Support ⇒ Explain Please :: Archives ⇒ 9.1.1 Security Feature - About Flood Protection: :: Archived ⇒ Community Forums ⇒ CPG Dragonfly™ CMS
Forum IndexExplain Please

Archived ⇒ 9.1.1 Security Feature - About Flood Protection:


Is there any documentation for this?
I had a look but couldn't find anything.

I've had a few members saying they're getting banned by the flood protection system, how does this system work and can I configure any part of it?

Norbie

www.norbiesworld.co.uk

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux / Apache Custom Version / 4.0.26-standard (client: 5.0.15) / 4.4.4 / 9.1.1


the flooding security system will warn them with FULL PAGE telling them what to do, it will show the full page warning 3 times before they get banned for 24 hours.

they are allowed to do 2 click within 2 seconds ... the 3rd click within 2 seconds will display the first warning.

you can however delete their ip manually from admin => security => flooding.

.... 3 times a full page warning ....

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.7 / PHP 7.3 / head


Thankyou.

Could I also ask about the Unknown User-Agents part as well please. When I click on details it does not open up another page. If this section blocks Unknown User-Agents I presume it has a database of all known user-agents including browsers?

Norbie

www.norbiesworld.co.uk

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux / Apache Custom Version / 4.0.26-standard (client: 5.0.15) / 4.4.4 / 9.1.1


not fully implemented yet this is why the link doesn't take you anywhere.

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.7 / PHP 7.3 / head


hrmm.. I did as you mentioned above, and Im not able to clear these IP's

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux/Apache-2/MySQL-4/PHP-4/CMS-9.1RC2


Same, delete them in the database.

Norbie

www.norbiesworld.co.uk

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux / Apache Custom Version / 4.0.26-standard (client: 5.0.15) / 4.4.4 / 9.1.1


done...cms_security

odd tho, the IP address was NULL where would the IP have been stored ?

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux/Apache-2/MySQL-4/PHP-4/CMS-9.1RC2


you are both missing files ... 9.1.1 move flooding ip in "Flooding" no in "IPs" ... just to be sure if you click on "details" do you see "flooding detected by yser agent ...." if so then this is not 9.1.1

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.7 / PHP 7.3 / head


I've got a couple users complaining that the flood protection is blocking their IP as well, and that if they click on a link one time they get the warning page (not actually flooding).

Any ideas?

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Debian Linux/apache 1.3/4.0.23_Debian-1-log/4.3.10-2/9.0.6.1


3 clicks with 2 seconds: warning, wait 8 seconds
one more click after the warning but before the 8 seconds expire: warning, wait 10 seconds more
one more click after the waring but before 10 seconds expire: warning wait 12 seconds.
on more click you get banned for 24 hours: admin might remove single IPs at any time or select to remove 24H old bans.

Many security systems counts how many requests within a determinated time (2 seconds) this can lead attackers to send thousands of requests within 2 seconds. Our security system works in a different way, user should need to get use to it and webmasters too.

insaner if they get a waring its just a warning and since they are waiting a determinated time of seconds they will not get anymore warnings or getting banned until the system register 3 clicks within 2 seconds.

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.7 / PHP 7.3 / head


Can you define a "click"? A javascript or CSS menu might easily be clicked 3 times in 2 seconds. And navigation (to a article in a content module for example) might so be done with 3 clicks on html links.

Whilst I don't want to be flooded, I don't want a system that requires users to navigate slowly. People will not put up with it and go elsewhere.

To give 3 clicks in 2 seconds is possible by good users and it would be nice to be able to set the number of clicks higher to suit a faster user group.

Maybe I don't understand fully since I can't actually get a warning on my test system however fast I click.

Please enter your server specs in your user profile! 😢


because you are logged in as admin?

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.7 / PHP 7.3 / head


NanoCaiordo wrote
3 clicks with 2 seconds: warning, wait 8 seconds
one more click after the warning but before the 8 seconds expire: warning, wait 10 seconds more
one more click after the waring but before 10 seconds expire: warning wait 12 seconds.
on more click you get banned for 24 hours: admin might remove single IPs at any time or select to remove 24H old bans.

Many security systems counts how many requests within a determinated time (2 seconds) this can lead attackers to send thousands of requests within 2 seconds. Our security system works in a different way, user should need to get use to it and webmasters too.

insaner if they get a waring its just a warning and since they are waiting a determinated time of seconds they will not get anymore warnings or getting banned until the system register 3 clicks within 2 seconds.


Thanks Nano, but it turns out it isn't my user's browsing habits. At first I thought it was just the fact they are clicking too fast, but it turns out they are getting the warning after immediately visiting the site and clicking a single link:

www.cpgnuke.com/Forums...18074.html

Has to do with Google Web Accelerator (or similiar products). I believe this is something that is a serious issue, as anyone out there in the world could have this installed and it would nearly immediatly ban them if they are using it.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Debian Linux/apache 1.3/4.0.23_Debian-1-log/4.3.10-2/9.0.6.1


because you are logged in as admin?


No I logged in as a test user. I click like mad and nothing happens.

Please enter your server specs in your user profile! 😢


BrokenCrust wrote
because you are logged in as admin?


No I logged in as a test user. I click like mad and nothing happens.


Here neither since it's hard to achieve the flooding. I've only seen it happen while there were iframe's on a page that all accessed index.php (which kicks in cmsinit.inc securtiy::check())

Keep in that a flooder does more simultanious requests (like the iframes do)

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial

All times are UTC