Welcome,
Guest
.
Please
login
or
register
.
Did you miss your
activation email
?
News:
Elxis 5.5 Calypso supports 2 factor authentication login with e-mail or SMS.
Home
Help
Login
Register
Elxis CMS Forum
»
Support
»
Security
»
SEC-DEFG-0004
« previous
next »
Print
Pages: [
1
]
Author
Topic: SEC-DEFG-0004 (Read 9334 times)
seadhna
Hero Member
Posts: 509
SEC-DEFG-0004
«
on:
August 31, 2016, 14:07:00 »
A user is getting the error message:
SECURITY ALERT
Request dropped!
Bad Host
Reference Code: SEC-DEFG-0004
Sorry for the inconvenience.
Can you advise what might be causing this alert? I cannot find any reference to this code in the Elxis Docs. If there is a page explaining the different error messages, please do let me know and I will refer to that instead. The website is working for all other users.
Logged
seadhna
Hero Member
Posts: 509
Re: SEC-DEFG-0004
«
Reply #1 on:
August 31, 2016, 14:15:38 »
This incident is not recorded in the security.log - there are no incidents of this error type: DEFG-0004 in the security log
Logged
webgift
Elxis Team
Hero Member
Posts: 4193
Re: SEC-DEFG-0004
«
Reply #2 on:
August 31, 2016, 16:37:09 »
Hello,
It depends of your installation as general rules have been modified. I assume that you used
non acceptable chars like \x0e, \x0f, \x10, \x11, \x12, \x13, \x14, \x15, \x16, \x17, \x18,
\x19, \x1a, \x1b, \x1c, \x1d, \x1e, \x1f.
Have you submitted such data on a form or implement a combination of these at URL?
«
Last Edit: August 31, 2016, 16:42:58 by webgift
»
Logged
Elxis Team •
Custom web design [EN]
-
[EL]
•
.GR Registrar
seadhna
Hero Member
Posts: 509
Re: SEC-DEFG-0004
«
Reply #3 on:
August 31, 2016, 17:07:58 »
sorry, I don't know what this means.
Logged
seadhna
Hero Member
Posts: 509
Re: SEC-DEFG-0004
«
Reply #4 on:
August 31, 2016, 17:09:11 »
I found the user's ip address in the list of bans (1 occasion, not banned). I have removed the IP address from the defender_bans, but they are still seeing this error message.
Logged
datahell
Elxis Team
Hero Member
Posts: 10358
Re: SEC-DEFG-0004
«
Reply #5 on:
August 31, 2016, 23:26:25 »
Elxis defender blocks you because your ISP provider is considered suspicious for web attacks. In Elxis 4.5 rev1886 this is the list you are interested in:
virtua.com.br
sl-reverse.com
myhosting.com
phpnet.org
cappuccino.dreamhost.com
indianitoffice.com
nowhiringu.com
rzone.de
If you are not in this list you might have an older elxis version. Open defender's general rules file and remove your host from the list of blocks hosts:
includes/libraries/elxis/defender/general.rules.php
Tip: Look at the fifth array (counting starts from 0).
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
webgift
Elxis Team
Hero Member
Posts: 4193
Re: SEC-DEFG-0004
«
Reply #6 on:
September 01, 2016, 10:37:36 »
I'm sorry i was start counting from 1 so the rule is different than the correct one.
Logged
Elxis Team •
Custom web design [EN]
-
[EL]
•
.GR Registrar
seadhna
Hero Member
Posts: 509
Re: SEC-DEFG-0004
«
Reply #7 on:
September 01, 2016, 15:00:45 »
Great, thanks! It is indeed the Virtua NET isp.
Logged
Print
Pages: [
1
]
« previous
next »
Elxis CMS Forum
»
Support
»
Security
»
SEC-DEFG-0004