Source of Securi nasty message

Awesome info, I'll pass it on!

Nice one Lewis!!

Perhaps the owner of the forum, has to hire you as technical advisor!!

The same applies to

Please Login or Register  to view this content.

These messages are just false positives from a filter that Sucuri uses to monitor for certain expressions that may appear in hacking attempts. It does not mean that the page/PM/post/comment is actually a problem. It has basically no value. It's the same principle that the forum software uses to replace certain words with *** because they are on a short list of words that are considered rude or otherwise unsuitable. Sometimes perfectly valid text gets replaced by ***, for example when you post a table that has a column for "gender" but you have labeled it with the other word instead. The filter does not evaluate the context. It just replaces the offending characters. The Sucuri warning about SQL injection is just as useful and just as (not) correct.

I'd be very surprised if a VBulletin board would allow SQL injection via forum posts or PMs in the first place. It's a teeny bit more complicated than that.

I also had the same problem when I tried to post a formula that contained CHAR() function. The only workaround I could come up with is to insert some characters into the function name. After that I would go to Edit and remove those characters.

Originally Posted by LJMetzger

@teylyn,
My hope was that ExcelForum could add filter rules such as ignore anything that is NOT inside CODE TAGS, or that certain POSITIVE KEYWORDS could be ignored.

Lewis

Yeah, well, there's always hope.

Currently, my hope is that Excelforum will manage to display web standard image formats to web standard browsers. Apparently, half the population of this forum cannot see PNG images in posts.

Assuming that PNG images in posts happen a lot more often than code keywords that trigger Securi blocks, and seeing that the issue of PNG images not showing for users with certain browsers has been reported about a year ago, I would not get my hopes up that your suggestion gets any traction.

For the PNG problem, there are tried and tested solutions to the problem and people who know about forum software have posted them.

Still, nothing has happened.

As far as I can see, the "tech team" will try (! - with varying degrees of success) to keep the lights on, but on top of that, don't get your hopes up. Don't expect more than the basics, because this forum does not even manage to deliver the basics of a modern forum.

FYI,

The Firewall would not let me put the following code in post #8 of the following thread today http://www.excelforum.com/excel-prog...ml#post4203888

Please Login or Register  to view this content.

Sucuri WebSite Firewall - CloudProxy - Access Denied
...
Block details

Your IP: 96.234.66.73
URL: http://www.excelforum.com/editpost.p...postid=4203888
Your Browser: Mozilla/5.0 (Windows NT 6.0; rv:38.0) Gecko/20100101 Firefox/38.0
Block ID: SQLi17
Block reason: SQL injection was detected and blocked.
Time: Wed, 30 Sep 2015 09:44:38 -0400
Server ID: cp448

It is very interesting that when I add the line to the referenced thread, the Firewall blocks me, but the Firewall allows the same code in this thread.

Additional information. When I surrounded the word 'Select' with BOLD and RED COLOR in the other thread, the Firewall finally allowed the code.

Lewis

Hey Lewis,

It's Sucuri like in suck