Elxis CMS Forum
Support => Security => Topic started by: seadhna on August 31, 2016, 14:07:00
-
A user is getting the error message:
SECURITY ALERT
Request dropped!
Bad Host
Reference Code: SEC-DEFG-0004
Sorry for the inconvenience.
Can you advise what might be causing this alert? I cannot find any reference to this code in the Elxis Docs. If there is a page explaining the different error messages, please do let me know and I will refer to that instead. The website is working for all other users.
-
This incident is not recorded in the security.log - there are no incidents of this error type: DEFG-0004 in the security log
-
Hello,
It depends of your installation as general rules have been modified. I assume that you used
non acceptable chars like \x0e, \x0f, \x10, \x11, \x12, \x13, \x14, \x15, \x16, \x17, \x18,
\x19, \x1a, \x1b, \x1c, \x1d, \x1e, \x1f.
Have you submitted such data on a form or implement a combination of these at URL?
-
sorry, I don't know what this means.
-
I found the user's ip address in the list of bans (1 occasion, not banned). I have removed the IP address from the defender_bans, but they are still seeing this error message.
-
Elxis defender blocks you because your ISP provider is considered suspicious for web attacks. In Elxis 4.5 rev1886 this is the list you are interested in:
virtua.com.br
sl-reverse.com
myhosting.com
phpnet.org
cappuccino.dreamhost.com
indianitoffice.com
nowhiringu.com
rzone.de
If you are not in this list you might have an older elxis version. Open defender's general rules file and remove your host from the list of blocks hosts:
includes/libraries/elxis/defender/general.rules.php
Tip: Look at the fifth array (counting starts from 0).
-
I'm sorry i was start counting from 1 so the rule is different than the correct one.
-
Great, thanks! It is indeed the Virtua NET isp.