Jump to content

Recommended Posts

Posted (edited)

Dear all,

while posting, I got an error message with the following details:

Your IP: 84.25.194.193
URL: modelshipworld.com/topic/33879-hawker-tempest-mk-v-by-danstream-eduard-148-scale/?failedReply=1
Your Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
Block ID: XSS015
Block reason: An attempted XSS (Cross site scripting) was detected and blocked.
Time: 2023-03-05 05:51:09
Server ID: 19006

 

Is this requiring an action by me or you can do something on your side?

Thanks for your help,

Dan

 

Update: apparently, I resolved the issue by deleting the content of the editor and rewriting anew my post. When I submitted the new post, I didn't get any error and the post is now uploaded regularly.

Kind regards,

Dan

Edited by Danstream
Updating the issue

Current build : Mayflower - AL 1:64Lady Nelson - Amati Victory 1:64

Completed non-ship builds : Spitfire MK I - 1:48Arado 196B - 1:32, Sea Fury - 1:48F-15C Eagle - 1:48Hawker Tempest Mk.V - 1:48F104S Starfighter - 1:48

 

"The most effective way to do it, is to do it" - Amelia Earhart

Posted

When you edit a post, you're generating code (instructions) that the forum will later execute to display your post to others. All those tools (font, link, image, emoji) generate a little piece of code that's combined with others to make up your post, and this code is run by your browser to display your post.

 

Because the forum stores and executes this code, it's possible for an attacker to take advantage of it and try to sneak in some malicious code that does something... bad. That's basically what cross-site scripting  (XSS) is. 

 

To prevent XSS attacks, the software behind the editors/forum usually tries to check to see if someone has made an effort to inject malicious code. If so, it will reject what it was given. Writing an editor that properly "sanitizes" its input is not easy - attackers will spend a lot of time trying to figure out a way to get around its safety checks. 

 

I'm guessing the message you saw was from the forum's software behind the scenes, thinking it saw something fishy in your post, and refusing to save it. You didn't do anything wrong, you just managed to generate something it didn't like.

 

 

 

--------------------------------------------------------------------------

In progress: Norwegian Sailing Pram by Model Shipways

Completed: Lowell Grand Banks Dory by Model Shipways

Posted
4 hours ago, DonBMichigan said:

When you edit a post, you're generating code (instructions) that the forum will later execute to display your post to others. All those tools (font, link, image, emoji) generate a little piece of code that's combined with others to make up your post, and this code is run by your browser to display your post.

 

Because the forum stores and executes this code, it's possible for an attacker to take advantage of it and try to sneak in some malicious code that does something... bad. That's basically what cross-site scripting  (XSS) is. 

 

To prevent XSS attacks, the software behind the editors/forum usually tries to check to see if someone has made an effort to inject malicious code. If so, it will reject what it was given. Writing an editor that properly "sanitizes" its input is not easy - attackers will spend a lot of time trying to figure out a way to get around its safety checks. 

 

I'm guessing the message you saw was from the forum's software behind the scenes, thinking it saw something fishy in your post, and refusing to save it. You didn't do anything wrong, you just managed to generate something it didn't like.

 

 

 

 

That about nails it.

 

In this instance though, we use Sucuri as a proxy, so all connections to MSW are going through that proxy, and it was Sucuri, not our own software, which flagged up the threat. Thankfully, these are very, very few, so it's never a problem for us to whitelist each IP. 

Posted

Interesting. Thanks for the additional context on that. The good news is someone/something is watching carefully for problems, the bad news is that sometimes it finds a false positive issue. 

 

I've been really impressed with this forum and its management, it's probably  the best forum I've used. Thanks to the admins for keeping it running!

--------------------------------------------------------------------------

In progress: Norwegian Sailing Pram by Model Shipways

Completed: Lowell Grand Banks Dory by Model Shipways

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...