Youtube: Possible security attack

Hi, I'm using Dolphin RC2 and when I'm trying to add an youtube video to an article, after i hit the post button, i receive the following message: "Possible security attack!!! All data has been collected and sent to the site owner for analysis"

And on my email I receive this:

Total impact: 26
Affected tags: xss, csrf, id, rfe

Variable: REQUEST.content | Value: <p>I guess almost detailing fans heard about <strong>Paul Daulton</strong>, the most expensive detailer worldwide. He has a detailing package that cost <strong>5000 GBP</strong>. In the next clip, you will see how was prepared a <strong>2008 Morgan Aeromax</strong> by <strong>Paul Daulton</strong> for a car show. Also, <strong>Paul Dalton</strong> has a car was made by <strong>Swissvax</strong>: <strong>Swissvax Crystal Rock</strong>.</p>
<p><object width=\"425\" height=\"344\"><param name=\"movie\" value=\"http://www.youtube.com/v/OlDr0eBze2c&color1=0xb1b1b1&color2=0xcfcfcf&hl=en_US&feature=player_embedded&fs=1\"></param><param name=\"allowFullScreen\" value=\"true\"></param><param name=\"allowScriptAccess\" value=\"always\"></param><embed src=\"http://www.youtube.com/v/OlDr0eBze2c&color1=0xb1b1b1&color2=0xcfcfcf&hl=en_US&feature=player_embedded&fs=1\" type=\"application/x-shockwave-flash\" allowfullscreen=\"true\" allowScriptAccess=\"always\" width=\"425\" height=\"344\"></embed></object></p>
Impact: 13 | Tags: xss, csrf, id, rfe
Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2
Description: Detects JavaScript language constructs | Tags: xss, csrf, id, rfe | ID: 20
Description: Detects JavaScript location/document property access and window access obfuscation | Tags: xss, csrf | ID: 23

Variable: POST.content | Value: <p>I guess almost detailing fans heard about <strong>Paul Daulton</strong>, the most expensive detailer worldwide. He has a detailing package that cost <strong>5000 GBP</strong>. In the next clip, you will see how was prepared a <strong>2008 Morgan Aeromax</strong> by <strong>Paul Daulton</strong> for a car show. Also, <strong>Paul Dalton</strong> has a car was made by <strong>Swissvax</strong>: <strong>Swissvax Crystal Rock</strong>.</p>
<p><object width=\"425\" height=\"344\"><param name=\"movie\" value=\"http://www.youtube.com/v/OlDr0eBze2c&color1=0xb1b1b1&color2=0xcfcfcf&hl=en_US&feature=player_embedded&fs=1\"></param><param name=\"allowFullScreen\" value=\"true\"></param><param name=\"allowScriptAccess\" value=\"always\"></param><embed src=\"http://www.youtube.com/v/OlDr0eBze2c&color1=0xb1b1b1&color2=0xcfcfcf&hl=en_US&feature=player_embedded&fs=1\" type=\"application/x-shockwave-flash\" allowfullscreen=\"true\" allowScriptAccess=\"always\" width=\"425\" height=\"344\"></embed></object></p>
Impact: 13 | Tags: xss, csrf, id, rfe
Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2
Description: Detects JavaScript language constructs | Tags: xss, csrf, id, rfe | ID: 20
Description: Detects JavaScript location/document property access and window access obfuscation | Tags: xss, csrf | ID: 23

REMOTE_ADDR: 89.136.155.238
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:
SCRIPT_FILENAME: /home/pushtiul/public_html/modules/index.php
QUERY_STRING: r=articles/admin/
REQUEST_URI: /m/articles/admin/
QUERY_STRING: r=articles/admin/
SCRIPT_NAME: /modules/index.php
PHP_SELF: /modules/index.php

I've searched about a fix, and I saw that my files from RC2 are already modified like the ticket who show how to fix this problem. I don't know what to do. Can you help me please?

Thank you!

The problem is the PHPIDS feature in Dolphin is not liking you trying to post a video in a article. If you try to do it in the forum, it will do the same thing because of the link, shockwave, etc.

If you really have to post a youtube video inside an article, the only way to get around this is to bump your total impact levels in Settings>Advanced settings>Other from 9 and 27 to possibly 28 and 28. It is not recommended to keep these settings there unless you want to take the risk of someone actually posing a real attack on your site.

Chris

Thanks Chris for your answer. Can someone from Boonex Support Team if this will be solved in the next Dolphin RC version?

I can tell you that I have seen them working on a way to add a -1 in the total impact fields to actually disable the PHPIDS security function.  :)

Chris

I've installed Dolphin 7.0 and I've received the same error message when I'm trying to post an Youtube video. The settings are default. What can I do? Thank you!

What Zarcon say earlier:

I thought that they already fixed with this new dolphin 7.0 version.

where are you trying to post a youtube video at? because what gets me on this is there is an actual feature that allows uploading all of the videos you could ever need, and seems people persist in wanting to embed videos into articles, forum blogs, and even emails.

how come the video feature is not enough to accomodate any site that has an actual need for video feeds?

just wondering.

and i believe that you can do as suggested earlier by Zar(G)con, and that would be to raise your impact level.

administration --> settings --> advanced settings --> other

increase the level, and keep trying as you raise the threshhold incrementally until you are able to upload the video into the articles or wherever you are trying to upload videos.

Regards,

DosDawg

Happy New Year

there was nothing to fix, this is a security feature of the site. so the ability to adjust those default settings would be left up to the admin.

Regards,

DosDawg

Happy New Year

OK. But if I will modify the settings, will my security will be more low?

I am also getting lot of such emails when users are trying to embed youtube videos into their video albums.

i do no want to hike the impact level values and want to go with defaults so i don't cause security threats for my site. I thought embedding of youtube videos is an inbuilt function, so why is it throwing so many security emails. There should be some setting such that when the video is embedded from youtube into a video album, the phpids are not considered or something.

I have 20 users so far and I get around 20-30 such emails/day when they are embedding videos, imagine what would happen for 20,000 users.

Please help.

i have 7.0 version from dolphin and I want to make a new group but this is not likely receive the same error I think that this error is a fight game, I set the security level 28/28 but still not working Im test setup  total impact to -1 and i have same errors: Possible security attack!!! All data has been collected and sent to the site owner for analysis.

There are 2 places to put that -1 value. Total impact to send mail AND total impact to block user. Make sure its in both. Clear /cache (except for .htaccess) and /public_html via FTP. You can also choose to remove the caching options for your template via Admin Panel>Advanced Settings>Templates and remove the checkmarks from:

Enable cache for CSS files:

Enable cache for JS files:

Chris