People connecting to my server who have badly infected computers [on hold]
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
I have an Ubuntu 18.04 Server running ModSecurity and Fail2Ban.
On this server I run a forum.
The Dilemma I'm facing is that I have a dozen or so regular members of my forum who are constantly blocked by Modsecurity for a wide variety of Security Policy Violations. More often than not, SQL Injection attempts.
The logs clearly show attempts to inject extraneous characters and do other malicious things against the server.
Even more frustrating is that most of them report they have no problems at other forums they visit. I find this extremely frustrating. Does this mean I have too much security....or that other forums don't have enough?
These members have heavily donated to support the forum and have been members for 5 - 12 years, so i know them through the forums.
However, most of these dozen or so are what you might call computer illiterate. They aren't savvy to malware and virus protection.
Most are in their 60's and 70's now. so they really don't want a lot of computer hassles.
A few of them do not take too kindly to suggesting it may their computer that's the problem. Even though they know little about computers, they shrug off the suggestion to check and basically shut me up with a "let's don't worry about that" reply.
That said, they are frustrated that they keep getting blocked. My choice is to drop the firewall security....or lose their participation. Since NEITHER option is viable, what is the best course of action in your opinion?
I hope this is not inappropriate here. I'm not sure where else to poist this type of question. Any advice is appreciated.
Thank you
server
put on hold as primarily opinion-based by vidarlo, mook765, earthmeLon, Florian Diesch, user68186 2 days ago
Many good questions generate some degree of opinion based on expert experience, but answers to this question will tend to be almost entirely based on opinions, rather than facts, references, or specific expertise. If this question can be reworded to fit the rules in the help center, please edit the question.
add a comment |
I have an Ubuntu 18.04 Server running ModSecurity and Fail2Ban.
On this server I run a forum.
The Dilemma I'm facing is that I have a dozen or so regular members of my forum who are constantly blocked by Modsecurity for a wide variety of Security Policy Violations. More often than not, SQL Injection attempts.
The logs clearly show attempts to inject extraneous characters and do other malicious things against the server.
Even more frustrating is that most of them report they have no problems at other forums they visit. I find this extremely frustrating. Does this mean I have too much security....or that other forums don't have enough?
These members have heavily donated to support the forum and have been members for 5 - 12 years, so i know them through the forums.
However, most of these dozen or so are what you might call computer illiterate. They aren't savvy to malware and virus protection.
Most are in their 60's and 70's now. so they really don't want a lot of computer hassles.
A few of them do not take too kindly to suggesting it may their computer that's the problem. Even though they know little about computers, they shrug off the suggestion to check and basically shut me up with a "let's don't worry about that" reply.
That said, they are frustrated that they keep getting blocked. My choice is to drop the firewall security....or lose their participation. Since NEITHER option is viable, what is the best course of action in your opinion?
I hope this is not inappropriate here. I'm not sure where else to poist this type of question. Any advice is appreciated.
Thank you
server
put on hold as primarily opinion-based by vidarlo, mook765, earthmeLon, Florian Diesch, user68186 2 days ago
Many good questions generate some degree of opinion based on expert experience, but answers to this question will tend to be almost entirely based on opinions, rather than facts, references, or specific expertise. If this question can be reworded to fit the rules in the help center, please edit the question.
1
It's great to try to be considerate of others, their limitations and desires, but not at the cost of your own or others' security or health. Ask your other users if they want to take on the risk of using a system that is used by other, infected systems. I bet you'll get a pretty clear answer thinking of it from that perspective. Next donation round, advise those with issues to get their fixed instead of donating.
– earthmeLon
2 days ago
P.S. How much money do I send you for permission to attack your server, or do I have to be a specific age, first ?(:P)
– earthmeLon
2 days ago
1
It depends on forum software. Good one is not affected by SQL injection, cause code can be written in secure way. But if you are not author of forum soft, turning off security modules is not recommended. Security break can affect server as well as another users.
– LeonidMew
2 days ago
LeonidMew, the problem with turning off (or down) the security is in case of a vulnerability in an update or installation of other software on the server. Even the best of the best occasionally make mistakes. Microsoft and Cisco occasionally get hacked.
– User6655
2 days ago
Would it be possible to put on your forum what malware could do on peoples computers, like cleaning out their bank accounts and of their friends and family. Also add easy ways to check and clean their computers.
– crip659
2 days ago
add a comment |
I have an Ubuntu 18.04 Server running ModSecurity and Fail2Ban.
On this server I run a forum.
The Dilemma I'm facing is that I have a dozen or so regular members of my forum who are constantly blocked by Modsecurity for a wide variety of Security Policy Violations. More often than not, SQL Injection attempts.
The logs clearly show attempts to inject extraneous characters and do other malicious things against the server.
Even more frustrating is that most of them report they have no problems at other forums they visit. I find this extremely frustrating. Does this mean I have too much security....or that other forums don't have enough?
These members have heavily donated to support the forum and have been members for 5 - 12 years, so i know them through the forums.
However, most of these dozen or so are what you might call computer illiterate. They aren't savvy to malware and virus protection.
Most are in their 60's and 70's now. so they really don't want a lot of computer hassles.
A few of them do not take too kindly to suggesting it may their computer that's the problem. Even though they know little about computers, they shrug off the suggestion to check and basically shut me up with a "let's don't worry about that" reply.
That said, they are frustrated that they keep getting blocked. My choice is to drop the firewall security....or lose their participation. Since NEITHER option is viable, what is the best course of action in your opinion?
I hope this is not inappropriate here. I'm not sure where else to poist this type of question. Any advice is appreciated.
Thank you
server
I have an Ubuntu 18.04 Server running ModSecurity and Fail2Ban.
On this server I run a forum.
The Dilemma I'm facing is that I have a dozen or so regular members of my forum who are constantly blocked by Modsecurity for a wide variety of Security Policy Violations. More often than not, SQL Injection attempts.
The logs clearly show attempts to inject extraneous characters and do other malicious things against the server.
Even more frustrating is that most of them report they have no problems at other forums they visit. I find this extremely frustrating. Does this mean I have too much security....or that other forums don't have enough?
These members have heavily donated to support the forum and have been members for 5 - 12 years, so i know them through the forums.
However, most of these dozen or so are what you might call computer illiterate. They aren't savvy to malware and virus protection.
Most are in their 60's and 70's now. so they really don't want a lot of computer hassles.
A few of them do not take too kindly to suggesting it may their computer that's the problem. Even though they know little about computers, they shrug off the suggestion to check and basically shut me up with a "let's don't worry about that" reply.
That said, they are frustrated that they keep getting blocked. My choice is to drop the firewall security....or lose their participation. Since NEITHER option is viable, what is the best course of action in your opinion?
I hope this is not inappropriate here. I'm not sure where else to poist this type of question. Any advice is appreciated.
Thank you
server
server
edited 2 days ago
User6655
asked 2 days ago
User6655User6655
665
665
put on hold as primarily opinion-based by vidarlo, mook765, earthmeLon, Florian Diesch, user68186 2 days ago
Many good questions generate some degree of opinion based on expert experience, but answers to this question will tend to be almost entirely based on opinions, rather than facts, references, or specific expertise. If this question can be reworded to fit the rules in the help center, please edit the question.
put on hold as primarily opinion-based by vidarlo, mook765, earthmeLon, Florian Diesch, user68186 2 days ago
Many good questions generate some degree of opinion based on expert experience, but answers to this question will tend to be almost entirely based on opinions, rather than facts, references, or specific expertise. If this question can be reworded to fit the rules in the help center, please edit the question.
1
It's great to try to be considerate of others, their limitations and desires, but not at the cost of your own or others' security or health. Ask your other users if they want to take on the risk of using a system that is used by other, infected systems. I bet you'll get a pretty clear answer thinking of it from that perspective. Next donation round, advise those with issues to get their fixed instead of donating.
– earthmeLon
2 days ago
P.S. How much money do I send you for permission to attack your server, or do I have to be a specific age, first ?(:P)
– earthmeLon
2 days ago
1
It depends on forum software. Good one is not affected by SQL injection, cause code can be written in secure way. But if you are not author of forum soft, turning off security modules is not recommended. Security break can affect server as well as another users.
– LeonidMew
2 days ago
LeonidMew, the problem with turning off (or down) the security is in case of a vulnerability in an update or installation of other software on the server. Even the best of the best occasionally make mistakes. Microsoft and Cisco occasionally get hacked.
– User6655
2 days ago
Would it be possible to put on your forum what malware could do on peoples computers, like cleaning out their bank accounts and of their friends and family. Also add easy ways to check and clean their computers.
– crip659
2 days ago
add a comment |
1
It's great to try to be considerate of others, their limitations and desires, but not at the cost of your own or others' security or health. Ask your other users if they want to take on the risk of using a system that is used by other, infected systems. I bet you'll get a pretty clear answer thinking of it from that perspective. Next donation round, advise those with issues to get their fixed instead of donating.
– earthmeLon
2 days ago
P.S. How much money do I send you for permission to attack your server, or do I have to be a specific age, first ?(:P)
– earthmeLon
2 days ago
1
It depends on forum software. Good one is not affected by SQL injection, cause code can be written in secure way. But if you are not author of forum soft, turning off security modules is not recommended. Security break can affect server as well as another users.
– LeonidMew
2 days ago
LeonidMew, the problem with turning off (or down) the security is in case of a vulnerability in an update or installation of other software on the server. Even the best of the best occasionally make mistakes. Microsoft and Cisco occasionally get hacked.
– User6655
2 days ago
Would it be possible to put on your forum what malware could do on peoples computers, like cleaning out their bank accounts and of their friends and family. Also add easy ways to check and clean their computers.
– crip659
2 days ago
1
1
It's great to try to be considerate of others, their limitations and desires, but not at the cost of your own or others' security or health. Ask your other users if they want to take on the risk of using a system that is used by other, infected systems. I bet you'll get a pretty clear answer thinking of it from that perspective. Next donation round, advise those with issues to get their fixed instead of donating.
– earthmeLon
2 days ago
It's great to try to be considerate of others, their limitations and desires, but not at the cost of your own or others' security or health. Ask your other users if they want to take on the risk of using a system that is used by other, infected systems. I bet you'll get a pretty clear answer thinking of it from that perspective. Next donation round, advise those with issues to get their fixed instead of donating.
– earthmeLon
2 days ago
P.S. How much money do I send you for permission to attack your server, or do I have to be a specific age, first ?(:P)
– earthmeLon
2 days ago
P.S. How much money do I send you for permission to attack your server, or do I have to be a specific age, first ?(:P)
– earthmeLon
2 days ago
1
1
It depends on forum software. Good one is not affected by SQL injection, cause code can be written in secure way. But if you are not author of forum soft, turning off security modules is not recommended. Security break can affect server as well as another users.
– LeonidMew
2 days ago
It depends on forum software. Good one is not affected by SQL injection, cause code can be written in secure way. But if you are not author of forum soft, turning off security modules is not recommended. Security break can affect server as well as another users.
– LeonidMew
2 days ago
LeonidMew, the problem with turning off (or down) the security is in case of a vulnerability in an update or installation of other software on the server. Even the best of the best occasionally make mistakes. Microsoft and Cisco occasionally get hacked.
– User6655
2 days ago
LeonidMew, the problem with turning off (or down) the security is in case of a vulnerability in an update or installation of other software on the server. Even the best of the best occasionally make mistakes. Microsoft and Cisco occasionally get hacked.
– User6655
2 days ago
Would it be possible to put on your forum what malware could do on peoples computers, like cleaning out their bank accounts and of their friends and family. Also add easy ways to check and clean their computers.
– crip659
2 days ago
Would it be possible to put on your forum what malware could do on peoples computers, like cleaning out their bank accounts and of their friends and family. Also add easy ways to check and clean their computers.
– crip659
2 days ago
add a comment |
0
active
oldest
votes
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
1
It's great to try to be considerate of others, their limitations and desires, but not at the cost of your own or others' security or health. Ask your other users if they want to take on the risk of using a system that is used by other, infected systems. I bet you'll get a pretty clear answer thinking of it from that perspective. Next donation round, advise those with issues to get their fixed instead of donating.
– earthmeLon
2 days ago
P.S. How much money do I send you for permission to attack your server, or do I have to be a specific age, first ?(:P)
– earthmeLon
2 days ago
1
It depends on forum software. Good one is not affected by SQL injection, cause code can be written in secure way. But if you are not author of forum soft, turning off security modules is not recommended. Security break can affect server as well as another users.
– LeonidMew
2 days ago
LeonidMew, the problem with turning off (or down) the security is in case of a vulnerability in an update or installation of other software on the server. Even the best of the best occasionally make mistakes. Microsoft and Cisco occasionally get hacked.
– User6655
2 days ago
Would it be possible to put on your forum what malware could do on peoples computers, like cleaning out their bank accounts and of their friends and family. Also add easy ways to check and clean their computers.
– crip659
2 days ago