Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!

Update on what happened these last couple of days

Hello Coders,

You might be wondering why Code Forum was going through a bit of downtime. Right away I want to ensure you we were not hacked nor lost any data. It was just brought to my attention by @Disruptive that our IP was being exposed.

I had to shut down Code Forum several times to ensure that all accounts were safe. We made updates to our Email System and have installed a proxy server for our images. And finally we have migrated from Apache to Nginix with offers better performance. However with this move, you may have notice we aren’t using friendly URLs. I am aware and will be working to resolve this as soon as I can.

And once again I would like to thank @Disruptive for their help and I would also like to thank you as the community for sticking with us. :)

happy coding!
 
Click to expand...
Disruptive said:
The vulnerability is actually a very common and overthought vuln that many skids in the underground community attempt in order to either DDoS the backend, or further use more exploits in order to gain deeper access.
Click to expand...
Well hey, again, thanks. We all welcome your work and expertise into making sure that CF is a safer place for all to come and participate in.

Disruptive said:
Seems like this is a decent community and I will be sticking around!
Click to expand...
I'm sure a lot of people would like to see you around often. You seem like a good guy with encyclopedia's worth of knowledge at hand to give to others. And that's the kind of person we want here at CF.

Looking forward to seeing you around.
 
Tealk said:
this just tells me nothing, a bug in the forum software? then you should report it to xf
Click to expand...
I actually have to agree on this one with @Tealk.

Why not just email XenForo about the issue? I mean, they'll certainly be unhappy that a small bug that leaks the IP Address of a web-server is occurring but they'll surely be happy that somebody reported it to them. Or who knows, maybe somebody else has also found the issue and XenForo is currently working on a fix.

Again, as much as I welcome your fix, I'm with @Tealk on the idea that you submit a bug-report to XenForo to look into it(Or maybe you have and you've just forgotten to mention that).
 
@Tealk @Mathematical this small bug is already commonly well known on the Xenforo forums and many have already come up with a solution for it. I simply pointed @Master Yoda to the right posts so that he can fix it up. It’s not a bug within the forum software, but more a hole within using Cloudflare. People often use Cloudflare to mask their webserver and don’t realize that your DNS isn’t the only way people attempt to get a webserver’s backend IP.

xenforo.com

XF 1.5 - How Stop Xenforo Image Proxy Leaking BackEnd IP?

I depend on image proxy for performance but how do I stop it from leaking my Servers ip? e.g. if you embed this image here: http://www.danasoft.com/vipersig.jpg you get the servers ip how do I stop this? I have my site setup with cloudflare, is a there a way to run image proxy through that...
xenforo.com xenforo.com

xenforo.com

XF 2.0 - Email being sent from server Xenforo is hosted on which is leaking IP

I have two separate IPs hosted by digital ocean, I read I needed two servers with web servers to take advantage of cloudflare otherwise its impossible to hide your IP by hosting mail on the same server its sending from. I am running VestaCP on both servers and have disabled the mail function all...
xenforo.com xenforo.com
 
Ok well, now that I know what it's all about, it's not a bug but the way the internet works.
Without cloudflare and similar software solutions(Whereby I personally advise against all of it because they are data protection technically highly precarious) you can find out the IP of the server with a ping, I have no problem with it.
You can adjust the e-mail header as long as you have access to it. But since I rented a mail server, it is not my problem if the IP is known.
 
Just is again a great example, Cloudflare is offline and 80% of the internet does not work anymore.
I hate cloudflare so much.
 
Nginx is much faster but if you aren't using friendly URLs but were before, I assume you set up redirects? I'm pretty sure you thought of that already.
 
TopSilver said:
Nginx is much faster but if you aren't using friendly URLs but were before, I assume you set up redirects? I'm pretty sure you thought of that already.
Click to expand...
Yes, we have! Currently working on them so they can work just like they did with Apache!
 
Master Yoda said:
Yes, we have! Currently working on them so they can work just like they did with Apache!
Click to expand...

I'm glad. Good luck. I'm not good with regex. You probably have it under control already. If you need help you should make a ticket on xenforo.com

It's really the pattern of the links that you need the code for.
 

New Threads

Latest posts

Share this page

Buy us a coffee!

DataCamp Advertisement
Code Academy Advertisement

About Us

Code Forum is a community platform where coding enthusiasts can connect with other developers, engage in discussions, ask for help, and share their knowledge with a supportive community. It's a perfect place to improve your coding skills and to find a community of like-minded individuals who share your passion for coding.

Site links

Stay Connected

Back
Top Bottom