1
goffy
xoops_redirect
  • 2024/12/8 9:18

  • goffy

  • Just can't stay away

  • Posts: 544

  • Since: 2010/12/27


hi

because I have currently a lot of spam registrations I checked my server access log and found one log very often:
Quote:
57.141.0.19 - - 06/Dec/2024:21:33:35 +0100 "GET /modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/newbb/report.php?forum=18&topic_id=12229&post_id=66633 HTTP/1.0" 200 15200 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)"

It seems that someone is using xoops_redirect to burden my system, maybe to make spam registration possible, I dont know.

but my question: how to treat this problem? would it make sense to implement a filter to remove the additional xoops_redirect in order to avoid looping?

what do you think

2
Mamba
Re: xoops_redirect
  • 2024/12/10 6:22

  • Mamba

  • Moderator

  • Posts: 11412

  • Since: 2004/4/23


You might limit registrations by forcing them for your approval. Once you see where they are coming from, you can ban the IP or email addresses
You could also add CAPTCHA to registration.

Other ways to consider

1) ModSecurity Rule (if you use ModSecurity):
# Detect multiple occurrences of xoops_redirect
SecRule ARGS_NAMES "@streq xoops_redirect" "chain,phase:2,deny,status:403,id:1000"
SecRule &ARGS_NAMES:xoops_redirect "@gt 1"


2) URL Rewriting Solution (Apache):
# Keep only the last xoops_redirect parameter
RewriteCond %{QUERY_STRINGxoops_redirect=([^&]+).*xoops_redirect=([^&]+)
RewriteRule ^(.*)$ $1?xoops_redirect=%[R=301,L]


3) Other possible options:

- Implement rate limiting for requests containing xoops_redirect
- Validate redirect URLs against a whitelist
Support XOOPS => DONATE
Use 2.5.11 | Docs | Modules | Bugs

3
erikperk
Re: xoops_redirect
  • 2024/12/10 8:22

  • erikperk

  • Just popping in

  • Posts: 3

  • Since: 12/22 10:2


Quote:

goffy wrote:
hi

because I have currently a lot of spam registrations I checked my server access log and found one log very often:
Quote:
57.141.0.19 - - 06/Dec/2024:21:33:35 +0100 "GET /modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/newbb/report.php?forum=18&topic_id=12229&post_id=66633 HTTP/1.0" 200 15200 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)"

It seems that someone is using xoops_redirect to burden my system on the site, maybe to make spam registration possible, I dont know.

but my question: how to treat this problem? would it make sense to implement a filter to remove the additional xoops_redirect in order to avoid looping?

what do you think
Are you sure this is the only IP causing the load? It might be worth checking other IP addresses or request patterns.

Login

Who's Online

131 user(s) are online (115 user(s) are browsing Support Forums)


Members: 0


Guests: 131


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Dec 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits