search

crowdsecurity / cs-wordpress-bouncer

CrowdSec is an open-source cyber security tool. This plugin blocks detected attackers or display them a captcha to check they are not bots.
https://wordpress.org/plugins/crowdsec/
MIT License
34 stars 6 forks source link

Fatal error on crowdsec WP plugin - The value 0 is too small for path "config.captcha_cache_duration" #133

Closed michelep closed 1 year ago

michelep commented 1 year ago

What happened?

E_ERROR on line 52 file /wp-content/plugins/crowdsec/vendor/symfony/config/Definition/NumericNode.php. Messaggio di errore: Uncaught Symfony\Component\Config\Definition\Exception\InvalidConfigurationException: The value 0 is too small for path "config.captcha_cache_duration". Should be greater than or equal to 1 in /wp-content/plugins/crowdsec/vendor/symfony/config/Definition/NumericNode.php:52 Stack trace:

0 /wp-content/plugins/crowdsec/vendor/symfony/config/Definition/BaseNode.php(455): Symfony\Component\Config\Definition\NumericNode->finalizeValue()

crowdsecurity/crowdsec#1 /wp-content/plugins/crowdsec/vendor/symfony/config/Definition/ArrayNode.php(245): Symfony\Component\Config\Definition\BaseNode->finalize() crowdsecurity/crowdsec#2 /wp-content/plugins/crowdsec/vendor/symfony/config/Definition/BaseNode.php(455): Symfony\Component\Config\Definition\ArrayNode->finalizeValue() crowdsecurity/crowdsec#3 /wp-content/plugins/crowdsec/vendor/symfony/config/Definition/Processor.php(36): Symfony\Component\Config\Definition\BaseNode->finalize()

Hope this could help!

What did you expect to happen?

Works flawlessy ;-)

How can we reproduce it (as minimally and precisely as possible)?

I don't know

Anything else we need to know?

No response

Crowdsec version

```console $ cscli version 2023/03/08 10:04:48 version: v1.4.6-debian-pragmatic-5f71037b40c498045e1b59923504469e2b8d0140 2023/03/08 10:04:48 Codename: alphaga 2023/03/08 10:04:48 BuildDate: 2023-02-09_14:34:10 2023/03/08 10:04:48 GoVersion: 1.19.2 2023/03/08 10:04:48 Platform: linux 2023/03/08 10:04:48 Constraint_parser: >= 1.0, <= 2.0 2023/03/08 10:04:48 Constraint_scenario: >= 1.0, < 3.0 2023/03/08 10:04:48 Constraint_api: v1 2023/03/08 10:04:48 Constraint_acquis: >= 1.0, < 2.0 ```

OS version

```console # On Linux: $ cat /etc/os-release PRETTY_NAME="Debian GNU/Linux 11 (bullseye)" NAME="Debian GNU/Linux" VERSION_ID="11" VERSION="11 (bullseye)" VERSION_CODENAME=bullseye ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" $ uname -a Linux debian-4gb-fsn1-1 5.10.0-19-amd64 crowdsecurity/crowdsec#1 SMP Debian 5.10.149-1 (2022-10-17) x86_64 GNU/Linux # On Windows: C:\> wmic os get Caption, Version, BuildNumber, OSArchitecture # paste output here ```

Enabled collections and parsers

```console $ cscli hub list -o raw crowdsecurity/apache2,enabled,0.1,apache2 support : parser and generic http scenarios ,collections crowdsecurity/base-http-scenarios,enabled,0.6,http common : scanners detection,collections crowdsecurity/dovecot,enabled,0.1,dovecot support : parser and spammer detection,collections crowdsecurity/http-cve,enabled,1.9,,collections crowdsecurity/iptables,enabled,0.1,iptables support : logs and port-scans detection scenarios,collections crowdsecurity/linux,enabled,0.2,core linux support : syslog+geoip+ssh,collections crowdsecurity/linux-lpe,enabled,0.1,Linux Local Privilege Escalation collection : detect trivial LPEs,collections crowdsecurity/mariadb,enabled,0.1,mariadb support : logs and brute-force scenarios,collections crowdsecurity/postfix,enabled,0.2,postfix support : parser and spammer detection,collections crowdsecurity/sshd,enabled,0.2,sshd support : parser and brute-force detection,collections crowdsecurity/wordpress,enabled,0.4,wordpress: Bruteforce protection and config probing,collections crowdsecurity/apache2-logs,enabled,1.3,Parse Apache2 access and error logs,parsers crowdsecurity/dateparse-enrich,enabled,0.2,,parsers crowdsecurity/dovecot-logs,enabled,0.6,Parse dovecot logs,parsers crowdsecurity/geoip-enrich,enabled,0.2,"Populate event with geoloc info : as, country, coords, source range.",parsers crowdsecurity/http-logs,enabled,1.1,"Parse more Specifically HTTP logs, such as HTTP Code, HTTP path, HTTP args and if its a static ressource",parsers crowdsecurity/iptables-logs,enabled,0.3,Parse iptables drop logs,parsers crowdsecurity/mariadb-logs,enabled,0.4,Parse MariaDB logs,parsers crowdsecurity/pkexec-logs,enabled,0.1,Parse pkexec logs specifically for CVE-2021-4034,parsers crowdsecurity/postfix-logs,enabled,0.4,Parse postfix logs,parsers crowdsecurity/postscreen-logs,enabled,0.2,Parse postscreen logs,parsers crowdsecurity/sshd-logs,enabled,2.0,Parse openSSH logs,parsers crowdsecurity/syslog-logs,enabled,0.8,,parsers crowdsecurity/whitelists,enabled,0.2,Whitelist events from private ipv4 addresses,parsers crowdsecurity/CVE-2021-4034,enabled,0.1,Detect CVE-2021-4034 exploits,scenarios crowdsecurity/CVE-2022-26134,enabled,0.1,Detect CVE-2022-26134 exploits,scenarios crowdsecurity/CVE-2022-35914,enabled,0.1,Detect CVE-2022-35914 exploits,scenarios crowdsecurity/CVE-2022-37042,enabled,0.1,Detect CVE-2022-37042 exploits,scenarios crowdsecurity/CVE-2022-40684,enabled,0.2,Detect cve-2022-40684 exploitation attempts,scenarios crowdsecurity/CVE-2022-41082,enabled,0.3,Detect CVE-2022-41082 exploits,scenarios crowdsecurity/CVE-2022-41697,enabled,0.1,Detect CVE-2022-41697 enumeration,scenarios crowdsecurity/CVE-2022-42889,enabled,0.2,Detect CVE-2022-42889 exploits (Text4Shell),scenarios crowdsecurity/CVE-2022-44877,enabled,0.2,Detect CVE-2022-44877 exploits,scenarios crowdsecurity/CVE-2022-46169,enabled,0.1,Detect CVE-2022-46169 brute forcing,scenarios crowdsecurity/apache_log4j2_cve-2021-44228,enabled,0.4,Detect cve-2021-44228 exploitation attemps,scenarios crowdsecurity/dovecot-spam,enabled,0.3,detect errors on dovecot,scenarios crowdsecurity/f5-big-ip-cve-2020-5902,enabled,0.1,Detect cve-2020-5902 exploitation attemps,scenarios crowdsecurity/fortinet-cve-2018-13379,enabled,0.2,Detect cve-2018-13379 exploitation attemps,scenarios crowdsecurity/grafana-cve-2021-43798,enabled,0.1,Detect cve-2021-43798 exploitation attemps,scenarios crowdsecurity/http-backdoors-attempts,enabled,0.3,Detect attempt to common backdoors,scenarios crowdsecurity/http-bad-user-agent,enabled,0.7,Detect bad user-agents,scenarios crowdsecurity/http-bf-wordpress_bf,enabled,0.4,detect wordpress bruteforce,scenarios crowdsecurity/http-crawl-non_statics,enabled,0.3,Detect aggressive crawl from single ip,scenarios crowdsecurity/http-cve-2021-41773,enabled,0.1,cve-2021-41773,scenarios crowdsecurity/http-cve-2021-42013,enabled,0.1,cve-2021-42013,scenarios crowdsecurity/http-generic-bf,enabled,0.4,Detect generic http brute force,scenarios crowdsecurity/http-open-proxy,enabled,0.3,Detect scan for open proxy,scenarios crowdsecurity/http-path-traversal-probing,enabled,0.2,Detect path traversal attempt,scenarios crowdsecurity/http-probing,enabled,0.2,Detect site scanning/probing from a single ip,scenarios crowdsecurity/http-sensitive-files,enabled,0.2,"Detect attempt to access to sensitive files (.log, .db ..) or folders (.git)",scenarios crowdsecurity/http-sqli-probing,enabled,0.2,A scenario that detects SQL injection probing with minimal false positives,scenarios crowdsecurity/http-wordpress_user-enum,enabled,0.1,detect wordpress probing : authors enumeration,scenarios crowdsecurity/http-wordpress_wpconfig,enabled,0.1,detect wordpress probing : variations around wp-config.php by wpscan,scenarios crowdsecurity/http-xss-probing,enabled,0.2,A scenario that detects XSS probing with minimal false positives,scenarios crowdsecurity/iptables-scan-multi_ports,enabled,0.1,ban IPs that are scanning us,scenarios crowdsecurity/jira_cve-2021-26086,enabled,0.1,Detect Atlassian Jira CVE-2021-26086 exploitation attemps,scenarios crowdsecurity/mariadb-bf,enabled,0.1,Detect mariadb bruteforce,scenarios crowdsecurity/postfix-spam,enabled,0.2,Detect spammers,scenarios crowdsecurity/pulse-secure-sslvpn-cve-2019-11510,enabled,0.2,Detect cve-2019-11510 exploitation attemps,scenarios crowdsecurity/spring4shell_cve-2022-22965,enabled,0.2,Detect cve-2022-22965 probing,scenarios crowdsecurity/ssh-bf,enabled,0.1,Detect ssh bruteforce,scenarios crowdsecurity/ssh-slow-bf,enabled,0.2,Detect slow ssh bruteforce,scenarios crowdsecurity/thinkphp-cve-2018-20062,enabled,0.3,Detect ThinkPHP CVE-2018-20062 exploitation attemps,scenarios crowdsecurity/vmware-cve-2022-22954,enabled,0.2,Detect Vmware CVE-2022-22954 exploitation attempts,scenarios crowdsecurity/vmware-vcenter-vmsa-2021-0027,enabled,0.1,Detect VMSA-2021-0027 exploitation attemps,scenarios ltsich/http-w00tw00t,enabled,0.1,detect w00tw00t,scenarios ```

Acquisition config

```console # On Linux: $ cat /etc/crowdsec/acquis.yaml /etc/crowdsec/acquis.d/* #Generated acquisition file - wizard.sh (service: apache2) / files : /var/log/apache2/modsec_audit.log /var/log/apache2/other_vhosts_access.log /var/log/apache2/error.log filenames: - /var/log/apache2/modsec_audit.log - /var/log/apache2/other_vhosts_access.log - /var/log/apache2/error.log labels: type: apache2 --- #Generated acquisition file - wizard.sh (service: sshd) / files : /var/log/auth.log filenames: - /var/log/auth.log labels: type: syslog --- #Generated acquisition file - wizard.sh (service: linux) / files : /var/log/syslog /var/log/messages filenames: - /var/log/syslog - /var/log/messages labels: type: syslog --- cat: '/etc/crowdsec/acquis.d/*': No such file or directory # On Windows: C:\> Get-Content C:\ProgramData\CrowdSec\config\acquis.yaml # paste output here

Config show

```console $ cscli config show Global: - Configuration Folder : /etc/crowdsec - Data Folder : /var/lib/crowdsec/data - Hub Folder : /etc/crowdsec/hub - Simulation File : /etc/crowdsec/simulation.yaml - Log Folder : /var/log/ - Log level : info - Log Media : file Crowdsec: - Acquisition File : /etc/crowdsec/acquis.yaml - Parsers routines : 1 - Acquisition Folder : /etc/crowdsec/acquis.d cscli: - Output : human - Hub Branch : - Hub Folder : /etc/crowdsec/hub Local API Server: - Listen URL : 127.0.0.1:8080 - Profile File : /etc/crowdsec/profiles.yaml - Trusted IPs: - 127.0.0.1 - ::1 - Database: - Type : sqlite - Path : /var/lib/crowdsec/data/crowdsec.db - Flush age : 7d - Flush size : 5000 ```

Prometheus metrics

```console $ cscli metrics # paste output here ```

Related custom configs versions (if applicable) : notification plugins, custom scenarios, parsers etc.

github-actions[bot] commented 1 year ago

@michelep: Thanks for opening an issue, it is currently awaiting triage.

In the meantime, you can:

  1. Check Crowdsec Documentation to see if your issue can be self resolved.
  2. You can also join our Discord.
  3. Check Releases to make sure your agent is on the latest version.
Details I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.
LaurenceJJones commented 1 year ago

Transferring over to wordpress plugin repository

LaurenceJJones commented 1 year ago

Can you find this setting within the plugin configuration

image

Make sure the captcha flow cache is above 0 you can revert it back to the default value

julienloizelet commented 1 year ago

Hi @michelep,

For some reason, it seems that the value of crowdsec_captcha_cache_duration is empty (maybe 0, maybe empty string) in your database (wp_options table).

As suggested by @LaurenceJJones, if you save the "Captcha flow cache lifetime" parameter again, it should set a non-empty value and make this bug disappear.

In order to avoid such bug for other users, I just released a 2.0.4 version of the plugin with a fix for it (if we detect an empty value, we replace it with a default value).

Please let me know if it works with this new version.

Thanks

julienloizelet commented 1 year ago

Closing, happy to continue the conversation here or elsewhere.