Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Insecure connection used for Stop Forum Spam API #4100

Closed
JordanMussi opened this issue Jun 29, 2020 · 1 comment · Fixed by #4101
Closed

Insecure connection used for Stop Forum Spam API #4100

JordanMussi opened this issue Jun 29, 2020 · 1 comment · Fixed by #4101
Assignees
@JordanMussi
Labels
b:1.8 Branch: 1.8.x easy-pick Not difficult; good first issue to resolve s:resolved Status: Resolved. Solution implemented or scheduled t:enhancement Type: Enhancement. Contains minor improvements
Milestone
1.8.23

Comments

@JordanMussi
Copy link
Contributor

mybb/inc/class_stopforumspamchecker.php

Line 21 in dd96062

const STOP_FORUM_SPAM_API_URL_FORMAT = 'http://api.stopforumspam.org/api?username=%s&email=%s&ip=%s&f=json&confidence';

HTTP and HTTPS Support

The API supports HTTP however the client must support SNI in order to validate certificate chains. If the client verifies the certificate chain by default, and SNI is not supported, then the connection will fail unless verify is disabled.

* The python included in Ubuntu 14.04 and below does not support SNI.

The API will accept connections on the following ports

HTTP

  • Port 80

HTTPS

  • Port 443 (client must support SNI otherwise must have certificate verification disabled)

Stop Forum Spam API Usage
@JordanMussi JordanMussi added t:enhancement Type: Enhancement. Contains minor improvements s:confirmed Status: Confirmed. Retested and found the issue exists labels Jun 29, 2020
@JordanMussi JordanMussi added this to the 1.8.23 milestone Jun 29, 2020
@JordanMussi JordanMussi self-assigned this Jun 29, 2020
JordanMussi added a commit to JordanMussi/MyBB that referenced this issue Jun 29, 2020
@JordanMussi
Fixes mybb#4100 Insecure connection used for Stop Forum Spam API
9f667ea
@JordanMussi JordanMussi mentioned this issue Jun 29, 2020
Merged
@JordanMussi JordanMussi added s:review-needed Status: Review Needed. Possible solution submitted and removed s:confirmed Status: Confirmed. Retested and found the issue exists labels Jun 29, 2020
@euantorano
Copy link
Member

Note: This will be fixed in 1.9 already when #3812 is finished: https://github.com/mybb/mybb/pull/3812/files#diff-35445ea221965cd8d7825ebab057df23

@euantorano euantorano added the easy-pick Not difficult; good first issue to resolve label Jun 29, 2020
euantorano pushed a commit that referenced this issue Jun 29, 2020
@JordanMussi
Fixes #4100 Insecure connection used for Stop Forum Spam API (#4101)
960bacb
@euantorano euantorano added s:resolved Status: Resolved. Solution implemented or scheduled and removed s:review-needed Status: Review Needed. Possible solution submitted labels Jun 29, 2020
@JordanMussi JordanMussi added the b:1.8 Branch: 1.8.x label Jun 29, 2020
lairdshaw pushed a commit to lairdshaw/mybb that referenced this issue Oct 11, 2021
@JordanMussi @lairdshaw
Fixes mybb#4100 Insecure connection used for Stop Forum Spam API (myb…
f9c39b1 
…b#4101)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JordanMussi JordanMussi

Labels
b:1.8 Branch: 1.8.x easy-pick Not difficult; good first issue to resolve s:resolved Status: Resolved. Solution implemented or scheduled t:enhancement Type: Enhancement. Contains minor improvements
Projects
None yet
Milestone
1.8.23
Development

Successfully merging a pull request may close this issue.

Fixes #4100 Insecure connection used for Stop Forum Spam API JordanMussi/MyBB
2 participants
@euantorano @JordanMussi