blocked IP: xxx.xxx.xxx.xxx
User ID: Anonymous (1)
Reason: Abuse-Script
--------------------
Referer: none
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)
HTTP Host:
Script Name: /modules.php
Query String: name=Forums&file=viewtopic&p=41354&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+somestuffaboutyourfeed-somemorestuff+(more+info+more+info)
Get String: name=Forums&file=viewtopic&p=41354&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+somestuffaboutyourfeed-somemorestuff+(more+info+more+info)
Post String: Not Available
Forwarded For: none
Client IP: none
Remote Address: xx.xxx.xxx.xxx
Remote Port: 12339
Request Method: GET |
|
|
|
|
|
spasticdonkey
RavenNuke(tm) Development Team
Joined: Dec 02, 2006
Posts: 1364
Location: Texas, USA
|
| Posted:
Fri Jan 08, 2010 3:36 pm |
|
I'm not sure if kguske missed this post but all the links to his feed items are forwarding to the fbi.gov site.... same type of issue I'm having 
I tried disabling some of the tracking features within feedburner but they still add all that extra info to the URL's..... |
|
|
|
|
|
meotoo
Hangin' Around
Joined: Aug 04, 2009
Posts: 36
|
| Posted:
Fri Jan 08, 2010 4:07 pm |
|
I've started noticing the same issue a few days ago, and thats one of the reasons i'm optimizing NS myself... check:
Looking at Google why users coming from feedburner was being banned i've found this post:
it's from 2004! and where Raven explain URLs with parenthesis are threaded as scripting attacks..
for now i've replaced the eregi() usage over Scripting attack filter, my next step (once this pattern is found to be quite ok) will be to properly skip users coming from feedburner, keep listening  |
|
|
|
|
spasticdonkey
RavenNuke(tm) Development Team
Joined: Dec 02, 2006
Posts: 1364
Location: Texas, USA
|
| Posted:
Fri Jan 08, 2010 5:25 pm |
|
ok it took some digging at feedburner but you can adjust these settings for each one of your feeds. go to:
my feeds > your feed > analyze > configure stats >
click on customize
edit Campaign setting and remove the (${feedName})
 |
|
|
|
|
|
meotoo
Hangin' Around
Joined: Aug 04, 2009
Posts: 36
|
| Posted:
Fri Jan 08, 2010 5:34 pm |
|
sweet! thx for the tip, this is indeed more elegant than adding "more slowness" code to NS  |
|
|
|
|
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6044
|
| Posted:
Sat Jan 09, 2010 9:34 am |
|
Thanks, montego, for pointing me to this thread. Thanks, spasticdonkey, for finding this and for finding a solution. When I tested it before making the change, it appears to work, but I believe that's because I'm an admin. |
|
|
|
|
|
spasticdonkey
RavenNuke(tm) Development Team
Joined: Dec 02, 2006
Posts: 1364
Location: Texas, USA
|
| Posted:
Sat Jan 09, 2010 12:29 pm |
|
np, when I'm having a problem I usually try to reproduce it somewhere else to make sure I didn't do something misguided.. so you were the lucky winner this time
on a side note I don't use google analytics so I'm not sure what effect these changes will have for analytics users; I'm assuming you would lose the campaign level of stats though... but better than none of your links working |
|
|
|
|
|
spasticdonkey
RavenNuke(tm) Development Team
Joined: Dec 02, 2006
Posts: 1364
Location: Texas, USA
|
| Posted:
Wed Dec 08, 2010 12:28 am |
|
are there parenthesis in the link ()?
if so did you try the above fix?
if not try deactivating the santy worm protection in NS and see what happens |
|
|
|
|
|
PHrEEkie
Subject Matter Expert
Joined: Feb 23, 2004
Posts: 358
|
| Posted:
Wed Dec 08, 2010 2:30 am |
|
The Santy worm was targeted specifically at phpBB installations back in 2004. that's a lotta years ago, and phpBB devs immediately patched (that was the 2.0.11 patch, we're up to 2.0.23 now).
Not sure I'd be real worried about...
|
|
|
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6373
Location: Vsetin, Czech Republic
|
| Posted:
Wed Dec 08, 2010 3:20 am |
|
Your web host should also be checking for Santy Worm attacks in Apache's mod_security settings so you can always check with your web host to make sure that is the case. |
|
|
|
|
spasticdonkey
RavenNuke(tm) Development Team
Joined: Dec 02, 2006
Posts: 1364
Location: Texas, USA
|
| Posted:
Wed Dec 08, 2010 7:28 am |
|
| technocrat wrote: | | The sanity attack is pretty much old news. There really isnt a reason to continue to block against. Even more so if you have been keeping up on your forum patches. |
I've had it off for at least a couple years on one of my sites. If I remember right in the next version of RN, the default setting will be off. |
|
|
|
|
|
|
|
|
|
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
