Welcome Guest ( Log In | Register )

Outline · [ Standard ] · Linear+

 Posting code snippet triggers Cloudflare security

views
     
TSsoonwai
post May 7 2023, 08:46 PM, updated 11 months ago


*******
Senior Member
9,989 posts

Joined: Oct 2007
From: KL


Tried to post the below in https://forum.lowyat.net/index.php?showtopi...ost&p=107206026

But it triggers Cloudflare "forum.lowyat.net needs to review the security of your connection before proceeding" then it goes back to the main forum page. Post was not posted.

Removing this one line then it was ok.
user posted image

I also added some spaces to that line then it was OK but doing the same and adding spaces doesn't work here.

Any ideas why? Swear I'm not attacking the forum.

Added: Cloudflare Ray ID: 7c3b3fc6cc9e898c

________________

What's new in 7.9 (2023-May-02 08:35):
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;

Is the above working for you all?

I've been using the script below to achieve the same thing since ROS6. Lazy to reconfigure my router to try.

Script (by sob) is from here: https://forum.mikrotik.com/viewtopic.php?t=182894#p911478

*Can't seem to post the script. Trigger lowyat forum security every time. For some reason, lyn does not like this line of text:
user posted image

CODE
:local Config {{name="addr1";addr="::0:0:0:1"}}
foreach C in=$Config do={
 :local IdAddr [/ipv6 address find comment=($C->"name")]
 :local Interface [/ipv6 address get $IdAddr interface]
 :local Disabled [/ipv6 address get $IdAddr disabled]
 :local IdPrefix [/ipv6 nd prefix find interface=$Interface valid-lifetime="0s"]
 :local OldAddr [/ipv6 address get $IdAddr address]
 :local OldPrefix (([:toip6 [:pick $OldAddr 0 [:find $OldAddr "/"]]] & ffff:ffff:ffff:ffff::)."/64")
######## Line removed
   :log info "pd-valid is 1"
   :local NewAddr (([:toip6 [:pick $"pd-prefix" 0 [:find $"pd-prefix" "/"]]] | [:toip6 ($C->"addr")])."/64")
   :local NewPrefix (([:toip6 [:pick $NewAddr 0 [:find $NewAddr "/"]]] & ffff:ffff:ffff:ffff::)."/64")
   :if ($OldAddr != $NewAddr || $Disabled = true) do={
     :if ($OldPrefix = $NewPrefix)  do={
       /ipv6 nd prefix set $IdPrefix disabled=yes
       :delay 1s
     }
     :log info ($Interface.": new prefix: ".$NewPrefix)
     /ipv6 address set $IdAddr address=$NewAddr disabled=no
     :delay 1s
     :if ($OldPrefix != $NewPrefix && $OldPrefix != ::/64)  do={
       /ipv6 nd prefix set $IdPrefix prefix=$OldPrefix disabled=no
       :log info ($Interface.": expired prefix: ".$OldPrefix)
       :delay 1s
     }
   }
 } else={
   /ipv6 address set $IdAddr disabled=yes
   :delay 1s
   /ipv6 nd prefix set $IdPrefix prefix=$OldPrefix disabled=no
   :log info ($Interface.": expired prefix: ".$OldPrefix)
   :delay 1s
 }
}


This post has been edited by soonwai: May 8 2023, 01:42 AM
Tullamarine
post May 8 2023, 10:43 PM

Getting Started
**
Validating
163 posts

Joined: Apr 2020
You lucky, able to find out which line triggered it, I encounter it many times on this forum, no matter I try [ code ] or [ codeblock ] or even without tag at all, still trigger the security message.

For example, I tried about 20 times posting before I remove the section that triggered the warning:
https://forum.lowyat.net/topic/5375495

I end up use itextpad or pastebin, or screenshot the code snippet.

But I agree this forum is not technical coding forum, so it doesn't matter.
TSsoonwai
post May 9 2023, 12:08 AM


*******
Senior Member
9,989 posts

Joined: Oct 2007
From: KL


At least I’m not alone. Not overly important but hope admins can fix it.

I also noticed that other “sensitive” strings trigger Cloudflare security. Eg: (without the extra space)
/etc/ passwd
/etc/ shadow

You live in Melbourne?

This post has been edited by soonwai: May 9 2023, 12:14 AM
Tullamarine
post May 9 2023, 12:21 AM

Getting Started
**
Validating
163 posts

Joined: Apr 2020
QUOTE(soonwai @ May 9 2023, 12:08 AM)
You live in Melbourne?
*
No, haha, I picked the username Tullamarine because I had went to Melbourne Tullamarine Airport many times.
Helpdesk
post May 12 2023, 09:11 AM

Ready to Help
Group Icon
Forum Admin
1 posts

Joined: Sep 2012
We're using a very basic cloudflare ruleset, that should not be blocking your post (or at worst should be throwing you a javascript challenge).

I've tried posting your code with no issues. Could you try the code again, and share the cloudflare rayID. The previous rayID does not appear on the logs.
TSsoonwai
post May 12 2023, 01:36 PM


*******
Senior Member
9,989 posts

Joined: Oct 2007
From: KL


This is the first line of the code which I removed from the post below. So now it's something else.

:local Config {{name="addr1";addr="::0:0:0:1"}}

This post has been edited by soonwai: May 12 2023, 01:45 PM
TSsoonwai
post May 12 2023, 01:43 PM


*******
Senior Member
9,989 posts

Joined: Oct 2007
From: KL


No idea what is triggering it. The code posts ok if I remove the first line.

CODE


foreach C in=$Config do={
 :local IdAddr [/ipv6 address find comment=($C->"name")]
 :local Interface [/ipv6 address get $IdAddr interface]
 :local Disabled [/ipv6 address get $IdAddr disabled]
 :local IdPrefix [/ipv6 nd prefix find interface=$Interface valid-lifetime="0s"]
 :local OldAddr [/ipv6 address get $IdAddr address]
 :local OldPrefix (([:toip6 [:pick $OldAddr 0 [:find $OldAddr "/"]]] & ffff:ffff:ffff:ffff::)."/64")
 :if ($"pd-valid" = 1) do={
   :log info "pd-valid is 1"
   :local NewAddr (([:toip6 [:pick $"pd-prefix" 0 [:find $"pd-prefix" "/"]]] | [:toip6 ($C->"addr")])."/64")
   :local NewPrefix (([:toip6 [:pick $NewAddr 0 [:find $NewAddr "/"]]] & ffff:ffff:ffff:ffff::)."/64")
   :if ($OldAddr != $NewAddr || $Disabled = true) do={
     :if ($OldPrefix = $NewPrefix)  do={
       /ipv6 nd prefix set $IdPrefix disabled=yes
       :delay 1s
     }
     :log info ($Interface.": new prefix: ".$NewPrefix)
     /ipv6 address set $IdAddr address=$NewAddr disabled=no
     :delay 1s
     :if ($OldPrefix != $NewPrefix && $OldPrefix != ::/64)  do={
       /ipv6 nd prefix set $IdPrefix prefix=$OldPrefix disabled=no
       :log info ($Interface.": expired prefix: ".$OldPrefix)
       :delay 1s
     }
   }
 } else={
   /ipv6 address set $IdAddr disabled=yes
   :delay 1s
   /ipv6 nd prefix set $IdPrefix prefix=$OldPrefix disabled=no
   :log info ($Interface.": expired prefix: ".$OldPrefix)
   :delay 1s
 }
}


This post has been edited by soonwai: May 12 2023, 01:44 PM
TSsoonwai
post May 12 2023, 01:48 PM


*******
Senior Member
9,989 posts

Joined: Oct 2007
From: KL


Hope this helps.

Ray ID: 7c605c8ece1d4d3f
Tullamarine
post May 13 2023, 02:43 PM

Getting Started
**
Validating
163 posts

Joined: Apr 2020
Testing:

CODE

#include <iostream>
#include <windows.h>

int main()
{
   std::cout << GetTickCount();
}


CODE

; int __cdecl main(int argc, const char **argv, const char **envp)
main proc near
sub     rsp, 28h
call    cs:GetTickCount
mov     rcx, cs:?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
mov     edx, eax
call    cs:??6?$basic_ostream@DU?$char_traits@D@std@@@std!!QEAAAEAV01@K@Z
xor     eax, eax
add     rsp, 28h
retn
main endp


This post has been edited by Tullamarine: May 13 2023, 06:55 PM
TSsoonwai
post May 14 2023, 12:13 AM


*******
Senior Member
9,989 posts

Joined: Oct 2007
From: KL


Happened again.

Ray: 7c6c284eea3f9e2e

Refer to this post: https://forum.lowyat.net/index.php?showtopi...ost&p=107253688

Either one of the scripts will trigger Cloudflare.

Attached File  Mikrotik_Namecheap_DDNS_Update_Script.txt.zip ( 1.31k ) Number of downloads: 2

This one, I had zip the attachment. txt file also triggers Cloudflare



Attached File  Mikrotik_Digitalocean_DDNS_Update_Snippet.txt ( 815bytes ) Number of downloads: 2

CODE
# Only recordid(s) in DO_DDNS_RECORDID_ARRAY are used in Digitalocean's DNS API.
:local "DO_DDNS_RECORDID_ARRAY" {"host1"=123456789;"host2"=987654321}
:local "DO_DDNS_DOMAIN" "example.com"
:local "DO_TTL" 30
:local "DO_TOKEN" "dop_v1_abcdefghijklmn1234567890opqrstuvwxyz"
:local "DO_HEADER" "Content-Type: application/json,Authorization: Bearer $"DO_TOKEN""
:local "DO_LOG_FILE_PREFIX" "/disk1/logs/DDNS_DO."

:local "do_data" "{\"ttl\":$"DO_TTL", \"data\":\"$"ddns_current_ip"\"}"

:foreach hostname,recordid in=$"DO_DDNS_RECORDID_ARRAY" do={
 :local "do_url" "https://api.digitalocean.com/v2/domains/$"DO_DDNS_DOMAIN"/records/$"recordid""
 :log info $"do_url"
 /tool fetch mode=https http-method=put http-header-field=$"DO_HEADER" http-data=$"do_data" url=$"do_url" dst-path=($"DO_LOG_FILE_PREFIX".$hostname)
}

So odd, here I can post this short snippet of code but not in the Networks & Broadband forum.

This post has been edited by soonwai: May 14 2023, 12:19 AM
Helpdesk
post May 17 2023, 10:02 PM

Ready to Help
Group Icon
Forum Admin
1 posts

Joined: Sep 2012
I've relaxed some of the OWASP security rules. See if it works now.
FlierMate
post Jun 3 2023, 08:26 PM

On my way
****
Validating
543 posts

Joined: Nov 2020
QUOTE(Helpdesk @ May 17 2023, 10:02 PM)
I've relaxed some of the OWASP security rules. See if it works now.
*
It's better now. Although still the same Cloudflare security warning, but I see a "Verifying" green spinner, then my code finally get posted.
Thanks.

user posted image

This post has been edited by FlierMate: Jun 3 2023, 10:35 PM
MatQuasar
post Sep 4 2023, 06:47 PM

Getting Started
**
Validating
292 posts

Joined: Jun 2023
Cannot post this:

user posted image

Source: https://infosec.exchange/@krishean@tech.lgb...987834900167613

It said I was blocked.

ADDED on 11/9/2023: Screenshot showing I was blocked when posting PHP code

user posted image

This post has been edited by MatQuasar: Sep 11 2023, 04:50 PM
MatQuasar
post Sep 4 2023, 07:02 PM

Getting Started
**
Validating
292 posts

Joined: Jun 2023
Testing:

user posted image

Like this also blocked....

<?php ob_e();



This post has been edited by MatQuasar: Sep 4 2023, 07:11 PM

 

Change to:
| Lo-Fi Version
0.0145sec    0.52    6 queries    GZIP Disabled
Time is now: 29th March 2024 - 05:16 PM