UBB.Developers Forums UBB.threads 6 Bug Reports Same "old" Norton Internet Security 2002 story

I can't post with my Norton Internet Security 2002 Firewall enabled. []/forum/images/icons/frown.gif[/] I'm not quite sure but I think it wasn't a problem with the Beta 2 ??? It is pretty annoying to have to turn off the soft firewall (Win XP or Norton) before beeing able to post, many of our Users won't like that. Is there any possibility to make UBBThreads 6.x work WITH the firewall enabled ? The "firewall hack" to our 5.5.1 version seems to work flawless. Security concerns ?

When this check is turned off it makes it possible for people to save forms and submit them remotely because there is no way to validate that the form is being submitted from the local site. However, we have added a config option to turn this check on/off at the admins discretion.

Rick is this something that could be bypassed if using sessions? Then one could still be assured that posts are being made locally.

I have not had any issues posting here and using the WinXP firewall....

Well, you could generate an unique hash every time you visit newreply.php, store it in the session (as $confirmkey[$Number]) and also put it into as a hidden var in the newreply page. In addpost, you check if the hash value passed through the page matches the one assigned to the post number you are replying (from session). 'Number' is required since you could be replying from several browser windows and you may need many confirm values in the same time. Anyway, this just crossed my mind and, while looking interesting right now it will probably take me several seconds after hitting the submit button to realise a flaw that renders it unusable []/forum/images/icons/smile.gif[/]


[Edit] Doh! You can make your remote script to fetch the real newreply.php page in order to get a hash and then using it to POST the actual data. I don't see right now any serious protection against posting from remote locations (since changing the referer is trivial anyway).

We are running 5.5.1 and anyone who has had a problem has been able to post after doing the following:

For Norton Internet Security:

1. Open NIS.
2. Click Options.
3. Click Internet Security (or Personal Firewall).
4. Click Advanced Options.
5. Click the Web tab.
6. Click Add Site. A new site/domain box appears.
7. Enter the url of the site that you want to receive the referrer information and click OK. That site name appears in the left frame of the Advanced Options window.
8. Click the name of the new site.
9. Click the Privacy tab.
10. Check the "Use these rules for..." box.
11. Change the Referrer from "Block" to "Allow."
12. Click Apply, and then click OK.
13. Click OK to close the Options window.

Will this not work for the 6.0 version?

Hi Lisa !

Thanks for the VERY accurate description how to adjust NIS. If you can read this post, it means that the adjustment works and I was able to post with NIS enabled. BUT ... a lot of User who are using NIS might not know that. This means that we have to provide this information instantly before people register to our site and this is pretty difficult for us because people usually don't read the FAQ or the board rules with care. Thanks again.

Thanks for the informative info. I keep a FAQ forum on my site with all this useful info. At the very least, if they don't read it, they write to me... then I send them the URL to the post. Saves me some typing.

<blockquote><font class="small">In reply to:</font><hr>

7. Enter the url of the site that you want to receive the referrer information and click OK. That site name appears in the left frame of the Advanced Options window.

<hr></blockquote>
I'm on a mac... so I can't see how this is exactly set up. But I like to be a specific as possible. Exactly how should they enter the site url?
- http://www.mysite.com
- www.mysite.com
- mysite.com
???
Or, like the refer info in the config file, should they enter it the various ways?

Also, is this "Norton Internet Security" included as standard with Windows XP? This error seemed to only affect the XP people.
Thanks again for the help.

You enter the site like this:
http://www.mysite.com

That covers the entire site. []/forum/images/icons/smile.gif[/]

As for it being standard, I'm not positive, but I don't think so. I installed XP in December and never had a problem posting on our site through the perl version of w3t we had installed, then we switched over to php, then up to 5.5.1, and I was able to post with all 3 of those versions of the board software. I had enough people that encountered the firewall problem once we upgraded to 5.5.1 that I actually installed Norton Internet Security (big mistake []/forum/images/icons/rolleyes.gif[/] IMHO Norton & Windows have never played nice together, especially when you try to uninstall Norton -- I actually had to reinstall XP last week after trying to remove Norton). Anyway, I installed NIS to make sure that was the problem they were encountering, and as soon as it was installed I hit the "invalid host" error message when I tried to post. I went by the directions I posted above, and was instantly able to post again. []/forum/images/icons/smile.gif[/]

My version of XP isn't a "box" version, so it's possible that NIS is included in some versions, or that NIS is set up on some new machines running XP.

It is actually "www.mysite.com". That simple. []/forum/images/icons/wink.gif[/]

Uff, I am afraid this problem is also happening with ZoneAlarm 3.
If you do a default install of the program, cookie security is set to "medium", and it seems it blocks the "host" variable or something... []/forum/images/icons/mad.gif[/] []/forum/images/icons/mad.gif[/].

ZoneAlarm is very popular, this is a killer.

Dell is one company bundling NIS with XP. I'm sure there are others and I know what you mean about Norton and Windows not working together peacefully... lol (no more norton here either) []/forum/images/icons/wink.gif[/]

Figured out how to fix ZAP 3.0 so users don't get the "invalid host" message. It's not nearly as easy though (at least I didn't think so! []/forum/images/icons/tongue.gif[/] )

ZoneAlarm Pro 3.0

1. Begin at ZoneAlarm Pro Control Center (if ZAP is minimized to tray, simply right click on the "ZA" symbol and choose "Restore ZoneAlarm Pro Control Center".)

2. From left-hand column, choose "Privacy" (below "Alerts & Logs" and above "Email Protection".)

3. Click menu tab that says "Site List" (next to "Main", under "Help", in right-hand corner.)

4. Click on "Add" button on bottom right corner of Control Center (above "Options".)

5. A box pops up that says "Add sites to your privacy list by entering the URL below" and then asks for "URL".
Type in the URL for the site like: [:red]www.ubbdev.com[/]

6. Click "OK".

7. Locate the site you just entered in the list of sites and right click anywhere on that line. You are given the choice of "Remove" and "Options". Choose "Options".

8. You are given the options for the site you just entered. Under the "Cookies" menu, go to the "3rd Party Cookies" section. Uncheck "Remove Private Header Information". Click "Apply" at bottom. Click "OK" at bottom.

If you actually made it through, you should now be able to post at the site you entered without having to disable ZAP or getting the "invalid host" error. []/forum/images/icons/smile.gif[/]

I also discovered that a LOT of people are buying the Norton package that is being offered on a lot of websites and I'm getting spammed with daily. They are offering Norton System Works 2002 Professional Version (which includes Norton AntiVirus, Utilities, CleanSweep, Ghost, GoBack, and WinFax) for anywhere from $13.95 to $49.99. For $14, it's a great deal, so I can see why people are grabbing it up. If I didn't hate Norton, I'd probably grab it as well. []/forum/images/icons/tongue.gif[/]

For 14 bucks I would gladly purchase it and let it set with everything else... lol Can you point me to it? []/forum/images/icons/wink.gif[/]

There are a ton of links, it seems everyone and their brother is selling this now. []/forum/images/icons/crazy.gif[/] But this is the link that was posted on our site (posted as a deal, this isn't an affiliate of our site -- no spamming here! []/forum/images/icons/wink.gif[/])

Norton SystemWorks 2002 Professional (CD ONLY) -- $13.95

Thanks []/forum/images/icons/smile.gif[/] LoL I'm still debating on purchase... once I get the credit card out of the pocket the second thoughts kick in... LoL