[DBTech] DragonByte Security [Paid] 4.0.1

[Alpha1]

I found it. It was not your addon, but a matter of uploading the default xf .htaccess file which overwrites our .htaccess file and thus the adhandler.

Thanks for your swift support!

 

[Alpha1]

I am getting this error:

Error Info
ErrorException: Undefined index: Range - library/DBTech/Security/3rdParty/bad-behavior/movabletype.inc.php:7
Generated By: Unknown Account, Yesterday at 4:34 PM
Stack Trace
#0 /library/DBTech/Security/3rdParty/bad-behavior/movabletype.inc.php(7): XenForo_Application::handlePhpError(8, 'Undefined index...', '/home/...', 7, Array)
#1 /library/DBTech/Security/3rdParty/bad-behavior/core.inc.php(220): bb2_movabletype(Array)
#2 /library/DBTech/Security/3rdParty/bad-behavior/core.inc.php(123): bb2_screen(Array, Array)
#3 /library/DBTech/Security/XenForo/EventListener/FrontControllerPostView.php(66): bb2_start(Array)
#4 /library/XenForo/CodeEvent.php(90): DBTech_Security_XenForo_EventListener_FrontControllerPostView::listen(Object(XenForo_FrontController), '<!DOCTYPE html>...')
#5 /library/XenForo/FrontController.php(183): XenForo_CodeEvent::fire('front_controlle...', Array)
#6 /index.php(13): XenForo_FrontController->run()
#7 {main}
Request State
array(3) {
  ["url"] => string(57) "https://forum.com/forum/showwiki.php?title=x"
  ["_GET"] => array(1) {
    ["title"] => string(8) "x"
  }
  ["_POST"] => array(0) {
  }
}

 

[DragonByte Tech]

I am getting this error

That's a bug in their code, once the new version is ready I'll check to see if there's an update to that integration library


Fillip

 

[Alpha1]

Have you made Michael aware of the bug?
https://redmine.ioerror.us/projects/bad-behavior/issues?set_filter=1&tracker_id=1

 

[ENF]

New error popped up yesterday:

Error Info
ErrorException: Undefined index: user_id - library/DBTech/Security/ActionAdmin/Search.php:552
Generated By: Administrator, Yesterday at 8:47 PM
Stack Trace
#0 /home/nginx/domains/agreatdomainnamegoeshere.com/public/library/DBTech/Security/ActionAdmin/Search.php(552): XenForo_Application::handlePhpError(8, 'Undefined index...', '/home/nginx/dom...', 552, Array)
#1 /home/nginx/domains/agreatdomainnamegoeshere.com/public/library/DBTech/Security/ActionAdmin/Search.php(181): DBTech_Security_ActionAdmin_Search->_getIpUsageByIpFromLog('XXX.XXX.XXX.XXX', 0, 1)
#2 /home/nginx/domains/agreatdomainnamegoeshere.com/public/library/DBTech/Security/Application/Core.php(337): DBTech_Security_ActionAdmin_Search->actionDoSearch()
#3 /home/nginx/domains/agreatdomainnamegoeshere.com/public/library/DBTech/Security/XenForo/ControllerAdmin/Security.php(32): DBTech_Security_Application_Core->runAction()
#4 /home/nginx/domains/agreatdomainnamegoeshere.com/public/library/XenForo/FrontController.php(351): DBTech_Security_XenForo_ControllerAdmin_Security->actionIndex()
#5 /home/nginx/domains/agreatdomainnamegoeshere.com/public/library/XenForo/FrontController.php(134): XenForo_FrontController->dispatch(Object(XenForo_RouteMatch))
#6 /home/nginx/domains/agreatdomainnamegoeshere.com/public/admin.php(13): XenForo_FrontController->run()
#7 {main}
Request State
array(3) {
  ["url"] => string(60) "https://agreatdomainnamegoeshere.com/admin.php?dbtech-security/search"
  ["_GET"] => array(1) {
    ["dbtech-security/search"] => string(0) ""
  }
  ["_POST"] => array(8) {
    ["ipaddress"] => string(13) "XXX.XXX.XXX.XXX"
    ["username"] => string(0) ""
    ["depth"] => string(1) "2"
    ["action"] => string(9) "do-search"
    ["searchType"] => string(1) "1"
    ["_xfToken"] => string(8) "********"
    ["do"] => string(6) "search"
    ["id"] => int(0)
  }
}

IP Address & Other details sanitized.

Was using the IP search tool while researching multiple users on certain IP addresses.

 

[DragonByte Tech]

New error popped up yesterday

I've applied a hotfix to v3.3.0 that should resolve this issue


Fillip

 

[ENF]

I've applied a hotfix to v3.3.0 that should resolve this issue


Fillip

Thanks. Will grab a new copy.

 

[Alpha1]

@DragonByte Tech I have sent you the fix by conversation.

 

[Alpha1]

Please consider the follow suggestion:

'Ban' button for Current Visitors -> Robots: /online/?type=robot
This would allow us to quickly ban bad bots from the site.

 

[Alpha1]

I encounter this error:

Error Info
ErrorException: Undefined index: HTTP_USER_AGENT - library/DBTech/Security/XenForo/Model/Security.php:146
Generated By: xxx, 2 minutes ago

Stack Trace
#0 /library/DBTech/Security/XenForo/Model/Security.php(146): XenForo_Application::handlePhpError(8, 'Undefined index...', '/home/...', 146, Array)
#1 /library/DBTech/Security/XenForo/Session.php(108): DBTech_Security_XenForo_Model_Security->createSession(15228)
#2 /library/XenForo/ControllerPublic/Login.php(221): DBTech_Security_XenForo_Session->userLogin(15228, 1490819641)
#3 /library/DBTech/Security/XenForo/ControllerPublic/Login.php(145): XenForo_ControllerPublic_Login->completeLogin(15228, 0, 'https://f...', Array)
#4 /library/XenForo/ControllerPublic/Login.php(144): DBTech_Security_XenForo_ControllerPublic_Login->completeLogin(15228, 0, 'https://f...', Array)
#5 /library/DBTech/Security/XenForo/ControllerPublic/Login.php(6): XenForo_ControllerPublic_Login->actionLogin()
#6 /library/Tac/DeDos/ControllerPublic/Login.php(53): DBTech_Security_XenForo_ControllerPublic_Login->actionLogin()
#7 /library/XenForo/FrontController.php(351): Tac_DeDos_ControllerPublic_Login->actionLogin()
#8 /library/XenForo/FrontController.php(134): XenForo_FrontController->dispatch(Object(XenForo_RouteMatch))
#9 /index.php(13): XenForo_FrontController->run()
#10 {main}
Request State
array(3) {
  ["url"] => string(35) "https://forum.com/login/login"
  ["_GET"] => array(0) {
  }
  ["_POST"] => array(6) {
    ["login"] => string(7) "xxx"
    ["register"] => string(1) "0"
    ["password"] => string(8) "********"
    ["cookie_check"] => string(1) "1"
    ["_xfToken"] => string(8) "********"
    ["redirect"] => string(24) "https://forum.com/"
  }
}

 

[DragonByte Tech]

I encounter this error

That is not something I am able to replicate, did that user attempt to login via CLI or something?


Fillip

 

[Alpha1]

The user is a new member. I have no clue how he accessed login.php but I assume via https.

 

[DragonByte Tech]

The user is a new member. I have no clue how he accessed login.php but I assume via https.

Could you please find out?


Fillip

 

[Alpha1]

My members are asking why my site is connecting to cloudfare for fingerprint2.min.js because they get privacy warnings from noscript. The combination of the warning with the name of the file indeed looks very suspicious.
Could you please include this file in the package to avoid such problems?

 

[DragonByte Tech]

My members are asking why my site is connecting to cloudfare for fingerprint2.min.js because they get privacy warnings from noscript. The combination of the warning with the name of the file indeed looks very suspicious.

If your members are suspicious about that file, they are right to be, as fingerprinting your members is a privacy concern. You should either state this in your privacy policy, and direct your members to that, or disable fingerprinting.


Fillip

 

[Alpha1]

We have been blocking bad bots though browser fingerprinting for many years. Its declared and our members are not worried about that.
The issue is that its trying to connect to cloudfare and thereby causes a warning. Having the file on our server would prevent this.
Could you include it in the library?

 

[DragonByte Tech]

We have been blocking bad bots though browser fingerprinting for many years. Its declared and our members are not worried about that.
The issue is that its trying to connect to cloudfare and thereby causes a warning. Having the file on our server would prevent this.
Could you include it in the library?

Doing that would mean it takes way more effort to keep it up to date with future releases of the fingerprint library, but I'll consider it


Fillip

 

[Alpha1]

Nowadays users just block offsite hosted files, except for a few trusted sites like google. Which defeats the point of a security addon.

 

[markku]

@DragonByte Tech if we buy this add-on with the lifetime option, will this version also be upgraded to support XF2 or do we need to buy another security add-on from you for XF2?

 

[DragonByte Tech]

@DragonByte Tech if we buy this add-on with the lifetime option, will this version also be upgraded to support XF2 or do we need to buy another security add-on from you for XF2?

It's very likely we will be able to offer the existing product for XF2 as well without requiring any upgrade fees
Not all products will be ready for XF2 launch, but Security has been created (just lacking significant testing).

Even if a fee is charged, it would be very minor compared to buying a new licence. For reference, we currently charge $10 for people who wish to convert a vBulletin licence to an XF equivalent.


Fillip