search

JMAConsulting / biz.jmaconsulting.mte

Mandrill Emails Extension for CiviCRM
10 stars 21 forks source link

mandrill callback triggers IDS Intrusion Detection #47

Closed shawnholt closed 10 years ago

shawnholt commented 10 years ago

Intrusion detection rules are triggering webhook calls. I can disable IDS for anon users, but that is probably a bad idea. investigating how to make an exception in a way that supports upgrade.

JoeMurray commented 10 years ago

Looking forward to more information on this. We haven't seen problems with IDS ourselves.

shawnholt commented 10 years ago

Stacktrace - It says [reaction] => 0 [impact] => 47

not sure what the IDS trigger is ....

Jul 01 12:52:31 [info] $backTrace = #0 /home/xxxxx/public_html/drupal/sites/all/modules/civicrm/CRM/Core/Error.php(197): CRM_Core_Error::backtrace("backTrace", TRUE)

1 [internal function](): CRM_Core_Error::handle(Object(DB_Error))

2

/home/xxxxx/public_html/drupal/sites/all/modules/civicrm/packages/PEAR.php(931): call_user_func((Array:2), Object(DB_Error))

3

/home/xxxxx/public_html/drupal/sites/all/modules/civicrm/packages/DB.php(969): PEAR_Error->PEAR_Error("DB Error: no such table", -18, 16, (Array:2), "INSERT INTO civicrm_mandrill_activity (mailin g_queue_id ) VALUES ( 15 ) [nat...")

4

/home/xxxxx/public_html/drupal/sites/all/modules/civicrm/packages/PEAR.php(564): DB_Error->DB_Error(-18, 16, (Array:2), "INSERT INTO civicrm_mandrill_activity (mailing_queue_id ) VALUES ( 15 ) [ nat...")

5

/home/xxxxx/public_html/drupal/sites/all/modules/civicrm/packages/DB/common.php(1905): PEAR->raiseError(NULL, -18, NULL, NULL, "INSERT INTO civicrm_mandrill_activity (mailing_queue_id ) VALUES ( 15 ) [nat...", "DB_Error", TRUE)

6

/home/xxxxx/public_html/drupal/sites/all/modules/civicrm/packages/DB/mysql.php(898): DB_common->raiseError(-18, NULL, NULL, NULL, "1146 \ Table 'xxxxx_civi.log_civicrm_mandrill_activity' doesn't exist")

7

/home/xxxxx/public_html/drupal/sites/all/modules/civicrm/packages/DB/mysql.php(327): DB_mysql->mysqlRaiseError()

8

/home/xxxxx/public_html/drupal/sites/all/modules/civicrm/packages/DB/common.php(1216): DB_mysql->simpleQuery("INSERT INTO civicrm_mandrill_activity (mailing_queue_id ) VALUES ( 15 ) ")

9

/home/xxxxx/public_html/drupal/sites/all/modules/civicrm/packages/DB/DataObject.php(2421): DB_common->query("INSERT INTO civicrm_mandrill_activity (mailing_queue_id ) VALUES ( 15 ) ")

10

/home/xxxxx/public_html/drupal/sites/all/modules/civicrm/packages/DB/DataObject.php(1055): DB_DataObject->_query("INSERT INTO civicrm_mandrill_activity (mailing_queue_id ) VALUES ( 15 ) ")

11

/home/xxxxx/public_html/drupal/sites/all/modules/civicrm/CRM/Core/DAO.php(278): DB_DataObject->insert()

12

/home/xxxxx/public_html/drupal/sites/default/files/civicrm/extensions/biz.jmaconsulting.mte/CRM/Mte/BAO/MandrillActivity.php(55): CRM_Core_DAO->save()

13

/home/xxxxx/public_html/drupal/sites/default/files/civicrm/extensions/biz.jmaconsulting.mte/CRM/Mte/Page/callback.php(90): CRM_Mte_BAO_MandrillActivity::create((Array:2))

14

/home/xxxxx/public_html/drupal/sites/all/modules/civicrm/CRM/Core/Invoke.php(323): CRM_Mte_Page_callback->run((Array:4), NULL)

15

/home/xxxxx/public_html/drupal/sites/all/modules/civicrm/CRM/Core/Invoke.php(72): CRM_Core_Invoke::runItem((Array:13))

16

/home/xxxxx/public_html/drupal/sites/all/modules/civicrm/CRM/Core/Invoke.php(52): CRM_Core_Invoke::_invoke((Array:4))

17

/home/xxxxx/public_html/drupal/sites/all/modules/civicrm/drupal/civicrm.module(456): CRM_Core_Invoke::invoke((Array:4))

18 [internal function](): civicrm_invoke("ajax", "mte", "callback")

19 /home/xxxxx/public_html/drupal/includes/menu.inc(517):

call_user_func_array("civicrm_invoke", (Array:3))

20 /home/xxxxx/public_html/drupal/index.php(21):

menu_execute_active_handler()

21 {main}

Jul 01 12:52:36 [info] $IDS Detector Details = Array ( [0] => Array ( [name] => mandrill_events [value] => [{"event":"open","ts":1404229914,"useragent":"Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 (via ggpht.com GoogleImageProxy)","user agent_parsed":{"type":"Other","ua_family":"Gmail image proxy","ua_name":"Gmail image proxy","ua_version":null,"ua_url":" http://gmailblog.blogspot.cz/2013/12/images-now-showing.html","ua_company":"Google Inc.","ua_company_url":"http://www.google.com/","ua_icon":" http://cdn.mandrill.com/img/email-client-icons/feedfetcher-google.png ","os_family":"Linux","os_name":"Linux","os_url":" http://en.wikipedia.org/wiki/Linux ","os_company":null,"os_company_url":null,"os_icon":" http://cdn.mandrill.com/img/email-client-icons/linux.png","mobile":false},"ip":"66.249.83.197","location":{"country_short":"US","country":"United States","region":"California","city":"Mountain View","latitude":37.386051178,"longitude":-122.083847046,"postal_code":"94043","timezone":"-07:00"},"_id":"e067d35d57274d79a1ebf7ca2b4defdd","msg":{"ts":1404225417,"_id":"e067d35d57274d79a1ebf7ca2b4defdd","state":"sent","subject":"Sample CiviMail Newsletter","email":"test-shawn@shawnholt.com","tags":[],"opens":[{"ts":1404229914,"ip":"66.249.83.197","location":null,"ua":"Linux/Linux/Gmail image proxy/Gmail image proxy"}],"clicks":[],"smtp_events":[{"ts":1404225418,"type":"sent","diag":"250 2.0.0 OK 1404225418 z44si20896263yhl.66 - gsmtp","source_ip":"205.201.131.136","destination_ip":"74.125.196.27","size":16807}],"resends":[],"_version":"c4tfFP391GkbT18sn5hyVQ","sender":" info@xxxxx.com","template":null}}] [page] => /civicrm/ajax/mte/callback?mandrillSecret=903f13e4a4b66996 [userid] => [session] => Wl6zUw5OSJXiGVXnMHTQHhG12UQvIXhQNFFoRVqtGbg [ip] => 192.184.82.28 [reaction] => 0 [impact] => 47 )

)

On Tue, Jul 1, 2014 at 4:02 PM, JoeMurray notifications@github.com wrote:

Looking forward to more information on this. We haven't seen problems with IDS ourselves.

— Reply to this email directly or view it on GitHub https://github.com/JMAConsulting/biz.jmaconsulting.mte/issues/47#issuecomment-47703276 .

Shawn Holt me@shawnholt.com Google Voice: (973) 850-9773 LinkedIn.com/in/shawnholt

JoeMurray commented 10 years ago

Posted to http://forum.civicrm.org/index.php/topic,34379.0.html.

JoeMurray commented 10 years ago

The first error seems to us to indicate that the extension is not properly installed because the mandrill table is not found in your db. We're not sure the IDS logging an issue as the reaction is 0. We'd want to fix the first problem, which happened 5 seconds earlier. We think the second log entry is just for information for the next webhook callback, unless you can give us information that suggests otherwise.