Problem after upgrading to the latest phpBB version

[gapan]

Hi all, I upgraded the forum software to the latest version, 3.3.15, last night and a few hours ago I noticed that I get this message if I'm not logged in.

You have been banned from this board until 23. May 2025, 00:58.

Please contact the Board Administrator for more information.

Reason given for ban: Found in the Stop Forum Spam database 19 times

A ban has been issued on your IP address.

Others have reported the same problem. I am able to login myself, but others can't.

This seems to be from the stopforumspam plugin that we've been using: https://github.com/rmcgirr83/stopforumspam

I'm trying to fix it now, but it's not easy. Perhaps I'll need to revert the forum upgrade. I'll keep the board disabled until I'm able to fix it.

[gapan]

I think I have fixed the issue. Something went wrong with the forum upgrade.

The details are that I'm running the forum within a docker container. And apparently after the upgrade an entry has been placed in the forum database that the IP of the docker container was in the stopforumspam database, which we're using to ban bots. It's not a public IP, it was just 172.19.0.1, a private IP address. No idea why it got in the database.

I'll keep an eye on this, it might still be the case that when a known spammer IP is banned, the private IP address is added to the database with the new phpbb version.

[laprjns]

Working here now.

Thanks,
Rich

[gapan]

So now I'm pretty sure I've solved the issue. Turns out it was user error (mine).

See, as I wrote in my previous post, I run the phpbb forum within a docker container. This is behind an nginx reverse proxy. So traffic goes like this:

Code: Select all

Client ---> Reverse proxy ---> docker(phpBB)

instead of the expected:

Code: Select all

Client ---> phpBB

phpBB expects the latter, and reports the client IP with this line of code in the session.php file:

Code: Select all

$ip = html_entity_decode($request->server('REMOTE_ADDR'), ENT_COMPAT);

But when sitting behind a reverse proxy (like in our case), REMOTE_ADDR points to the reverse proxy IP, not the actual client IP, and that one is on the private network docker creates... So, every time I upgrade phpBB, I have to change that line to replace 'REMOTE_ADDR' with 'HTTP_X_REAL_IP', which together with the nginx configuration:

Code: Select all

      proxy_set_header   Host              $http_host;
      proxy_set_header   X-Real-IP         $remote_addr;
      proxy_set_header   X-Forwarded-Host $host;
      proxy_set_header   X-Forwarded-Server $host;
      proxy_set_header   X-Forwarded-Proto $scheme;
      proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
      proxy_set_header   X-Frame-Options   SAMEORIGIN;

points to the actual client IP.

I was so certain that after the upgrade I had applied that change that I didn't even check. Well, I hadn't.

So, what happened was that when a spammer tried to register, using an IP that is in the SFS database, the plugin saw the actual IP and banned it, but phpbb applied the ban on the REMOTE_ADDR that was the 172.19.0.1 private IP.

At least I think that is what happened. I will be 100% sure when another bot tries to register.

Sorry for the inconvenience everyone.

[gapan]

And now I am 100% sure. This is in the moderator log:

Banned IP for reason “Found in the Stop Forum Spam database 262 times” » 154.30.213.40

issued by the stopforumspam plugin.

Everything is back to normal now.