Error message from computerforum.com

bard

bard

New Member
A couple of times now when I've signed in, instead of the welcome page a page comes up with just this: "Post requests from foreign hosts are not allowed."

Am I doing something wrong here? Both times I just stayed online but closed and reopened IE, came back here, and got in with no problem, so it's not a big hassle. Just wondering what's up.
 
Last edited:
Christopher

Christopher

VIP Member
To prevent XSS attacks, vBulletin (software running this board) checks POST requests to ensure they are coming from this site.

I don't know why it'd be giving you those errors, though.
 
bard

bard

New Member
Chroder said:
To prevent XSS attacks, vBulletin (software running this board) checks POST requests to ensure they are coming from this site.
Click to expand...
Sounds sensible enough, as far as I understand it. Does XSS mean someone hacking in for sneaky reasons? Also, POST looks like an acronym--I got the impression from the error message that it was post as in posting a message.
 
Last edited:
Christopher

Christopher

VIP Member
XSS means "cross site scripting". Usually an attacker likes to inject code into a users request and it get's executed (for example, sending their cookie info to another server to be logged). The general rule of thumb for software developers is to never trust user input. So when software doesn't sanitize and test user input, things like this can happen.

POST is a type of request that happens when you transmit information over HTTP (the protocol to transmit web page files, mostly), used with forms mainly. So when you submit a form, you are usually sending a POST request to the server -- meaning, posting a new thread, post, logging in, saving a new signature etc.

Anyway, I was thinking of something else -- it isn't to prevent XSS attacks, its to stop other sites from auto-submitting forms (spamming). vBulletin has had a crazy month with vulnerabilities, it's easy to get confused :D
 
Last edited:
bard

bard

New Member
Thank you, Chroder, for your explanation. I do understand rather better now. Still curious as to why vBuletin would think I was from outside the site. :confused: Oh, well . . . .
 
You must log in or register to reply here.
Top