Blocked by the website firewall

[Danstream]

Dear all,

while posting, I got an error message with the following details:

Your IP:	84.25.194.193
URL:	modelshipworld.com/topic/33879-hawker-tempest-mk-v-by-danstream-eduard-148-scale/?failedReply=1
Your Browser:	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
Block ID:	XSS015
Block reason:	An attempted XSS (Cross site scripting) was detected and blocked.
Time:	2023-03-05 05:51:09
Server ID:	19006

 

Is this requiring an action by me or you can do something on your side?

Thanks for your help,

Dan

 

Update: apparently, I resolved the issue by deleting the content of the editor and rewriting anew my post. When I submitted the new post, I didn't get any error and the post is now uploaded regularly.

Kind regards,

Dan

Edited March 5, 2023 by Danstream
Updating the issue

[James H]

Ok, fixed.

[DonBMichigan]

When you edit a post, you're generating code (instructions) that the forum will later execute to display your post to others. All those tools (font, link, image, emoji) generate a little piece of code that's combined with others to make up your post, and this code is run by your browser to display your post.

 

Because the forum stores and executes this code, it's possible for an attacker to take advantage of it and try to sneak in some malicious code that does something... bad. That's basically what cross-site scripting  (XSS) is. 

 

To prevent XSS attacks, the software behind the editors/forum usually tries to check to see if someone has made an effort to inject malicious code. If so, it will reject what it was given. Writing an editor that properly "sanitizes" its input is not easy - attackers will spend a lot of time trying to figure out a way to get around its safety checks. 

 

I'm guessing the message you saw was from the forum's software behind the scenes, thinking it saw something fishy in your post, and refusing to save it. You didn't do anything wrong, you just managed to generate something it didn't like.

 

 

 

[James H]

4 hours ago, DonBMichigan said:

When you edit a post, you're generating code (instructions) that the forum will later execute to display your post to others. All those tools (font, link, image, emoji) generate a little piece of code that's combined with others to make up your post, and this code is run by your browser to display your post.

 

Because the forum stores and executes this code, it's possible for an attacker to take advantage of it and try to sneak in some malicious code that does something... bad. That's basically what cross-site scripting  (XSS) is. 

 

To prevent XSS attacks, the software behind the editors/forum usually tries to check to see if someone has made an effort to inject malicious code. If so, it will reject what it was given. Writing an editor that properly "sanitizes" its input is not easy - attackers will spend a lot of time trying to figure out a way to get around its safety checks. 

 

I'm guessing the message you saw was from the forum's software behind the scenes, thinking it saw something fishy in your post, and refusing to save it. You didn't do anything wrong, you just managed to generate something it didn't like.

 

 

 

 

That about nails it.

 

In this instance though, we use Sucuri as a proxy, so all connections to MSW are going through that proxy, and it was Sucuri, not our own software, which flagged up the threat. Thankfully, these are very, very few, so it's never a problem for us to whitelist each IP. 

[DonBMichigan]

Interesting. Thanks for the additional context on that. The good news is someone/something is watching carefully for problems, the bad news is that sometimes it finds a false positive issue. 

 

I've been really impressed with this forum and its management, it's probably  the best forum I've used. Thanks to the admins for keeping it running!