miniBB ® miniBB®
miniBB Support Forums
 | Forums | Register | Search | Statistics | Manual |
Specific miniBB Support Forums / Specific /   

Can not proceed: possible CSRF/XSRF attack!

Author Buzz
Registered
#1 | Posted: 20 Aug 2008 14:21 
After upgrading, when I as Admin try to delete a post, I get this message:
Can not proceed: possible CSRF/XSRF attack!

What does that mean?

Author Paul
Lead Developer
#2 | Posted: 21 Aug 2008 02:51 | Edited by: Paul 
It could mean that for some reason the CSRF-checking cookie was not set upon your login. Try to log-out and log-in again.

Without deep investigation I can't say precisely what the problem could be.

If you can't repeat the same on our test forums, it could mean the error is somewhere on your side.

Author Buzz
Registered
#3 | Posted: 21 Aug 2008 04:36 
I have tried to log out en logged in again, but the error remains. today I checked it on another computer and that is the same.

How can I reset the CRF cookie, or disable it?

Author Paul
Lead Developer
#4 | Posted: 21 Aug 2008 04:49 
You can't disable CSRF cookie because it's a part of the security mechanism.

Are you sure you just installed the default version of the board? None of custom modifications are made? What kind of browser are you using?

If you log-in on our site it only proves everything works correctly.

You may try to completely clear all cookies from your domain as well before log-in.

Author Buzz
Registered
#5 | Posted: 21 Aug 2008 04:57 
thank you for your quick response.

It is the latest version, I have updated from 2.03.
You can see the board here: http://www.hondacx500.nl/ (click on Prikbord, it opens in a frame)

I use these plugins:
1. Avatars
2. Signature
3 Captcha
4. 1st news hack

If you wish, I can give you the admin login codes.

Author Buzz
Registered
#6 | Posted: 21 Aug 2008 12:12 
I hope that you can help me, as an Admin now is it impossible to delete messages. The strange thing is that I can edit.

Author tom322
Registered
#7 | Posted: 21 Aug 2008 12:45 
I think it's a custom problem so you'd have to pay for the time to resolve it...

Author Paul
Lead Developer
#8 | Posted: 21 Aug 2008 16:39 | Edited by: Paul 
Buzz: please drop me an email on ghappa [at] gmail dot com and provide me at least your admin login details so I can check what's going on. If it will be your custom trouble, you will need to pay out our service, but I hope it all won't exceed $10. If it will be our problem, no charge. Thanks.

P.S. Yes, CSRF works for deleting topic/messages and other stuff in the current version. So as soon the CSRF cookie is not set, it won't allow to delete anything. The problem also could be that your forums is called from a frame.

Author Buzz
Registered
#9 | Posted: 26 Aug 2008 04:12 
Paul,

I think it is solved: I have installed a complete new version instead of upgrading the existing one.
Anyway, thanks for your last reply and help Paul.

Specific miniBB Support Forums / Specific / Can not proceed: possible CSRF/XSRF attack! Top
This topic is closed. New replies are not allowed.
 
miniBB Support Forums Powered by Forum Software miniBB ® Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contacts
Proceed with the Captcha add-on: protect your miniBB-forums from the automated spam and flood.
Captcha Addon for miniBB