 |
|
|
Mod Options |
How to stop CloudFlare / Incapsula bypass for vBulletin. Details »
|
|||||||||||||||||||||||
|
How to stop CloudFlare / Incapsula bypass for vBulletin.
Developer Last Online: Sep 2020 
Hi,
There are a few methods to bypass CloudFlare and Incapsulas protection to get the originating server ip, the first being mail server headers (so what I do is use a third party server with modified mail headers that remove the sender IP which would be the server we are trying to protect) and the second is vBulletins image retrieval. At the moment vBulletin has the following ;
This is bad! Anyone could simply use an ip logger such as this and then could insert the fake image into the URL field to download it would grab the source ip and bypassing CF/Incapsula. What originally I was doing was editing the template and removing option 1 (the ability to retrieve image url) but as it turns out this is no good, because you can just inject the original code using firebug or element inspector and pretend nothing was ever gone! I did this for months until it was brought to my attention two days ago! The work around. We need to disable the following in php.ini (really only the fopen but include stops offsite injections).
And secondly we need to disable CURL, we could use the disable_function and add curl_init but then this would disable the facebook integration that's pre-built within vBulletin ! Not good! So , to combat this we do the following; Edit includes/class_upload.php find
replace with
Sorted! since all vBulletin base upload and image retrievals are based through this class its effectively side wide stopping any automatic retrievals and disabling the usage of ip image loggers.  Download Now Only licensed members can download files, Click Here for more information. Show Your Support
No members have liked this post.
|
|||||||||||||||||||||||
About Developer
Supported| Comments |
|
#2
31 Jul 2014, 23:35
|
|||
|
|||
|
nice to share your fixes
No members have liked this post.
|
|
#3
02 Aug 2014, 01:01
|
||||
|
||||
|
Happy to help
__________________
RaGEZONE No members have liked this post.
|
|
#4
13 Aug 2014, 16:16
|
|||
|
|||
|
Great share.
Thanks a lot.
__________________
Shoot me a PM if I didn't reply in your post when you needed help. I can't remember things easily 
The following members like this post: MentaL
|
|
#5
16 Aug 2014, 06:44
|
|||
|
|||
|
by the way, if we turned off the Curl php function the image insertion property won't work anymore. it will give you an error saying " remove upload has been disabled" or similar message...
is there a fix for this because Curl php is important function for vb board...
__________________
Shoot me a PM if I didn't reply in your post when you needed help. I can't remember things easily
No members have liked this post.
|
|
#6
16 Aug 2014, 15:51
|
||||
|
||||
|
Originally Posted by fxdigi-cash
You want all forms of image retrieval disabled or else ip loggers are used. Embedding and direct uploading is fine but the other methods are not.
__________________
RaGEZONE No members have liked this post.
|
|
«
Previous Mod
|
Next Mod
»
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Mod Options | |
|
|
| New To Site? | Need Help? |
All times are GMT. The time now is 14:44.