Security Issue: IP Leak, potential DDoS issue

  • Resolved Haneef

    (@haneef95)


    8 years, 6 months ago

    Hi,
    When a .ics file is exported using this plugin, it adds the following line:
    PRODID:-//IP.ADDRESS.HERE.1//NONSGML kigkonsult.se iCalcreator 2.20//

    I don’t want the IP address to be exposed that way, as our server IP is kept away from public eyes to avoid DDoS attacks, all traffic goes through a Cloud Web Application Firewall (cloudflare). If our IP address was exposed like above, it would expose our server away from the cloudflare’s powerful firewall, thereby, defying the point.

    Is there anyway I can disable the exposing of the IP address, or maybe use cloudflare’s IP address instead (if it is a must). I don’t think it is a must as, another valid .ics file has this line instead:
    PRODID:-//Calendar Labs//Calendar 1.0//EN

    More info: https://www.wordfence.com/blog/2016/10/endpoint-vs-cloud-security-cloud-waf-bypass-problem/

    Thanks,

Viewing 4 replies - 1 through 4 (of 4 total)
  • Sunny Lal

    (@sunny454)

    8 years, 6 months ago

    Hi @haneef95,

    It is part of the iCal standard that we have adopted for compatibility sake. Also, it is required:

    https://www.kanzaki.com/docs/ical/prodid.html

    To obtain the necessary data to populate this field, our calendar uses a PHP class called “iCalcreator v2.22”:

    https://kigkonsult.se/iCalcreator/docs/using.html

    See section 3.1.5.18 on how it generates a unique ID:

    “Unique_id” is used in calendar property PRODID and component property UID, both created automatically (, if not setting UID manually.

    PRODID The identifier is RECOMMENDED to be the identical syntax to the [RFC 822] addr-spec. A good method to assure uniqueness is to put the domain name or a domain literal IP address of the host on which.. .

    Unfortunately there is not much we can do about omitting or changeing the data that is populating this field. Your only option is to not allow calendar subscriptions, if you with to hide your IP address from being displayed in this manner.

    Thread Starter Haneef

    (@haneef95)

    8 years, 6 months ago

    Hi @sunny454,

    As you know from my previous posts, the ical subscription feature is very important for us.

    PRODID is only a RECOMMENDED field, there should be an option in the plugin to remove or adjust that.

    Besides, I don’t mind if the IP address is replaced with the domain name, as mentioned in your message:

    A good method to assure uniqueness is to put the domain name or a domain literal IP address of the host

    Regards,

    Sunny Lal

    (@sunny454)

    8 years, 6 months ago

    Hi @haneef95,

    PRODID is actually a required field (please see the first part of my last message).

    However, there are more options for you, after consulting with our system administrator:

    We can customize the data populating your PRODID field, which will require backend programming. There are 2 ways to accopmlish this:

    1. You can submit a feature request ticket, which our Dev Team can implement for a future release of the plugin.

    Or

    2. You can make changes to the file yourself, however, any changes will be over-written if you update the plugin, and you will have to make the changes again:

    Edit this file:

    lib/import-export/ics.php line 39

    After

    $vparams = array();

    Add

    $vparams[‘unique_id’] = ‘Your custom ProdID data’;

    Thread Starter Haneef

    (@haneef95)

    8 years, 6 months ago

    @sunny454
    Thanks for that.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Security Issue: IP Leak, potential DDoS issue’ is closed to new replies.