Skip to Content Skip to Menu

CSRF attack recognized

  • chrissy6930
  • chrissy6930
  • OFFLINE
  • Posts: 27
  • Thanks: 0
  • Karma: 1
  • Add-ons
15 years 7 months ago #93704 by chrissy6930
CSRF attack recognized was created by chrissy6930
hi all,

I just installed iddeIM 1.6 on a J1.5.10 session with CB 1.2 stable 1.0 and am getting the following error when attempting to send a pm:

CSRF attack recognized

could somebody pls explain to me what it is about? and what I need to do to get it sorted?

email message attempted to send: "test message :)"

Please Log in or Create an account to join the conversation.

  • slabbi
  • slabbi
  • OFFLINE
  • Posts: 3709
  • Thanks: 250
  • Karma: 153
15 years 7 months ago #93706 by slabbi
Replied by slabbi on topic Re:CSRF attack recognized
Check the admin backend, system tab.
By default it is off, so why have you enabled it?
uddeIM & uddePF Development
CB Language Workgroup
CB 3rd Party Developer

Please Log in or Create an account to join the conversation.

  • chrissy6930
  • chrissy6930
  • OFFLINE
  • Posts: 27
  • Thanks: 0
  • Karma: 1
  • Add-ons
15 years 7 months ago #93717 by chrissy6930
Replied by chrissy6930 on topic Re:CSRF attack recognized
well... ummm... because it says 'Usually this should be enabled.'

got it to work now . thank you!

Please Log in or Create an account to join the conversation.

15 years 7 months ago #94249 by thisvision
Replied by thisvision on topic Re:CSRF attack recognized
slabbi wrote:

Check the admin backend, system tab.
By default it is off, so why have you enabled it?


The system tab says:
CSRF protection -- This protects all forms against Cross-Site Request Forgery attacks. Usually this should be enabled. Only when you have strange problems switch it off.

Please Log in or Create an account to join the conversation.

  • slabbi
  • slabbi
  • OFFLINE
  • Posts: 3709
  • Thanks: 250
  • Karma: 153
15 years 7 months ago #94250 by slabbi
Replied by slabbi on topic Re:CSRF attack recognized
...and he has "strange problems", hasn't he?

It works on most systems fine. Sometimes other components/templates change the session, so the protection does not work on these systems. Also using the back button on the compose page will raise this message.
uddeIM & uddePF Development
CB Language Workgroup
CB 3rd Party Developer

Please Log in or Create an account to join the conversation.

15 years 7 months ago #94253 by thisvision
Replied by thisvision on topic Re:CSRF attack recognized
Is that message a strange problem?

Sounds like a pretty standard error message to me.

Please Log in or Create an account to join the conversation.

Moderators: beatnantslabbikrileon
Powered by Kunena Forum