Register - Login
Views: 87874050
Main - Memberlist - Active users - Calendar - Wiki - IRC Chat - Online users
Ranks - Rules/FAQ - JCS - Stats - Latest Posts - Color Chart - Smilies
12-17-17 08:04:25 AM

Jul - Meta - Strange Auto-Ban New poll - New thread - New reply
Next newer thread | Next older thread
Q
Seeker of the tru7h
Level: 97


Posts: 2635/2780
EXP: 9023058
For next: 294267

Since: 08-02-07
From: Nowhere

Since last post: 26 days
Last activity: 3 hours

Posted on 08-11-14 06:05:35 AM Link | Quote
A friend of mine got a cookie-based ban from Jul by visiting from this Kotaku article. I've successfully recreated it myself in a couple of browsers. Here are the steps:


1. Clear all Jul cookies. (It doesn't work if you already have Jul cookies.)

2. Go to this TCRF article. (It doesn't seem to work on the main page, but I haven't checked any other pages.)

3. Click the "Jul (Forum)" link on the left sidebar.

4. Click any Jul link on the page, and you'll be taken to the Robotnik ban page.


At that point, you have to clear your Jul cookies again to get rid of it. I don't have any guesses for the technical reason why this ban happens, but it only seems to happen if these exact steps are followed.
Joe
Common spammer
🗿
Level: 104


Posts: 3151/3289
EXP: 11612742
For next: 249384

Since: 08-02-07
From: Pororoca

Since last post: 34 days
Last activity: 2 days

Posted on 08-11-14 07:50:41 AM Link | Quote
The offending cookie seems to be "_pk_ref.4.508c" for containing the string "exec".
Kak

gg photobucket
Level: 68


Posts: 1283/1640
EXP: 2628271
For next: 100529

Since: 09-03-13
From: ???

Since last post: 2 days
Last activity: 1 day

Posted on 08-11-14 08:10:54 AM Link | Quote
This is most likely due to the cookie hack detection in Jul's firewall (aka Xkeeper's secret firewall.php).
My best guess is that it detects "exec" as an hack attempt (considering how exec can be used in PHP, there's a good reason for that) and bans the offending cookie.

I guess that's unfortunate string naming.
Xkeeper






Posted on 09-09-14 04:27:52 AM Link | Quote
only a month late but this is the case, kind of an unfortunate happening

the filter for that isn't meant to actually block any exploits (cookies are not used here for anything but login data after all) but to immediately end any malicious bot sessions

I think I checked at one point and there had been about 3 or 4 people who got hit with it (maybe 5) so it isn't very widespread, and with the interest in that returning to normal it shouldn't happen again
Next newer thread | Next older thread
Jul - Meta - Strange Auto-Ban New poll - New thread - New reply




Rusted Logic

Acmlmboard - commit 2f1bc75 [2017-08-27]
©2000-2017 Acmlm, Xkeeper, Inuyasha, et al.

27 database queries.
Query execution time: 0.138204 seconds
Script execution time: 0.005792 seconds
Total render time: 0.143996 seconds