DragonByte Tech
Well-known member
That sounds like someone using an unsupported device.
![[DBTech] DragonByte Security](/community/data/resource_icons/5/5868.jpg?1592168450){kind=icon}
[DBTech] DragonByte Security [Paid] 5.1.0.1
- Thread starter DragonByte Tech
- Start date
Nirjonadda
Well-known member
@DragonByte Tech Also getting other Server error log.
Code:
XF\Db\DuplicateKeyException: MySQL query error [1062]: Duplicate entry 'ea2cb2df8490aa6aa6b2093ff5e0d4a5-8' for key 'fingerprint_user_id' src/XF/Db/AbstractStatement.php:228
Generated by: arn43 Dec 18, 2019 at 6:46 PM
Stack trace
INSERT INTO `xf_dbtech_security_fingerprint_log` (`user_id`, `fingerprint`, `ipaddress`, `components`, `fingerprint_log_id`, `dateline`) VALUES (?, ?, ?, ?, ?, ?)
------------
#0 src/XF/Db/Mysqli/Statement.php(196): XF\Db\AbstractStatement->getException('MySQL query err...', 1062, '23000')
#1 src/XF/Db/Mysqli/Statement.php(77): XF\Db\Mysqli\Statement->getException('MySQL query err...', 1062, '23000')
#2 src/XF/Db/AbstractAdapter.php(94): XF\Db\Mysqli\Statement->execute()
#3 src/XF/Db/AbstractAdapter.php(218): XF\Db\AbstractAdapter->query('INSERT INTO `x...', Array)
#4 src/XF/Mvc/Entity/Entity.php(1452): XF\Db\AbstractAdapter->insert('xf_dbtech_secur...', Array, false)
#5 src/XF/Mvc/Entity/Entity.php(1184): XF\Mvc\Entity\Entity->_saveToSource()
#6 src/addons/DBTech/Security/Watcher/NewStaffFingerprint.php(71): XF\Mvc\Entity\Entity->save()
#7 src/addons/DBTech/Security/Watcher/AbstractHandler.php(172): DBTech\Security\Watcher\NewStaffFingerprint->preCheck(Array, Object(Datio\AllowedEmails\XF\Entity\User))
#8 src/addons/DBTech/Security/Pub/Controller/Fingerprint.php(37): DBTech\Security\Watcher\AbstractHandler->trigger(Array, Object(Datio\AllowedEmails\XF\Entity\User))
#9 src/XF/Mvc/Dispatcher.php(350): DBTech\Security\Pub\Controller\Fingerprint->actionIndex(Object(XF\Mvc\ParameterBag))
#10 src/XF/Mvc/Dispatcher.php(257): XF\Mvc\Dispatcher->dispatchClass('DBTech\\Security...', 'Index', Object(XF\Mvc\RouteMatch), Object(DBTech\Security\Pub\Controller\Fingerprint), NULL)
#11 src/XF/Mvc/Dispatcher.php(113): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(DBTech\Security\Pub\Controller\Fingerprint), NULL)
#12 src/XF/Mvc/Dispatcher.php(55): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#13 src/XF/App.php(2184): XF\Mvc\Dispatcher->run()
#14 src/XF.php(391): XF\App->run()
#15 index.php(20): XF::runApp('XF\\Pub\\App')
#16 {main}
Request state
array(4) {
["url"] => string(38) "/index.php?dbtech-security/fingerprint"
["referrer"] => string(65) "/threads/angel.3846/"
["_GET"] => array(1) {
["dbtech-security/fingerprint"] => string(0) ""
}
["_POST"] => array(6) {
["fingerprint"] => string(32) "ea2cb2df8490aa6aa6b2093ff5e0d4a5"
["components"] => array(23) {
[0] => array(2) {
["key"] => string(10) "user_agent"
["value"] => string(101) "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36"
}
[1] => array(2) {
["key"] => string(8) "language"
["value"] => string(5) "en-US"
}
[2] => array(2) {
["key"] => string(11) "color_depth"
["value"] => string(2) "24"
}
[3] => array(2) {
["key"] => string(13) "device_memory"
["value"] => string(1) "4"
}
[4] => array(2) {
["key"] => string(20) "hardware_concurrency"
["value"] => string(1) "2"
}
[5] => array(2) {
["key"] => string(10) "resolution"
["value"] => array(2) {
[0] => string(4) "1366"
[1] => string(3) "768"
}
}
[6] => array(2) {
["key"] => string(20) "available_resolution"
["value"] => array(2) {
[0] => string(4) "1366"
[1] => string(3) "728"
}
}
[7] => array(2) {
["key"] => string(15) "timezone_offset"
["value"] => string(4) "-360"
}
[8] => array(2) {
["key"] => string(15) "session_storage"
["value"] => string(1) "1"
}
[9] => array(2) {
["key"] => string(13) "local_storage"
["value"] => string(1) "1"
}
[10] => array(2) {
["key"] => string(10) "indexed_db"
["value"] => string(1) "1"
}
[11] => array(2) {
["key"] => string(13) "open_database"
["value"] => string(1) "1"
}
[12] => array(2) {
["key"] => string(9) "cpu_class"
["value"] => string(7) "unknown"
}
[13] => array(2) {
["key"] => string(18) "navigator_platform"
["value"] => string(5) "Win32"
}
[14] => array(2) {
["key"] => string(15) "regular_plugins"
["value"] => array(3) {
[0] => string(80) "Chrome PDF Plugin::Portable Document Format::application/x-google-chrome-pdf~pdf"
[1] => string(40) "Chrome PDF Viewer::::application/pdf~pdf"
[2] => string(57) "Native Client::::application/x-nacl~,application/x-pnacl~"
}
}
[15] => array(2) {
["key"] => string(6) "canvas"
["value"] => string(32863) "canvas winding:yes~canvas fp:data:image/png;base64,="
}
[16] => array(2) {
["key"] => string(12) "webgl_vendor"
["value"] => string(74) "Google Inc.~ANGLE (Intel(R) G41 Express Chipset Direct3D9Ex vs_3_0 ps_3_0)"
}
[17] => array(2) {
["key"] => string(7) "adblock"
["value"] => string(4) "true"
}
[18] => array(2) {
["key"] => string(18) "has_lied_languages"
["value"] => string(5) "false"
}
[19] => array(2) {
["key"] => string(19) "has_lied_resolution"
["value"] => string(5) "false"
}
[20] => array(2) {
["key"] => string(11) "has_lied_os"
["value"] => string(5) "false"
}
[21] => array(2) {
["key"] => string(16) "has_lied_browser"
["value"] => string(5) "false"
}
[22] => array(2) {
["key"] => string(13) "touch_support"
["value"] => array(3) {
[0] => string(1) "0"
[1] => string(5) "false"
[2] => string(5) "false"
}
}
}
["_xfRequestUri"] => string(43) "/threads/angel.3846/"
["_xfWithData"] => string(1) "1"
["_xfToken"] => string(8) "********"
["_xfResponseType"] => string(4) "json"
}
}I have determined this addon is conflicting with another addon of mine causing random Security error's:
This occurs when trying to do anything javascript related after a browser has been closed (View alerts, notifications, quick reply) and then come back to it. It can occur after just minutes or several hours, there is no rhyme or reason that I could detect. Disabling this addon has stopped this problem from occurring.
Hi,
we can report a similar Problem. But we can` t really pin it down.
What we know is that when we disable DBTech Security the Problem is gone. Disabling the Fingerprint Feature seems to let it occur less often. I can` t find any related errors in my nginx logs. It seems to that it happens more often to Android Users than to Apple or Windows Users.
We have some Users where it happens regularly but only a very small minority
Software is up to date XF as well as Dragon.
I know this is an error discribtion every Developer must hate .... please excuse but maybe there are more Security Users Facing this ??
Kind Regards
doublespaces
Well-known member
Can you PM(and probably the dev) me a list of your add-ons or post it here?
Sure ... I start with a Screenshot of my AddOn Directory ... if we have any similar AddOns we can dig deeper
DragonByte Tech
Well-known member
It definitely should
DragonByte Tech
Well-known member
Successful logins are only logged if they also triggered a security event such as failing to login THEN succeeding.
I don’t believe user agent is currently logged, but I’m not at my computer right now so I can’t check for certain.
DragonByte Tech
Well-known member
Sorry I think you posted this in the wrong thread, this is the DragonByte Security thread
DragonByte Tech
Well-known member
Oh I see, to be honest I don't know. I do believe you can use card without needing a PayPal account, but I haven't tried. Sorry I couldn't be of more help.Yes I know, this is the dragonbyte security thread
I am from Turkey and Paypal is not working in Turkey.
If possible, I can pay only via Paypal guess checkout
DragonByte Tech
Well-known member
Sadly not, there's no feature like that in this add-on.
SeToY
Well-known member
I'm getting the same error:
Code:
Server error log
[LIST]
[*]Assert\InvalidArgumentException: Invalid data
[*]src\addons\DBTech\Security\vendor\beberlei\assert\lib\Assert\Assertion.php:2752
[*]Generated by: Username
[*]22 Apr 2020 at 18:01
[/LIST]
Stack trace
#0 src\addons\DBTech\Security\vendor\beberlei\assert\lib\Assert\Assertion.php(319): Assert\Assertion::createException(0, 'Invalid data', 33, NULL, Array)
#1 src\addons\DBTech\Security\vendor\web-auth\webauthn-lib\src\PublicKeyCredentialLoader.php(78): Assert\Assertion::eq(0, 4, 'Invalid data')
#2 src\addons\DBTech\Security\vendor\web-auth\webauthn-lib\src\Server.php(201): Webauthn\PublicKeyCredentialLoader->load('')
#3 src\addons\DBTech\Security\Tfa\WebAuthn.php(218): Webauthn\Server->loadAndCheckAttestationResponse('', Object(Webauthn\PublicKeyCredentialCreationOptions), Object(Nyholm\Psr7\ServerRequest))
#4 src\XF\Pub\Controller\Account.php(897): DBTech\Security\Tfa\WebAuthn->verify('setup', Object(SV\SignupAbuseBlocking\XF\Entity\User), Array, Object(XF\Http\Request))
#5 src\XF\Mvc\Dispatcher.php(350): XF\Pub\Controller\Account->actionTwoStepEnable(Object(XF\Mvc\ParameterBag))
#6 src\XF\Mvc\Dispatcher.php(257): XF\Mvc\Dispatcher->dispatchClass('XF:Account', 'TwoStepenable', Object(XF\Mvc\RouteMatch), Object(SV\SignupAbuseBlocking\XF\Pub\Controller\Account), NULL)
#7 src\XF\Mvc\Dispatcher.php(113): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(SV\SignupAbuseBlocking\XF\Pub\Controller\Account), NULL)
#8 src\XF\Mvc\Dispatcher.php(55): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#9 src\XF\App.php(2184): XF\Mvc\Dispatcher->run()
#10 src\XF.php(391): XF\App->run()
#11 index.php(20): XF::runApp('XF\\Pub\\App')
#12 {main}
Request state
array(4) {
["url"] => string(46) "/account/two-step/dbtech_security_authn/enable"
["referrer"] => string(82) "https://domain.com/account/two-step/dbtech_security_authn/enable"
["_GET"] => array(0) {
}
["_POST"] => array(7) {
["nickname"] => string(10) "Username"
["publicKeyCredential"] => string(0) ""
["step"] => string(7) "confirm"
["_xfToken"] => string(8) "********"
["_xfRequestUri"] => string(46) "/account/two-step/dbtech_security_authn/enable"
["_xfWithData"] => string(1) "1"
["_xfResponseType"] => string(4) "json"
}
}Is there anything that can be done (as in "unsupported device" you mean an unsupported security device?) as to not throw a server error (or rather a user error) for that?
SeToY
Well-known member
Another question: I've configured the watcher
AdminCP Access Attempts to trigger after 1 intrusion and to send an e-mail to the web master as well as ban the IP address. Turns out my test user needed two failed logins for this watcher to be triggered. Only after the second failed login I was sent an e-mail... I was under the impression the "intrusions" value is evaluated inclusively? Because otherwise that'd mean that if I'd want to receive an e-mail after 3 failed admin cp logins, I'd need to set the "intrusions" value to 2, wouldn't I?
DragonByte Tech
Well-known member
Could you please re-post these as separate tickets @ our site? I won't be able to look into this tonight and I don't want to risk forgetting / these being buried by other posts.
Thanks!
Thanks!
D
Deleted member 91401
Guest
@DragonByte Tech I'm thinking of buying this but one thing I want to protect my forum from is scraping. People being able to use bots to scrape my content contents/posts, etc.
Does this add-on come with something that implements protection against this? An add-on existed for XF1.
but seems dead now, wondering if this is something you can make possible @DragonByte Tech
Does this add-on come with something that implements protection against this? An add-on existed for XF1.
but seems dead now, wondering if this is something you can make possible @DragonByte Tech
