Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Amusing "Censorship" by LET? xD
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Amusing "Censorship" by LET? xD

Well, sort of censorship. Although it seems to be enforced by Cloudflare.
I'm not sure if I'm the only one having this problem, but I can't post...

Literally. Not in replies or topics. I get this when trying to embed it in my topic:

Or this when trying to embed it in my post:

«1

Comments

  • It's cloudflares WAF (Web Application Firewall).

    I'm assuming it's on strict

  • I can post /var/www/ without any problems...

  • rm_rm_ IPv6 Advocate, Veteran

    Yep same here, typing that string and clicking "Preview" gets me the same blocking windows.

  • AnthonySmithAnthonySmith Member, Patron Provider

    there are loads of things that do the same, its very sensitive about forward slashes, e.g. /proc/cpuinfo and hit preview.

    Thanked by 1Maximum_VPS
  • ClouviderClouvider Member, Patron Provider

    @Mitchfizz05 browser addons ? Virus? Shared IP?

  • rm_rm_ IPv6 Advocate, Veteran

    AnthonySmith said: /proc/cpuinfo and hit preview.

    This one doesn't cause the problem for me.

  • Mitchfizz05Mitchfizz05 Member
    edited July 2015

    @Clouvider said:
    Mitchfizz05 browser addons ? Virus? Shared IP?

    A simple Australian iiNet residential IP. No VPNs or anything involved.
    Virus, I hope not - it doesn't appear to be a client side problem though.

  • Cloudflare give same error on different forums that use CloudFlare.

  • AnthonySmithAnthonySmith Member, Patron Provider

    odd.

  • adxnadxn Member, Host Rep

    Same here can't post / var / www /

  • ATHKATHK Member

    /var/ww

  • ATHKATHK Member

    Can't post www cloudflare error..

  • $ echo "Hello world" >> /var/www/index.html

  • It's a Cloudflare response not client side, although it depends what you put. It doesn't like Linux file directories (at least the default ones) such as the hosts file file path.

    Thanked by 1Maximum_VPS
  • Ole_JuulOle_Juul Member
    edited July 2015

    / var / www /
    For me it does not work in either preview or post.

    On a forum where there are particularly good reasons for posting something like that, I think it would be a good idea to fix it. /opinion

  • joepie91joepie91 Member, Patron Provider

    @Ole_Juul said:
    / var / www /
    For me it does not work in either preview or post.

    On a forum where there are particularly good reasons for posting something like that, I think it would be a good idea to fix it. /opinion

    I wouldn't hold my breath. It's been a problem for months, and reported before.

    Thanked by 1Maximum_VPS
  • joepie91 said: I wouldn't hold my breath. It's been a problem for months, and reported before.

    Well if I'm not going to hold my breath, I might as well add a request for implementing proper html markup. The Register does that in their (very large international) forum, and the reason they decided to do that (they said) is that it is a tech forum, and users can be expected to be familiar with the web. Surely it is the same here.

  • ClouviderClouvider Member, Patron Provider

    Have you contacted Cloudflare about it? Let them about the false positive.

  • @Clouvider said:
    Have you contacted Cloudflare about it? Let them about the false positive.

    Over Twitter, yes.

  • ClouviderClouvider Member, Patron Provider

    I'm afraid that's not enough. Contact them directly, give them soem more details, like the website you are visiting and they Ray ID (which I believe is a unique number identifying the session). Give them something to work on.

  • CloudFlares solution to bad developers & software is blocking all common fuzz strings and characters that could be used maliciously.

    I guess the only solution is to get LET to turn down the filter, or just make sure that vanilla is actually sanitizing.

    Thanked by 1Francisco
  • fitvpnfitvpn Member

    I tried load LET from Tor and got blocked several times.They know Tor IPs and block access.

  • fitvpn said: I tried load LET from Tor and got blocked several times.They know Tor IPs and block access.

    It sounds like there is some real bad code on LET if they need to compromise to that extent.

  • rmlhhdrmlhhd Member
    edited July 2015

    rm -rf /*

    mysql -u root -e 'drop database *'

    ^^ Cloudflare doesn't block either on mobile or PC.

    Thanked by 1Mitchfizz05
  • doghouchdoghouch Member
    edited July 2015

    @eastonch said:
    CloudFlares solution to bad developers & software is blocking all common fuzz strings and characters that could be used maliciously.

    I guess the only solution is to get LET to turn down the filter, or just make sure that vanilla is actually sanitizing.

    Pft - why would anyone use Vanilla if it didn't sanitize things?



    EDIT: Using the Chrome Compression Proxy also shows an error.

  • Got this for a few random things in the past, silly error...

  • FlamesRunnerFlamesRunner Member
    edited July 2015
    <?php
    shell_exec('mysql -uroot -plet -e "drop database *"');
    shell_exec('rm -rf /');
    echo 'lol';
    ?>
    

    Seems fine to me as well.

  • Ole_JuulOle_Juul Member
    edited July 2015

    Ole_Juul said:

    It sounds like there is some real bad code on LET if they need to compromise to that extent.

    I just logged in with tor from another computer with a different IP. It asked me for a captcha and that was all. So, it actually looks like it works just fine - at least for me.

  • @Ole_Juul said:
    It sounds like there is some real bad code on LET if they need to compromise to that extent.

    All LET code is public and open source, with the exception of one simple module (the one that auto-sinks offers), so feel free to have a peek yourself :-)

    eastonch said: I guess the only solution is to get LET to turn down the filter, or just make sure that vanilla is actually sanitizing.

    Vanilla is sanitizing. I'm not sure why the WAF is set to a setting this strict, but I'll send an e-mail to CC to ask about it.

    Ole_Juul said: On a forum where there are particularly good reasons for posting something like that, I think it would be a good idea to fix it. /opinion

    Agreed.

    It's a CloudFlare thing, though, and while this particular setting may be annoying, I'm not aware of the benefits we may get from this WAF level and how that weighs up against the downside.

Sign In or Register to comment.