Knowledge Base
Community

Can anyone figure out why this is tripping a security rule ?

Started by: dtuxcomp
On: 07/12/2018 | 00:21
Replies: 8
Reply

by: dtuxcomp
on: 07/12/2018 | 00:21

I've been gradually adding to a couple of tips threads about installing the Linux OS, I deliberately put them on the GG forum because I have more control over the content compared to trying to squeeze them into FB posts and DM's etc. All was going well until today, and it wasn't caused by the great o2 outage of 2018, I've finally managed to rule that out.

 

I'd typed up a fairly long post hit send and was greeted with an error screen I've not seen before, I can't post a screen grab as I just noticed it's showing ip addresses but the error is "Error code 15 - This request was blocked by the security rules."

 

I've spent the day dropping in and out of the thread trying things to narrow down the cause and I finally worked out that it was a single command, I won't type it verbatim here in case it causes the same error. Here's the work around I finally ended up using.

 

more /etc/fstab

 

It's a simple Linux command that displays the contents of a file, but the thing that has had me tearing my hair out all day is that I wanted to type the word "cat" instead of "more" I'm only using the more command to keep a working instruction in the thread, but I cannot for the life of me think why it's causing a security issue, I can't see a swear word there, I'm not trying to issue it as a HTML markup, even quoting it made no difference. I did find I could put the word cat on one line and the rest on the next line and that worked, but obviously looks odd, ignore the "donkey dog" bit I was just typing random stuff trying to get a read on what was triggering it, I've got to go back and clean all that up Smiley Sad

 

CatOnSameLine.png

 

You can see here, on two lines it'll post, put it on the same line it triggers the error.

 

Does anyone has a rational explanation as to why this is making me tear my hair out ?? Am I just missing an obvious swearword or something, I'm putting a bit of time into these threads to save me keep walking people through the same things but this has me wanting to use bad words Smiley Happy I don't suggest everyone posts the same phrase in case we break the GG servers Smiley Surprised but it drives me nuts when I can't figure something out that should work.

Smiley Happy Take my advice, I'm not using it | Dtuxcomp's Tips | Free Giffgaff SIM with £5 credit
Message 1 of 9
by: harrrrrry
on: 07/12/2018 | 12:01

@dtuxcomp

 

All I can think is that there might be a known exploit where fradusters have managed to squeeze linux instructions into web text and have them executed -- not necessarily in giffgaff or lithium posts, but security software may have chosen to block such phrases as potentially suspicious, even if there isn't yet an exploit that has tried to use it on the target site,

 

I've no idea whether there's any real danger of that code being executed instead of displaying it. But overall, where security is concerned, its better to treat suspicious text as "guilty until proved innocent" than to let it through and do possibly significant damage before somebody can properly vet the code.

 

Get a free giffgaff Sim

Message 2 of 9
by: tradertall
on: 07/12/2018 | 13:53
linux, so old school
Get a free giffgaff Sim
Message 3 of 9
by: dtuxcomp
on: 07/12/2018 | 14:52

@harrrrrry wrote:

@dtuxcomp

 

All I can think is that there might be a known exploit where fradusters have managed to squeeze linux instructions into web text and have them executed -- not necessarily in giffgaff or lithium posts, but security software may have chosen to block such phrases as potentially suspicious, even if there isn't yet an exploit that has tried to use it on the target site,

 

I've no idea whether there's any real danger of that code being executed instead of displaying it. But overall, where security is concerned, its better to treat suspicious text as "guilty until proved innocent" than to let it through and do possibly significant damage before somebody can properly vet the code.

 

@harrrrrry Thanks yes I guess that makes sense, security does have to react first, think later, it just had me going in circles ruling things out, the last thing I expected to be causing trouble is the word "cat" so obviously that was literally the last thing I checked Smiley Sad

 

It's not a big issue now I've worked round it, I'll just have to remember that specific command trips it.

 

Thank you for your reply.

 

 

@tradertall  Old school, new school, as long as it works eh ? Smiley Wink Smiley Happy

 

Considering all the commands I referenced in these tips it's mental that the most innocent one would give me grief Smiley Happy

Smiley Happy Take my advice, I'm not using it | Dtuxcomp's Tips | Free Giffgaff SIM with £5 credit
Message 4 of 9
by: b_richards
on: 07/12/2018 | 15:43
I don't think it's anything to with what you were trying to post because i had the exact same error code yesterday (security alert/breach) when trying to log in.

It didn't happen today though, so i guess it was just something
that wastriggered wrongly.
Message 5 of 9
by: k89bpa
on: 07/12/2018 | 16:17
It's just badly configured security software.

When I was doing my formatting tests using totally benign HTML I was apparently setting off all kind of alarms and alerts.

Actual scripting, be it bash or any other language I can imagine would send it into a total meltdown.
Huawei P20 Pro | 9.0.0 | Data Plan: 180GB
My Public GDrive Folder
Message 6 of 9
by: dtuxcomp
on: 07/12/2018 | 17:16

@b_richards wrote:

I don't think it's anything to with what you were trying to post because i had the exact same error code yesterday (security alert/breach) when trying to log in.

It didn't happen today though, so i guess it was just something
that wastriggered wrongly.

@b_richards  I did run through all sorts of tests and tweaks to rule out the general issues yesterday and it was just that specific command in that order that caused the problem, although I suppose I should check it again today just in case.

Smiley Happy Take my advice, I'm not using it | Dtuxcomp's Tips | Free Giffgaff SIM with £5 credit
Message 7 of 9
by: dtuxcomp
on: 07/12/2018 | 17:19

@k89bpa wrote:

It's just badly configured security software.

When I was doing my formatting tests using totally benign HTML I was apparently setting off all kind of alarms and alerts.

Actual scripting, be it bash or any other language I can imagine would send it into a total meltdown.

@k89bpa  Thank you, at least I know I'm not the only one Smiley Wink

 

I could understand it if I was trying to insert it as HTML or an active piece of code but it's plain text, I'm not using the HTML tab, although I did run through the post in the HTML tab in case something had snuck in, but nope, nothing I did would allow that particular command through but as soon as I swapped out "cat" for "more" it posted fine.

Smiley Happy Take my advice, I'm not using it | Dtuxcomp's Tips | Free Giffgaff SIM with £5 credit
Message 8 of 9
by: dtuxcomp
on: 07/12/2018 | 18:43

@b_richards wrote:

I don't think it's anything to with what you were trying to post because i had the exact same error code yesterday (security alert/breach) when trying to log in.

It didn't happen today though, so i guess it was just something
that wastriggered wrongly.

@b_richards Nope Smiley Sad Did a test tonight and it's still not going to work.

Smiley Happy Take my advice, I'm not using it | Dtuxcomp's Tips | Free Giffgaff SIM with £5 credit
Message 9 of 9