#1 2016-10-01 12:38 pm

kpatz

Member

Registered: 2008-10-09

Posts: 1,437

Overzealous Cloudflare anti hack blocking

I had a post get blocked with a nasty error message and it took many attempts before I could get it to post.  It appears that quotation marks, either single or double, in combination with certain words, cause the issue.

CloudFlare Ray ID: 2eaff17f81730d13

Here's a screen shot of the text that triggers the block.  I tried removing the kill part or obfuscating the word but that didn't help.  Submitting without the quotation marks lets it go through.  Even including just the words spam and spammer each inside quotes will trigger it.

---

Spam happens when greed meets stupidity.

Papa Parrot

Member

From: Mexico

Registered: 2011-08-19

Posts: 1,826

Website

Re: Overzealous Cloudflare anti hack blocking

Oh,  so if I say "spam"  or "spammer" , like this with out quotation marks,  let me see.

Edited -----
I couldn't seem to duplicate it,  so I don't know what to say , could the "spammer" and spam be "killed" or
do we need to "kill kill kill the spambots" ?

---

Everything is for the Birds

And now, Papa Parrot and his kids

Alex Kemp

Moderator

From: Nottingham, England

Registered: 2009-12-02

Posts: 2,423

Website

Re: Overzealous Cloudflare anti hack blocking

Seems like it is just personal to you, kpatz. Is it something that you did whilst Cloudflare was watching? Or perhaps they object to exclamation marks?

test string result (posting this message with a copy of kpatz's string of text rather than this report):

Sorry, you have been blocked
You are unable to access stopforumspam.com.

So yes; Cloudflare does not like something, or some combo of things, within that string.

---

Alex Kemp

IP Aggregation (Help) · Easy Firewall Generator (Help)  · Conteg v0.13.14

kpatz

Member

Registered: 2008-10-09

Posts: 1,437

Re: Overzealous Cloudflare anti hack blocking

It's probably a combo of things.  If you take my string that is blocked and simply remove all the quotation marks, it goes through fine.  What's odd is there isn't anything in there that remotely resembles any form of hack/injection attempt that would warrant blocking.

---

Spam happens when greed meets stupidity.

zero-tolerance

Member

Registered: 2013-02-25

Posts: 339

Re: Overzealous Cloudflare anti hack blocking

It seems to be a common pattern in both software and firmware that the most trivial features are highly configurable, while the most egregious misfeatures are not...

Papa Parrot

Member

From: Mexico

Registered: 2011-08-19

Posts: 1,826

Website

Re: Overzealous Cloudflare anti hack blocking

I tried it again, but like Alex said, with a exact copy, from the post in the other thread,  added the
quotation marks,.... and yea, I get the same error.

---

Everything is for the Birds

And now, Papa Parrot and his kids

pedigree

uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı

From: New Zealand

Registered: 2008-04-16

Posts: 7,056

Re: Overzealous Cloudflare anti hack blocking

I'm still trying to configure it to be secure without doing this.  Cloudflare are telling me it detected SQLi, which is obviously rubbish