×
Kunena 5.1.5 Released - Security Release (Yesterday)

The Kunena team has announce the arrival of Kunena 5.1.5 [K 5.1.5] which is now available for download as a native Joomla extension for J! 3.8.x. This version addresses most of the issues that were discovered in K 5.1 and issues discovered during the development stages of K 5.1. This is a Security release.

× This is for users to help other users, to discuss topics that are related to forum administration in general or problems in running Joomla. This is not the place to ask for Joomla support. If you want assistance with Joomla please ask at forum.joomla.org

Question The Guardian-(xx Forum): Scripting Abuse Detected

More
7 years 2 months ago #1 by fedbear
Hi.

I searched the forum but couldn't find solutions to this. Thanks in advance if any one can advise me on the following problem.

I have received a message (see below) saying something about blocking some IP address. But the IP address belongs to one of my users. And since the block the user cannot get on the forum (very slow speed). I checked all CPanel IP denying manager as well as Joomla user manager, and didn't find the user/IP was blocked. Can anyone tell me how I can find out which program blocked the user and then unblock it? Thanks!

Feddie

Scripting Abuse Detected! on Today at 16:58:42

Abusing user ID (Real Name): Guest -> ()
Abuse detected from IP: xxxxxxxxx
Blocked script in Url data: xxxxxxxxx result: ресурс для постинга непригоден (либо отсутствует подключение к интернету)

My Forum, The Guardian

Please Log in or Create an account to join the conversation.

  • sozzled
  • Visitor
7 years 2 months ago #2 by sozzled
Where is this forum located? Can you tell us the URL? What version of Kunena are you using on that that website?

Please Log in or Create an account to join the conversation.

More
7 years 2 months ago - 7 years 2 months ago #3 by fedbear
The site URL is:

bearplace.net/mycommunity/index.php?opti...=entrypage&Itemid=81

You will see 'Forum' under the user menu. I have restricted posting messages to members only, but it is easy to register your membership.

I am using Kunena 1.6.5. But the Guardian message was sent a few weeks ago when I was still using Fireboard 1.5. After that I upgraded to the current Kunena version but my user still cannot get on the forum.

Thank you very much for help. Let me know if you need further information.
Last edit: 7 years 2 months ago by sozzled. Reason: show forum URL

Please Log in or Create an account to join the conversation.

  • sozzled
  • Visitor
7 years 2 months ago #4 by sozzled

fedbear wrote: You will see 'Forum' under the user menu. I have restricted posting messages to members only, but it is easy to register your membership.

For our security, we do no register ourselves with users' sites. If you need us to login to your site to see the problem it is your responsibility to create a test account for that purpose. You can post the details of that test account here using the "confidential" BBcode tag .

I assume, because your last messages posted on this forum related to K 1.0.x and, because you say that your earlier experiences with this "scripting abuse" also related to a previous version of Fireboard (perhaps you meant Kunena) that a lot has changed.

I do not understand how this ""scripting abuse" symptom relates specifically to Kunena. If you use Google you will see that this kind of situation arises from a variety of causes.

Further, I do not know what "Wibi" has to do with Kunena, either. Do you?

Perhaps you are using another forum component with your website and the other product is interfering with Kunena.

Please Log in or Create an account to join the conversation.

More
7 years 2 months ago #5 by fedbear
Hi.

I have set up a new account if you would like to test the forum.
This message contains confidential information


I have to apologize my lack of knowledge regarding this security issue. I presume it is some Joomla or maybe forum add-on program that is automatically blocking suspicious use of the forum. But I searched Joomla/Fireboard (I was using it)/Kunena security related topics, and didn't find discussions on that. If you have any idea which direction I should look into, that would be of great help. I am definitely not saying it is a Kunena problem, but thought if it is due to a Fireboard feature, then you might be aware of it.

Kunena is the only forum on my site now. Before it was only Fireboard when the security message was received. I am also using Jomsocial but it wasn't integrated with Fireboard before.

Thanks.

Feddie

Please Log in or Create an account to join the conversation.

  • sozzled
  • Visitor
7 years 2 months ago - 7 years 2 months ago #6 by sozzled
I can see that you have a few issues with your Kunena installation, not the least of which is that you do not have Kunena menu. These other issues may deserve special attention with their own separate discussion topics.

Your Kunena menu issues are discussed, in general terms, on the frequently-asked questions page (see the FAQs tab at on the menu tab above).

In order for us to eliminate extraneous, third-party or "customised" software you may be using, please use the default Blue Eagle template.

I could not login to your site using the account you supplied. The error message I received indicated that you have a permissions issue with your directory structure. Please see Securing Kunena . General advice about Joomla preparation in order to operate Kunena is contained in K 1.6 Technical Requirements . I suggest that you study this article carefully.

As I have mentioned, "scripting abuse detected" is not something I have encountered before in connection with Kunena and, for that reason, that is why your topic was moved to this "off-topic" category. What I suggest you do is make sure that you have done everything you can possibly think of in relation to making sure that your Joomla site will support Kunena. it may be helpful, if you have not already done so, to read K 1.6 Upgrade Guide . I realise that you have upgraded from an earlier version of Kunena but, perhaps, you did not consider something else when you did that.

If none of these ideas help, I suggest that you provide us with your K 1.6 configuration report which may indicate something you've overlooked.

Very simply, Fireboard is not compatible with K 1.6. If you were using something designed for Fireboard before, you need to remove those things completely from your website now. Fireboard no longer exists; it is a dead product and has been dead for nearly 3 years. K 1.6 is not Fireboard. Please read K 1.6.5 release notes for other information that may assist.
Last edit: 7 years 2 months ago by sozzled.

Please Log in or Create an account to join the conversation.

More
7 years 2 months ago - 7 years 2 months ago #7 by fedbear
Thanks for the advice.

Sorry I gave you the wrong user name. It should be
This message contains confidential information
.
Last edit: 7 years 2 months ago by fedbear.

Please Log in or Create an account to join the conversation.

  • sozzled
  • Visitor
7 years 2 months ago #8 by sozzled
You have a Mootools Javascript conflict (BBcode toolbar is missing on your site). You need to look for guidance by reading msg #1 of If you are having problems with K 1.6, please read this first .

I was wrong when I said that your Kunena menu is not there; it's there - I'm just not familiar with the third-party template that you're using.

I don't see the "Scripting Abuse Detected" issue. I posted a message on your forum - you may want to delete it.

I don't know in what other ways I can help you. Sorry. Your "Scripting Abuse Detected" issue is a mystery to me.

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to add attachements.
  • Not Allowed: to edit your message.
Time to create page: 0.112 seconds