Menu

Topic-icon Fabrik form submissions triggering firewall block

  • azurelinksc
  • azurelinksc's Avatar Topic Author
  • Offline
  • Junior Boarder
  • Junior Boarder
More
3 months 3 days ago - 3 months 3 days ago #7484 by azurelinksc
I have a site which is using the Fabrik forms component to accept Job Listings from registered users. Occaisionally, form submissions of job descriptions trigger the SCP firewall, blocking the user. The text doesn't look like code to me. Why do you think it is triggering it?
How can I stop these users from being blocked, but still filter out malware posts?

It looks like each of the two users below tried to submit the form about 8 times unsuccessfully, and on the 9th their IP was blocked. Why would the form be blocking that submission? The Job Listing form has 47 fields in it. Would SCP consider submissions which had missing required fields un-validated by Fabrik as a hack attempt?

Here are two examples of problem text copied out of SCP's Line Comments field:

EXAMPLE 1:

Job Types: Full-time, Part-time

Salary: $10.00 to $16.00 /hour

Experience:

relevant: 1 year (Preferred)
Education:

High school or equivalent (Preferred)
CDA
Associates Degree
Bachelors Degree
Benefits:

Paid time off
Flexible schedule
Professional development assistance
This Job Is Ideal for Someone Who Is:

Dependable -- more reliable than spontaneous
People-oriented -- enjoys interacting with people and working on group projects
Adaptable/flexible -- enjoys doing work that requires frequent s

EXAMPLE 2:

Assistant Enrollment Coordinator
A. Center Responsibilities:
1. Center-Wide Enrollment:
--Assist in managing applications
--Enter family information in enrollment management database
--Keep children’s files organized and current
--Ensure adequate supply of applications and enrollment forms.
2. PreK Counts Enrollment:
--Manage all enrollment aspects of the PreK Counts program,
including, but not limited to:
*Communicate with all families about applications and all other
required application and enro
Last edit: 3 months 3 days ago by azurelinksc.

Please Log in or Create an account to join the conversation.

More
3 months 3 days ago #7485 by Jose
Hi azurelink,

The "line comments" filter is triggered due to the -- characters, that are commonly used to enclose sql injection attacks. In your case, just add the component involved (com_fabrik???) (you can see it into the "component" row of the log wrote by SCP) as exception into Waf configuration -> Filter exceptions -> SQL Injection tab -> 'Line comments" filter. This should solve your issue.

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • azurelinksc
  • azurelinksc's Avatar Topic Author
  • Offline
  • Junior Boarder
  • Junior Boarder
More
3 months 2 days ago #7490 by azurelinksc
Replied by azurelinksc on topic Fabrik form submissions triggering firewall block
Thanks Jose. If I add the exception, does that mean sql injection attacks are no longer filtered for in the Fabrik form? Will it make it insecure?

Please Log in or Create an account to join the conversation.

More
3 months 2 days ago #7491 by Jose
You're welcome! :)

No, it will not be insecure. There are other 4 filters to detect sql injection attacks, including the main one, so you are protected ;)

Regards,
Jose

Please Log in or Create an account to join the conversation.

Time to create page: 0.074 seconds
Powered by Kunena Forum

Login or Sign In