The officially official Devuan Forum!

You are not logged in.

#1 2018-05-25 15:12:22

figdev
Member
Registered: 2018-05-14
Posts: 68  

FIXED: how much is enough?

last night i was in the middle of using the forum, and it suddenly stopped working.

Giykffe.png

about 12 hours later, it still isnt working.

i have installed additional software to enable me to post.

this is obviously NOT A BAN because: https://dev1galaxy.org/viewtopic.php?pid=9082#p9082

three of the forum admins have visited since this non-ban, and NONE have informed me directly-- i cant even be sure this is intentional.

most forum bans let you at least read the forums, or tell you that youre banned-- or log the ban so other admins are aware of it.

however, i am actually prevented from accessing the site-- no message about a "ban" (other than the vague error shown here) is displayed.

if i am banned, i would like to know for how long.

i will not try to circumvent a ban and post during the duration im informed the ban will last for,

but i will try to circumvent a network error in order to ask what happened.

thanks very much!

Last edited by figdev (2018-05-25 15:50:28)

Offline

#2 2018-05-25 15:35:17

golinux
Administrator
Registered: 2016-11-25
Posts: 1,253  

Re: FIXED: how much is enough?

I just woke up.  It is not personal so you can relax.  rrq has installed a "snaplock" on this forum to flag "dubious" addresses as part of our spam control.  It has caught a few users and even caught me several times when my IP has done something funky.  So you can relax.  rrq actually put a button in the admin panel but honestly I am hesitant to click it as I don't know that it has ever been used in a real-life situation and I don't want to bring the forum to its knees if he isn't around to fix things.  I just pinged him but chances are he's zzzzz down under.

Online

#3 2018-05-25 15:48:16

golinux
Administrator
Registered: 2016-11-25
Posts: 1,253  

Re: FIXED: how much is enough?

<rrq> which IP ?
<rrq> maybe 24.xxx.xxx.122 which requested "HEAD /req_message HTTP/1.1" some 12 hours ago?
<rrq> i've un-dubious-ed that IP

Please confirm.

Online

#4 2018-05-25 15:48:49

figdev
Member
Registered: 2018-05-14
Posts: 68  

Re: FIXED: how much is enough?

oh!

well, thats alright. i am happy to post this way for a while, thanks for letting me know what you know.

edit: the thread didnt have the confirm request yet. confirmed, this is fixed-- thank you again, and thank you ralph as well.

Last edited by figdev (2018-05-25 15:52:06)

Offline

#5 2018-05-25 15:55:35

ralph.ronnquist
Administrator
From: Clifton Hill, Victoria, AUS
Registered: 2016-11-30
Posts: 260  

Re: FIXED: how much is enough?

Yes, your IP got classified as "dubious", not so much as a quality assessment of your posts, but automatically because you (or your software) made a spurious "HEAD /req_message HTTP/1.1" request, which is an unserviceable request. All unserviceable requests gain the dubious qualification, and the subsequent lockout from the server. (I shouldn't tell you when it happened to golinux, or myself even smile).

Which program did you use?

Offline

#6 2018-05-25 16:01:45

golinux
Administrator
Registered: 2016-11-25
Posts: 1,253  

Re: FIXED: how much is enough?

figdev wrote:

edit: the thread didnt have the confirm request yet. confirmed, this is fixed-- thank you again, and thank you ralph as well.

There is no automated "confirmation request".  Just let us know here that it's working.

Online

#7 2018-05-25 16:03:38

figdev
Member
Registered: 2018-05-14
Posts: 68  

Re: FIXED: how much is enough?

golinux wrote:
figdev wrote:

edit: the thread didnt have the confirm request yet. confirmed, this is fixed-- thank you again, and thank you ralph as well.

There is no automated "confirmation request".  Just let us know here that it's working.

it is working.

in retrospect it is really no problem at all, i truly do not know how this "HEAD /req_message HTTP/1.1" was created, and i presume you guys dont know how it happens to you either-- so we are all really on the same page with that i think.

as to the resolution, it was very fast once i found a way to point it out, and if it should happen in the future i will be sure to ask about it before i get too excited.

thanks again.

what program did you use?

before the problem, i *believe* i was only using firefox. it was late and ive slept since then, but i have fairly good reason to think that firefox is the only thing that could have triggered this-- i dont tend to surf the forum with a wide variety of tools.

with all the funny stuff about noscript lately, i cant rule it out as a factor, but i dont want to make it sound like js is required here when im pretty sure its not.

after the problem, i used curl and wget to try to diagnose the blank page i was getting from firefox, but im sure this didnt trigger it retroactively.

edit: i take that back; it is *possible* (i hadnt considered it) that i had an unrelated ssl error/display problem, and curl and wget to diagnose that first problem triggered the dubious thing. i dont think thats what happened-- though i cant rule it out.

i believe the only switches used were -O- for wget and -k for curl though. i often try --no-check-certificate when i (very rarely) have errors with ssl. but thats what the -k is for.

Last edited by figdev (2018-05-25 16:19:44)

Offline

#8 2018-05-25 16:40:59

ralph.ronnquist
Administrator
From: Clifton Hill, Victoria, AUS
Registered: 2016-11-30
Posts: 260  

Re: FIXED: how much is enough?

Thanks. It would be due to firefox, or a plugin.

The particular request is noted as a security issue for "punbb", from 2011, but not a concern for this forum. The point is rather that there is no reason for anyone to attempt an unserviceable URL, and therefore anyone doing so is deemed to be of dubious intention. There have been some 7000 such the last month.

The lockout is at network level, where it gains a plain text (no SSL) response, with an advice of a course of action to take by anyone who, like in this case, is unjustly caught. But, your method is fine too.

Offline

#9 2018-05-25 16:49:51

figdev
Member
Registered: 2018-05-14
Posts: 68  

Re: FIXED: how much is enough?

There have been some 7000 such the last month.

well i have no problem with you trying to protect the forum from known vulnerabilities-- whether presently relevant ones or even incidental and likely irrelevant ones.

if this should happen again, my focus will be on helping you try to figure out the cause with greater precision, so you will be aware of it and perhaps so i can prevent it happening from this client/setup, at least.

if it happens again i will be happy to supply you with browser version, time, plugin, and some d1g urls from my history sorted by most recently visited. that trail is a bit cold now, but if it happens again, sure. next time i will document it as well as i possibly can.

good luck.

Offline

Board footer