Loading...
 
Skip to main content

Features / Usability


error notification on anonymous access attempt

posts: 80 United States

I have a website using Tikiwiki 5.1 that is being hit by spammers/hackers (www.omahacopwatch.com). I've removed the gallery that they were trying to access so now all they get is an error message. However, each time an anonymous party tries to access the missing file, the error message still runs about 14K. I would like to change the error message to some simple text message which would drain less of my bandwidth.

Any suggestions on how to change the error message in Tikiwiki are appreciated.

posts: 215

Hi,

In your earlier post you gave an example for the gallery accesses that you are seeing:

Copy to clipboard
http://omahacopwatch.progressiveresearchinstitute.org/tiki-galleries.php?&sort_mode=lastModif_desc&edit_mode=1&galleryId=201&offset=0


You also mentioned that you removed that gallery. From your example, "galleryId=201", refers to the removed gallery. You could add code to the .htaccess file which would give anyone that tried to access "galleryId=201" a 403 forbidden error, and it would stop tiki from processing the request and returning error messages. This would not stop anonymous access, only access attempts for that gallery.

If you are using the tiki supplied .htaccess for using clean URLs, add the following lines after the "RewriteEngine On" line and before the tiki supplied RewriteCond/RewriteRule rules:

Copy to clipboard
# force 403 error on attempted galleryId=201 access RewriteCond %{THE_REQUEST} galleryId=201 [NC] RewriteRule .* - [F,R,L]


Be very careful adding those lines. After saving it, make sure your website is still accessible, if you make a mistake, you will get a "Internal Server Error". If you get the internal server error message, just remove those lines. Making a backup of the .htaccess file before updating it would be a good idea.

This will stop any access by a URL using the string "galleryId=201", so if you did not remove the gallery, don't add this to your .htaccess file.

This also would only work for the progressiveresearchinstitute.org that you showed in your example, the galleryId for your omahacopwatch.com domain was probably different. And you would have to update the .htaccess file for both domains to block the access to both.

Tiki does not usually reuse gallery Id numbers, so you should not have to worry about this blocking access to any new galleries.

Good luck,
Tom

posts: 80 United States

I appreciate your suggestions. I removed the entire Image Gallery (which still existed in 5.1). I wonder if there is a way to tell Tikiwiki to stop only attempted anonymous access to that gallery or, at least, to display only a text message rather than the full page including logo and "you must log in" that it currently displays. The logo is what contributes heavily to the 14k load accompanying every error message.

On the positive side, I've used .htaccess to block repeat offenders. That seems to have worked in substantially reducing bandwidth use.

ElViejito

Tom Jarvis wrote:

Hi,

In your earlier post you gave an example for the gallery accesses that you are seeing:

Copy to clipboard
http://omahacopwatch.progressiveresearchinstitute.org/tiki-galleries.php?&sort_mode=lastModif_desc&edit_mode=1&galleryId=201&offset=0


You also mentioned that you removed that gallery. From your example, "galleryId=201", refers to the removed gallery. You could add code to the .htaccess file which would give anyone that tried to access "galleryId=201" a 403 forbidden error, and it would stop tiki from processing the request and returning error messages. This would not stop anonymous access, only access attempts for that gallery.

If you are using the tiki supplied .htaccess for using clean URLs, add the following lines after the "RewriteEngine On" line and before the tiki supplied RewriteCond/RewriteRule rules:

Copy to clipboard
# force 403 error on attempted galleryId=201 access RewriteCond %{THE_REQUEST} galleryId=201 [NC] RewriteRule .* - [F,R,L]


Be very careful adding those lines. After saving it, make sure your website is still accessible, if you make a mistake, you will get a "Internal Server Error". If you get the internal server error message, just remove those lines. Making a backup of the .htaccess file before updating it would be a good idea.

This will stop any access by a URL using the string "galleryId=201", so if you did not remove the gallery, don't add this to your .htaccess file.

This also would only work for the progressiveresearchinstitute.org that you showed in your example, the galleryId for your omahacopwatch.com domain was probably different. And you would have to update the .htaccess file for both domains to block the access to both.

Tiki does not usually reuse gallery Id numbers, so you should not have to worry about this blocking access to any new galleries.

Good luck,
Tom