Page Index Toggle Pages: [1] 2 3 
Topic Tools
Very Hot Topic (More than 25 Replies) ALERT!! Form Spoofing Detected coming from IP (Read 20,811 times)
joejvj
YaBB Newcomer
*
Offline



Posts: 3
ALERT!! Form Spoofing Detected coming from IP
May 5th, 2009 at 5:32pm
Post Tools
Ever since I upgraded from 2.3 to 2.4 one of my board members is complaining about this message popping up on most (but not all) logins:

ALERT!! Form Spoofing Detected coming from IP address: xxxxxxxx

Does anyone know how to fix this? I have no mods installed or anything else, so it is a clean installation.

  
Back to top
 
IP Logged
 
deti
Legacy Dev Team
Development Team
****
Offline



Posts: 2,650
Location: Prien am Chiemsee, Germany
Re: ALERT!! Form Spoofing Detected coming from IP
Reply #1 - May 5th, 2009 at 7:58pm
Post Tools
This normally happens when you try to login from an outside login page - means, not using the YaBB login form.
  

Was immer Du tun kannst
oder erträumst tun zu können,
beginne es.
Kühnheit besitzt Genie,
Macht und magische Kraft.
Beginne es jetzt.
Whatever you can do
or dream you can,
begin it.
Boldness has genius,
power and magic in it.
Begin it now.
J. W. Goethe
Back to top
WWW  
IP Logged
 
joejvj
YaBB Newcomer
*
Offline



Posts: 3
Re: ALERT!! Form Spoofing Detected coming from IP
Reply #2 - May 6th, 2009 at 11:37am
Post Tools
Don't think that is the case- Nothing has changed except upgrade to 2.4.
  
Back to top
 
IP Logged
 
tim
YaBB Newcomer
*
Offline



Posts: 25
Location: Portland - united kingdom

YaBB 2.5.2
Re: ALERT!! Form Spoofing Detected coming from IP
Reply #3 - May 7th, 2009 at 6:39pm
Post Tools
joejvj wrote on May 6th, 2009 at 11:37am:
Don't think that is the case- Nothing has changed except upgrade to 2.4.


if you are trying to log in from a different page or domain like this:
my server then ensure that the hidden variable in the html is set the same as the yabb.pl

You will find a form session id code within the yabb.pl that has to match from the form being called in order for remote login to work.

If you are not trying to access or login this way then i am at a loss and gracefully bow out so your question may be answered properly.

regards,
tim
  
Back to top
IP Logged
 
AndyInSpain
Full Member
***
Offline



Posts: 283
Re: ALERT!! Form Spoofing Detected coming from IP
Reply #4 - May 12th, 2009 at 10:36pm
Post Tools
If it means anything, two of our members at The Science Forums have reported persistent occurrences of this message ever since we upgraded to 2.4. They are not logging in from an external form nor are they doing anything different to what they were before. Although I used to occasionally see the "form spoofing" error in the log before, its frequency seems to have increased a lot after the upgrade.
« Last Edit: May 12th, 2009 at 10:38pm by AndyInSpain »  
Back to top
 
IP Logged
 
genghis
Junior Member
**
Offline



Posts: 84
Re: ALERT!! Form Spoofing Detected coming from IP
Reply #5 - May 13th, 2009 at 1:20am
Post Tools
It just happened to me also. I had to update my session, and had the caps lock on and didn't enter the password correctly. So when the login screen came up and I entered the correct password, I got the Form spoofing message and a Back button. After clicking back a couple of times and getting the Form spoofing message when I entered the password correctly, I finally had to click Home, then Update Session again and make sure I put in the password right the first time before it would log me in.
« Last Edit: May 13th, 2009 at 1:23am by genghis »  
Back to top
 
IP Logged
 
TonyL
Junior Member
**
Offline



Posts: 99
Location: Ontario, Canada

None
Re: ALERT!! Form Spoofing Detected coming from IP
Reply #6 - May 19th, 2009 at 4:09pm
Post Tools
It is also happening to 4 of our members after updating to 2.4 Has anyone found the cause or a fix to this problem.
Tony
« Last Edit: May 19th, 2009 at 4:12pm by TonyL »  
Back to top
 
IP Logged
 
OH Eng
Past Team Members
Documentation Team
Offline



Posts: 4,026
Location: Pensacola, Florida USA
Re: ALERT!! Form Spoofing Detected coming from IP
Reply #7 - May 19th, 2009 at 9:57pm
Post Tools
Are all of these members coming to your forum main page and hitting the Login button on the main menu bar, are they using a link to login, or are they scrolling to the bottom of the screen and trying to log in from there?

  

 
Back to top
 
IP Logged
 
TonyL
Junior Member
**
Offline



Posts: 99
Location: Ontario, Canada

None
Re: ALERT!! Form Spoofing Detected coming from IP
Reply #8 - May 20th, 2009 at 1:57am
Post Tools
They are using the login in the picture below. That is the only login on the screen. We now have even more members with this login problem. You will have to click on the picture to see a larger view.
Tony
« Last Edit: May 20th, 2009 at 1:58am by TonyL »  

Login.GIF (Attachment deleted)
Back to top
 
IP Logged
 
OH Eng
Past Team Members
Documentation Team
Offline



Posts: 4,026
Location: Pensacola, Florida USA
Re: ALERT!! Form Spoofing Detected coming from IP
Reply #9 - May 20th, 2009 at 2:29am
Post Tools
You say you are running version 2.4, but that isn't a 2.4 login screen.  You can see it with this forum... logout, then log back in and you don't see a screen like in your picture, it simply jumps you to the bottom of the Board Index.

When you updated, did you also update your old template files to be compatible with 2.4?
Edited:
This is a valid 2.4 template, my error
« Last Edit: May 20th, 2009 at 6:05am by OH Eng »  

 
Back to top
 
IP Logged
 
TonyL
Junior Member
**
Offline



Posts: 99
Location: Ontario, Canada

None
Re: ALERT!! Form Spoofing Detected coming from IP
Reply #10 - May 20th, 2009 at 3:06am
Post Tools
It sure is 2.4, Derek help me upgrade to the new version two days ago. See new picture attached.
  

login1.GIF (Attachment deleted)
Back to top
 
IP Logged
 
TonyL
Junior Member
**
Offline



Posts: 99
Location: Ontario, Canada

None
Re: ALERT!! Form Spoofing Detected coming from IP
Reply #11 - May 20th, 2009 at 3:18am
Post Tools
OH Eng,
Just to give you an idea, I copied these from the error log. I also sent you a PM with a login ID and password.
Thanks,
Tony

Today at 5:57pm 30E35SA_Owner
(98.208.17.85) ALERT!! Form Spoofing Detected coming from IP address: 98.208.17.85

http://www.titaniumrvowners.com/yabb/YaBB.pl?board=&action=login2 ;  
28 Today at 6:07pm daytona71
(64.180.187.45) ALERT!! Form Spoofing Detected coming from IP address: 64.180.187.45

http://www.titaniumrvowners.com/yabb/YaBB.pl?board=&action=login2 ;  
29 Today at 6:07pm daytona71
(64.180.187.45) ALERT!! Form Spoofing Detected coming from IP address: 64.180.187.45

http://www.titaniumrvowners.com/yabb/YaBB.pl?board=&action=login2 ;  
30 Today at 6:11pm daytona71
(64.180.187.45) ALERT!! Form Spoofing Detected coming from IP address: 64.180.187.45

http://www.titaniumrvowners.com/yabb/YaBB.pl?board=&action=login2 ;  
31 Today at 6:12pm svance5870
(70.104.253.224) ALERT!! Form Spoofing Detected coming from IP address: 70.104.253.224

http://www.titaniumrvowners.com/yabb/YaBB.pl?board=&action=login2 ;  
32 Today at 6:27pm titanman
(142.47.134.2) ALERT!! Form Spoofing Detected coming from IP address: 142.47.134.2

http://www.titaniumrvowners.com/yabb/YaBB.pl?board=&action=login2 ;  
33 Today at 6:29pm pmschmi
(71.53.174.7) ALERT!! Form Spoofing Detected coming from IP address: 71.53.174.7

http://www.titaniumrvowners.com/yabb/YaBB.pl?board=&action=login2 ;  
34 Today at 6:47pm RetiredBob
(24.176.54.157) ALERT!! Form Spoofing Detected coming from IP address: 24.176.54.157

http://www.titaniumrvowners.com/yabb/YaBB.pl?board=&action=login2 ;  
35 Today at 6:48pm RetiredBob
(24.176.54.157) ALERT!! Form Spoofing Detected coming from IP address: 24.176.54.157

http://www.titaniumrvowners.com/yabb/YaBB.pl?board=&action=login2 ;  
36 Today at 7:12pm 30E35SA_Owner
(98.208.17.85) ALERT!! Form Spoofing Detected coming from IP address: 98.208.17.85

http://www.titaniumrvowners.com/yabb/YaBB.pl?board=&action=login2 ;  
37 Today at 7:12pm todevansnrv
(166.129.245.242) ALERT!! Form Spoofing Detected coming from IP address: 166.129.245.242

http://www.titaniumrvowners.com/yabb/YaBB.pl?board=&action=login2 ;  
38 Today at 7:32pm buddy
(66.185.212.18) ALERT!! Form Spoofing Detected coming from IP address: 66.185.212.18

http://www.titaniumrvowners.com/yabb/YaBB.pl?board=&action=login2 ;  
39 Today at 7:32pm buddy
(66.185.212.18) ALERT!! Form Spoofing Detected coming from IP address: 66.185.212.18

http://www.titaniumrvowners.com/yabb/YaBB.pl?board=&action=login2 ;  
40 Today at 7:34pm panchohondo
(68.183.115.98) ALERT!! Form Spoofing Detected coming from IP address: 68.183.115.98

http://www.titaniumrvowners.com/yabb/YaBB.pl?board=&action=login2 ;  
  
Back to top
 
IP Logged
 
OH Eng
Past Team Members
Documentation Team
Offline



Posts: 4,026
Location: Pensacola, Florida USA
Re: ALERT!! Form Spoofing Detected coming from IP
Reply #12 - May 20th, 2009 at 5:48am
Post Tools
Okay, I see why it looks like that.  You have your forum closed to all but members, so you only have a menu bar and login screen visible.  I mistook that for something else, so no version problem.

I was able to log in/log out several times without incident using the info you sent me in a PM.  If you check your logs, you'll see two errors from an IP that starts with 98 and ends in 208.  That was me.  The way I did it was to log into the forum, click my back button and returned to the log in screen and entered the information again.  When I clicked Login, I got the error - and I should, because I'm already logged in.  Trying to log in if you already are triggers this error.

I am wondering if some of your members might be doing that and not realizing they are already logged in.  Might account for some of the errors you're seeing.

I notice also you have the default cookie length set to "for keeps."  You might try changing that to "Until I close the browser window" and see if that has any effect.  That is sort of like forcing a logout when the browser closes so you don't get situations where users are logged in and don't realize it, and try to log in. You change it in the Admin Center/Forum Settings/Members tab in the Login section.

« Last Edit: May 20th, 2009 at 6:04am by OH Eng »  

 
Back to top
 
IP Logged
 
TonyL
Junior Member
**
Offline



Posts: 99
Location: Ontario, Canada

None
Re: ALERT!! Form Spoofing Detected coming from IP
Reply #13 - May 20th, 2009 at 11:23am
Post Tools
OH Eng,
I have changed the setting in the admin center "Until I close the browser window. I will post back with the results.
Thanks,
Tony
  
Back to top
 
IP Logged
 
TonyL
Junior Member
**
Offline



Posts: 99
Location: Ontario, Canada

None
Re: ALERT!! Form Spoofing Detected coming from IP
Reply #14 - May 20th, 2009 at 12:06pm
Post Tools
OH Eng,
It didn't take long to find the answer. It has already happened since I made the change

ALERT!! Form Spoofing Detected coming from IP address: 64.12.117.72

We never had this problem until the recent upgrade. We always had our default cookie for Login set to "Keeps"

We have kept all the settings that we had in the previous version and I have started to remove some of these in the security settinsg to see if this helps, but so far no luck.
Thanks,
Tony

  
Back to top
 
IP Logged
 
Page Index Toggle Pages: [1] 2 3 
Topic Tools
 
  « Board Index ‹ Board  ^Top