Elxis CMS Forum
Support => Elxis 4.x/5.x DEV => Topic started by: matteomantovani on January 18, 2013, 15:33:32
-
Hi, I do not know how repair Elxis when defender works. I have this error: SEC-DEFB-0001.
Could you help me?
-
find repository via ftp(filezilla etc.).. then delete the hash file...
u are done ..
-
hash file?
Matteo
-
read here:
https://forum.elxis.org/index.php?topic=7401.msg47849#msg47849
I hope this can help.
-
Thanks Amigamerlin,
I have not a hash file in repository/other/, but I have renamed defender_ban.php, and now it seems running well.
Matteo
-
SEC-DEFB-0001
SEC means Security.
DEFB means that you have been banned by the Elxis Defender.
0001 means that your IP match the first banned ip address in defender logs.
You can solve this in 2 ways:
1. Delete this file: repository/logs/defender_bans.php (or edit it, remove only your own ip address and keep the rest banned). In case you delete it Elxis will re-create it when needed, so it is safe to delete it.
2. Edit configuration.php and disable defender by setting $DEFENDER = ''; . then login in administration, go to logs, clear defender logs, go to configuration and re-enable defender.
-
Is it possible to investigate why a user was banned? They got this same code: SEC-DEFB-0001.
I have removed their IP address from the banned list but wondering if there is a log with more details on WHY they were banned?
Thanks!
-
Code SEC-DEFB-0001 tells us that the user was banned. BEFORE that he would have been blocked and an other security code and explanation would be shown to him. Since Elxis 4.4 Elxis has a security.log. You can investigate that file and track his IP address to find out why he was initially blocked.
-
thanks datahell, is that the file called "error.log" ?
I suspect when I just got banned myself it was because I visited several pages in quick succession, and Elxis Defender thought it was some sort of attack. Is there a way to make this setting less strict? i.e. to keep Elxis Defender turned on, but to allow for some rapid visiting of various pages?
-
I've downloaded and looked at error.log but there are no IP addresses there. I see these other files but they are empty: warning.log notice.log
I can't see any security.log - the site is Elxis 4.4
-
Hi @seadhna,
You should find this on log menu. The log name is "Defender bans"
just attached the screenshot
-
thanks - i found security.log where you suggest in the CMS - but where is this located in the folder directory via FTP?
-
I can't find any record of the instances where client or myself has been banned, which happened just a few days ago, but wondering what this means?
POST /
REFCODE: DEFB-0006 Empty HTTP REFERER on POST request
-
thanks - i found security.log where you suggest in the CMS - but where is this located in the folder directory via FTP?
By defauls the file located in
root domain /repository/logs/
-
Hello,
Please update your Elxis CMS installation to the latest version as released in July 31, 2016. [1]
- Stopped Elxis Defender blocking POST requests with empty HTTP REFERRER. This check is
now enabled only when security level is above normal (high and insane). The empty HTTP
REFERRER check removed from the normal security level because it caused problems on third
party services (like paypal IPN and similar API calls).
[1]: https://forum.elxis.org/index.php?topic=8707.msg55740#msg55740 (https://forum.elxis.org/index.php?topic=8707.msg55740#msg55740)