Go Back   vb.org Archive > vBulletin Modifications > vBulletin 4.x Modifications > vBulletin 4.x Template Modifications
Reload this Page Mini Mods - How to stop CloudFlare / Incapsula bypass for vBulletin.
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
How to stop CloudFlare / Incapsula bypass for vBulletin. Details »»
How to stop CloudFlare / Incapsula bypass for vBulletin.
MOD Information
The Developer
MentaL's Avatar
 
Version: 1.00, by MentaL MentaL is offline
Developer Last Online: Nov 2023 Show Printable Version Email this Page
Category: Mini Mods - Version: 4.2.2 Rating:
Released: 07-29-2014 Last Update: Never Installs: 10
Supported
Re-useable Code Code Changes  

Hi,

There are a few methods to bypass CloudFlare and Incapsulas protection to get the originating server ip, the first being mail server headers (so what I do is use a third party server with modified mail headers that remove the sender IP which would be the server we are trying to protect) and the second is vBulletins image retrieval.

At the moment vBulletin has the following ;
  • avatar image retrieval
  • profile image retrieval
  • album image retrieval
  • ... etc

This is bad! Anyone could simply use an ip logger such as this and then could insert the fake image into the URL field to download it would grab the source ip and bypassing CF/Incapsula. What originally I was doing was editing the template and removing option 1 (the ability to retrieve image url) but as it turns out this is no good, because you can just inject the original code using firebug or element inspector and pretend nothing was ever gone! I did this for months until it was brought to my attention two days ago!

The work around.

We need to disable the following in php.ini (really only the fopen but include stops offsite injections).

Code:
allow_url_fopen = Off
allow_url_include = Off
And secondly we need to disable CURL, we could use the disable_function and add curl_init but then this would disable the facebook integration that's pre-built within vBulletin ! Not good! So , to combat this we do the following;

Edit includes/class_upload.php

find

Code:
if (ini_get('allow_url_fopen') == 0 AND !function_exists('curl_init'))
replace with

Code:
if (ini_get('allow_url_fopen') == 0)
Sorted! since all vBulletin base upload and image retrievals are based through this class its effectively side wide stopping any automatic retrievals and disabling the usage of ip image loggers.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #2  
Old 07-31-2014, 09:35 PM
gilakunters gilakunters is offline
 
Join Date: Feb 2012
Posts: 2
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
nice to share your fixes
Reply With Quote
  #3  
Old 08-01-2014, 11:01 PM
MentaL's Avatar
MentaL MentaL is offline
 
Join Date: Jan 2003
Posts: 550
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Happy to help
Reply With Quote
  #4  
Old 08-13-2014, 02:16 PM
fxdigi-cash fxdigi-cash is offline
 
Join Date: Jul 2012
Posts: 674
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Great share.

Thanks a lot.
Reply With Quote
Благодарность от:
MentaL
  #5  
Old 08-16-2014, 04:44 AM
fxdigi-cash fxdigi-cash is offline
 
Join Date: Jul 2012
Posts: 674
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
by the way, if we turned off the Curl php function the image insertion property won't work anymore. it will give you an error saying " remove upload has been disabled" or similar message...

is there a fix for this because Curl php is important function for vb board...
Reply With Quote
  #6  
Old 08-16-2014, 01:51 PM
MentaL's Avatar
MentaL MentaL is offline
 
Join Date: Jan 2003
Posts: 550
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by fxdigi-cash View Post
by the way, if we turned off the Curl php function the image insertion property won't work anymore. it will give you an error saying " remove upload has been disabled" or similar message...

is there a fix for this because Curl php is important function for vb board...
You want all forms of image retrieval disabled or else ip loggers are used. Embedding and direct uploading is fine but the other methods are not.
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 01:41 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04293 seconds
  • Memory Usage 2,267KB
  • Queries Executed 20 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (3)bbcode_code
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (6)post_thanks_box
  • (1)post_thanks_box_bit
  • (6)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (6)post_thanks_postbit_info
  • (5)postbit
  • (6)postbit_onlinestatus
  • (6)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete