I have a site which is using the Fabrik forms component to accept Job Listings from registered users. Occaisionally, form submissions of job descriptions trigger the SCP firewall, blocking the user. The text doesn't look like code to me. Why do you think it is triggering it?
How can I stop these users from being blocked, but still filter out malware posts?
It looks like each of the two users below tried to submit the form about 8 times unsuccessfully, and on the 9th their IP was blocked. Why would the form be blocking that submission? The Job Listing form has 47 fields in it. Would SCP consider submissions which had missing required fields un-validated by Fabrik as a hack attempt?
Here are two examples of problem text copied out of SCP's Line Comments field:
Job Types: Full-time, Part-time
Salary: $10.00 to $16.00 /hour
relevant: 1 year (Preferred)
High school or equivalent (Preferred)
Paid time off
Professional development assistance
This Job Is Ideal for Someone Who Is:
Dependable -- more reliable than spontaneous
People-oriented -- enjoys interacting with people and working on group projects
Adaptable/flexible -- enjoys doing work that requires frequent s
Assistant Enrollment Coordinator
A. Center Responsibilities:
1. Center-Wide Enrollment:
--Assist in managing applications
--Enter family information in enrollment management database
--Keep children’s files organized and current
--Ensure adequate supply of applications and enrollment forms.
2. PreK Counts Enrollment:
--Manage all enrollment aspects of the PreK Counts program,
including, but not limited to:
*Communicate with all families about applications and all other
required application and enro
The "line comments" filter is triggered due to the -- characters, that are commonly used to enclose sql injection attacks. In your case, just add the component involved (com_fabrik???) (you can see it into the "component" row of the log wrote by SCP) as exception into Waf configuration -> Filter exceptions -> SQL Injection tab -> 'Line comments" filter. This should solve your issue.