Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Yahoo Blocked

  1. #1
    Newbie
    Join Date
    Mar 2008
    Location
    Canton, GA, USA
    Posts
    12

    Default Yahoo Blocked

    Just FYI,

    I had to disable the following stock rule in the Intrusion Prevention module after a user complained of being unable to access her Yahoo webmail. The URL she was using was http://us.mg2.mail.yahoo.com/dc/launch.

    Category: web-php
    Signature: tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Pajax arbitrary command execution attempt"; flow:established,to_server; content:"method"; nocase; pcre:"/\x22method\x22\s*\x3a\s*\x22[A-Z]\w*[^\x22]/smi"; reference:bugtraq,17519; reference:cve,2006-1551; reference:cve,2006-1789; classtype:web-application-attack; sid:8734; rev:1
    Name: Name
    SID: 8734
    Block: x
    Log: x
    Description: Pajax arbitrary command execution attempt

    Things worked once I unblocked that rule.

  2. #2
    Newbie
    Join Date
    Jul 2011
    Posts
    1

    Default

    Why is that so, maybe a false positive issue? Anyway, the problem is that if you migrated to yahoo plus, it wont have options going back to old version anymore as indicated by yahoo. As I've noticed in our office, one or two employee is frequently escalating this problem, that was one month ago if I remember.

  3. #3
    Newbie
    Join Date
    Apr 2009
    Posts
    5

    Default

    We have seen the same problem! Thank you for pointing me in the right direction. My wife is so much happier now that she can use her Yahoo! Mail again.

  4. #4
    Untanglit vantim's Avatar
    Join Date
    Jun 2010
    Location
    Concord Ohio
    Posts
    16

    Default

    I was having the same problem after upgrading to the new Yahoo mail. Thank you Pdugas
    Last edited by vantim; 07-17-2011 at 05:58 AM.
    __________________________________________________________
    "Hardware, n.: The parts of a computer system that can be kicked."
    "BUG, n.: An undesirable, poorly-understood undocumented feature."

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,555

    Default

    This has been posted before. I believe DMorris indicated in a future release of Untangle that rule in the IDS module will be disabled because of the false positive potential.

    In the meantime if you aren't ready to deal with the false positives that come from using the Intrusion Prevention module, I suggest you turn it off and remove it from the rack.

    The change with 9.0 is that module actually works now! Before it really didn't do much.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Untangler
    Join Date
    Oct 2008
    Posts
    84

    Default

    This has been driving me crazy! Ty so much for sharing the solution! If anyone has trouble finding it just search by "ID" and look for 8734 its on page 93 or 94

  7. #7
    Master Untangler
    Join Date
    Mar 2011
    Location
    Auburn, NY
    Posts
    437

    Default

    Hit this issue this morning, no biggie though just disabled the block and only logging.

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,555

    Default

    http://forums.untangle.com/intrusion...ntuit-com.html

    Just for reference in case someone else runs into this issue with Intuit.com's store. This link has another rule in it that causes their store to return a white page in Firefox, a 404 in IE randomly at different points in the purchasing process.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Newbie
    Join Date
    Jul 2011
    Posts
    13

    Default

    Had the same issue with yahoo with rule 8734. This also fixed access to the site grooveshark.com.

  10. #10
    Newbie
    Join Date
    Sep 2011
    Posts
    6

    Default

    I have one person that can't login to Yahoo Instant Messenger but others can. Turning off 8734 did not help. I am on the Lite version. The user can use IM with Spyware, Filter, Intrusion, Protocol and Attack panels on but Spam, Phish and Virus must be off. Any ideas?
    Last edited by miclog; 10-04-2011 at 10:04 AM.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2