#1 2025-05-09 9:43 am

gapan

Member

Registered: 2024-11-01

Posts: 5

False positive issue with phpbb 3.3.15?

Hi,

so I upgraded my phpbb forum to 3.3.15 and I just noticed that if I'm logged out (or from a private window), when I visit my forum, I always get a page that reads:

You have been banned from this board until 23. May 2025, 00:58.

Please contact the Board Administrator for more information.

Reason given for ban: Found in the Stop Forum Spam database 19 times

A ban has been issued on your IP address.

The issue is that my IP is really not in the SFS database. And I get the exact same message, even the "19 times" part no matter what IP I connect from, I've tried from different networks.

And it gets more weird. If I go to the phpbb admin settings, and in the SFS set "Enable Stop Forum Spam" to No, I still get that message.

Is this an issue with phpbb 3.3.15 or could it be something else?

gapan

Member

Registered: 2024-11-01

Posts: 5

Re: False positive issue with phpbb 3.3.15?

So I disabled the SFS plugin, deleted its data, removed all its files from the system and I still get that message. What's going on?

Maikuolan

Member

From: Perth, Western Australia

Registered: 2011-08-09

Posts: 802

Website

Re: False positive issue with phpbb 3.3.15?

Have you contacted the plugin's author? I haven't seen the plugin myself, so I don't know anything about it, but assuming there's some kind of problem with the plugin, and assuming someone is able to determine the best way to fix it, as the author of the plugin is the person which'll ultimately be responsible for implementing any said fix, if it's at all possible to get in contact with them to let them know about the problem, it would be good to do so, I think.

Alex Kemp

Moderator

From: Nottingham, England

Registered: 2009-12-02

Posts: 2,457

Website

Re: False positive issue with phpbb 3.3.15?

I've checked the IP Address that you logged into SFS with to create your username, and can confirm that that IP is NOT in the SFS database. You need to do what Maikuolan advised. I would also suggest that you post the Plugin details here so that other users can avoid it.

---

Alex Kemp

IP Aggregation (Help) · Easy Firewall Generator (Help)  · Conteg v0.13.14

gapan

Member

Registered: 2024-11-01

Posts: 5

Re: False positive issue with phpbb 3.3.15?

I haven't contacted the plugin's author, but I will. The plugin is the phpbb plugin that linked from the SFS mods and plugins page, version 1.4.6. Sorry, I'm unable to post links [mod: added link].

I haven't contacted the plugin's author, but I will. I thought to check if someone here has experienced anything similar first.

gapan

Member

Registered: 2024-11-01

Posts: 5

Re: False positive issue with phpbb 3.3.15?

I think I have solved it, but I will keep an eye on this in case in comes up again. I'm posting the details as I understand them until now here in case anyone else happens to have the same problem.

The details are that I'm running the forum within a docker container. And apparently after the upgrade to phpbb 3.3.15 an entry has been placed in the forum database that the IP of the docker container was in the stopforumspam database, which we're using to ban bots. It's not an actual IP, it was just 172.19.0.1, a private IP address. No idea why it got in the database.

I'll keep an eye on this, it might still be the case that when a known spammer IP is banned, the private IP address is added to the database with the new phpbb version.

Alex Kemp

Moderator

From: Nottingham, England

Registered: 2009-12-02

Posts: 2,457

Website

Re: False positive issue with phpbb 3.3.15?

Private IP Addresses (Wikipedia)

172.19.0.1 is within 172.16.0.0/12, and as part of a private network should never appear within the SFS database.

---

Alex Kemp

IP Aggregation (Help) · Easy Firewall Generator (Help)  · Conteg v0.13.14

pedigree

uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı

From: New Zealand

Registered: 2008-04-16

Posts: 7,104

Re: False positive issue with phpbb 3.3.15?

172.19.* has no listings

https://www.stopforumspam.com/api?ip=172.19.0.1

> 0 results

select count(*) from spam where ip like '172.19.%'

> 0

pedigree

uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı

From: New Zealand

Registered: 2008-04-16

Posts: 7,104

Re: False positive issue with phpbb 3.3.15?

Ive just retested this and you cannot add this address.  It gives an error adding it, and despite it showing the wrong provider association, it rejects the request to add it

gapan

Member

Registered: 2024-11-01

Posts: 5

Re: False positive issue with phpbb 3.3.15?

The address didn't get in the database. There is no issue with the database. Or the plugin. Or the phpBB upgrade. Turns out it was all user error (mine), as I just found out.

See, as I wrote in my previous post, I run the phpbb forum within a docker container. This is behind an nginx reverse proxy. So traffic goes like this:

Client ---> Reverse proxy ---> docker(phpBB)

instead of the expected:

Client ---> phpBB

phpBB expects the latter, and reports the client IP with this line of code in the session.php file:

$ip = html_entity_decode($request->server('REMOTE_ADDR'), ENT_COMPAT);

But when sitting behind a reverse proxy (like in my case), REMOTE_ADDR points to the reverse proxy IP, not the actual client IP, and that one is on the private network docker creates... So, every time I upgrade phpBB, I have to change that line to replace 'REMOTE_ADDR' with 'H-T-T-P_X_REAL_IP' (remove the dashes, the forum thinks I'm posting a link), which together with the nginx configuration:

      proxy_set_header   Host              $h-t-t-p_host; # remove the dashes from h-t-t-p again
      proxy_set_header   X-Real-IP         $remote_addr;
      proxy_set_header   X-Forwarded-Host $host;
      proxy_set_header   X-Forwarded-Server $host;
      proxy_set_header   X-Forwarded-Proto $scheme;
      proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
      proxy_set_header   X-Frame-Options   SAMEORIGIN;

points to the actual client IP.

I was so certain that after the upgrade I had applied that change that I didn't even check. Well, I hadn't.

So, what happened was that when a spammer tried to register, using an IP that is in the SFS database, the plugin saw the actual IP and banned it, but phpbb applied the ban on the REMOTE_ADDR that was the 172.19.0.1 private IP.

Sorry for the noise.

pedigree

uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı

From: New Zealand

Registered: 2008-04-16

Posts: 7,104

Re: False positive issue with phpbb 3.3.15?

its all good, glad that you found the issue.

sanity checking my code and config often is never a bad thing