<!-- Zero low-scored, because it may well just be false-positive from an anti-spam partner and because our spam confidence thresholds already can result in their own banning / Common so silence it to staff -->
<!-- Very low-scored, because it may well just be user-error / Silent to user because we have a normal CAPTCHA-failed error message / Common so silence it to staff -->
<!-- Very high-scored, enough to cause an instant ban by default, because we do not want to allow too much brute forcing; also see brute_force_login_minutes and brute_force_threshold options -->
<!-- Other hack attack codes without special parameters; they are defined here just so it is easy if you want to configure their score -->
<hackattackcodename="BRUTEFORCE_LOGIN_HACK"risk_score="100"/><!-- Very high-scored, because we do not want to allow too much brute forcing (a hack attack is only triggered after so many attempts in so many minutes); also see brute_force_login_minutes and brute_force_threshold options -->
<hackattackcodename="DODGY_GET_HACK"risk_score="10"/><!-- Very unlikely, but possible, a suspicious GET parameter could be a false-positive -->
<hackattackcodename="EVIL_POSTED_FORM_HACK"risk_score="20"/><!-- Posts from external websites without the CSRF token on behalf of a member are almost always hacks -->
<hackattackcodename="VOTE_CHEAT"risk_score="5"/><!-- An attempt at giving an invalid rating is almost always intentional, but this is a low-damage attack -->
<hackattackcodename="SCRIPT_UPLOAD_HACK"risk_score="30"/><!-- Could be innocent but this is an extremely dangerous hack attack as scripts can be executed server-side -->
<hackattackcodename="ASCII_ENTITY_URL_HACK"risk_score="8"/><!-- Putting entity-encoded HTML in a Comcode html block; usually innocent but could be used to try bypassing filters -->
<hackattackcodename="SCRIPT_URL_HACK"risk_score="20"/><!-- Almost definitely a hack attack as an attempt was made to inject script into a URL via Comcode -->
<hackattackcodename="SCRIPT_URL_HACK_2"risk_score="20"/><!-- Almost definitely a hack attack as an attempt was made to inject script into a URL -->
<hackattackcodename="TRY_TO_DOWNLOAD_SCRIPT"risk_score="20"/><!-- An attempt was made to add a download pointing to a PHP script, which is almost certainly an attempt to get its contents -->
<hackattackcodename="DOWNLOAD_PRIVATE_URL_HACK"risk_score="10"/><!-- An attempt was made to make available a private file from another website as a download; could be a false-positive under some weird configurations -->
<hackattackcodename="TICKET_OTHERS_HACK"risk_score="10"/><!-- Trying to access support tickets belonging to other members; normally always intentional but a member might have copied the wrong ID if another member for whatever reason shared their tickets -->
<hackattackcodename="ORDERBY_HACK"risk_score="10"/><!-- Could be a bug / false positive, but also could be an SQL injection attack -->
<hackattackcodename="BYPASS_VALIDATION_HACK"risk_score="5"/><!-- Trying to bypass validation is almost always intentional but is usually a low-risk attack -->
<hackattackcodename="HEADER_SPLIT_HACK"risk_score="25"/><!-- A URL contained a new line; almost always a header-split attack attempt which are very dangerous -->
<hackattackcodename="EVAL_HACK"risk_score="25"/><!-- Tried to put invalid characters in a strictly alphanumeric parameter to try and get something to eval; could be a bug but very likely to be a high-risk hack-attack -->
<hackattackcodename="PATH_HACK"risk_score="10"/><!-- Almost certainly intentional (though slight chance it's a bug); trying to go to a different directory on the server -->
<hackattackcodename="PHP_DOWNLOAD_INNOCENT"risk_score="100"/><!-- Should never happen and indicates the site was compromised; this should ideally auto-ban the IP in case they were the ones who did it -->
<hackattackcodename="HACK_ATTACK_PASSWORD_CHANGE"risk_score="10"/><!-- Almost always an attempt to gain access to a member account -->
<hackattackcodename="SQL_INJECTION_HACK"risk_score="20"/><!-- Tried to UNION something; definitely an SQL injection attack attempt -->
<hackattackcodename="HACK_ATTACK"risk_score="10"/><!-- Generic hack-attacks, usually from non-bundled addons -->
<!-- See hack_ban_threshold option to know how many normalised hack-attacks until a ban happens -->
@@ -400,8 +400,8 @@ CONFIG_OPTION_remember_me_behaviour_VALUE_off=Disabled (login terminated when ei
CONFIG_OPTION_remember_me_behaviour_VALUE_default_off=User choice, disabled by default
CONFIG_OPTION_remember_me_behaviour_VALUE_default_on=User choice, enabled by default (you should consider EU cookie law)
CONFIG_OPTION_remember_me_behaviour_VALUE_always_on=Always remember login (bad for users sharing their machine accounts)
HACK_BAN_THRESHOLD=Hack-attack ban threshold
CONFIG_OPTION_hack_ban_threshold=The number of detected hack-attempts before automatic banning happens. Note that not all detected attempts are real; in rare cases there may be a bug, or very commonly it may be a poorly written bot.
HACK_BAN_THRESHOLD=Hack-attack risk score ban threshold
CONFIG_OPTION_hack_ban_threshold=When an IP address triggers a hackattack, it is assigned a risk score depending on how severe it was or could have been. If an IP address accumulates this much in risk scores, it will be auto-banned.
BRUTE_FORCE_THRESHOLD=Brute-force login threshold
CONFIG_OPTION_brute_force_threshold=The number of failed logins, to generate a hack-attack notice.
@@ -62,6 +62,7 @@ XML_PARSING_NOT_SUPPORTED=XML parsing is not supported on this server.
ERROR_FRACTIONAL_EDIT=There was an error performing the inline edit.
FRACTIONAL_EDIT_CANCELLED=You cancelled the inline edit.
AUTO_BAN_SUBJECT={1} has been automatically banned
AUTO_BAN_HACK_REASON=Automatically banned due to exceeding the hack-attack threshold
AUTO_BAN_HACK_MESSAGE=An IP address, [tt]{1}[/tt], has been automatically banned for generating {2} hack-attack alerts. If you believe these were false alarms, or that the user was manipulated into triggering the alerts, you may wish to unban this IP address. A summary of the alerts follows:\n{3}\n\nManage IP bans from this screen:\n[url="{4}"]{4}[/url]
AUTO_BAN_DOS_MESSAGE=An IP address, [tt]{1}[/tt], has been automatically banned for generating {2} flood warnings in {3} seconds. If you believe that the user was manipulated into triggering the alerts, you may wish to consider unbanning this IP address. Be advised that the website software has essentially prevented what could be a 'DOS' (Denial Of Service) attack which could over-load the server if left to continue; it may have been triggered by innocent infected computers, or other form of computer manipulation. This said, this may just be an innocent computer that accidentally or for good reason, using up a high server load.
NO_SUCH_THEME_IMAGE=No such theme image, <kbd>{1}</kbd>.
@@ -162,6 +163,7 @@ SCRIPT_URL_HACK=Submitted Comcode with a URL that contained a script
SCRIPT_URL_HACK_2=Submitted a URL that contained a script
BLACKHOLE_SPAM_HACK=Triggered spam blackhole
TRY_TO_DOWNLOAD_SCRIPT=Tried to add a downloaded file that points to a script: so they could get the script contents (e.g. passwords)
DOWNLOAD_PRIVATE_URL_HACK=Tried to add a download whose URL points to a private or invalid file: so they could get its contents
ORDERBY_HACK=Tried to change the SQL ordering attribute, perhaps for SQL injection
BYPASS_VALIDATION_HACK=Tried to cheat the system by making content automatically validated
HEADER_SPLIT_HACK=An HTTP header was generated from invalid data that would have caused a potential header-split attack. Check what data was invalid here and clean it.
@@ -170,7 +172,7 @@ PATH_HACK=Tried to use a file path redirection to get outside the intended direc
ANTISPAM=Trigered anti-spam ban or block
CAPTCHAFAIL_HACK=Failed to complete the CAPTCHA while posting links in unrecognised Comcode-syntax
CAPTCHAFAIL=Failed to complete the CAPTCHA
PHP_DOWNLOAD_INNOCENT=Tried to download a '.php' file (download #{1}): how did it get into the download system?
PHP_DOWNLOAD_INNOCENT=Tried to download a '.php' file (download #{1}). This should not have happened and could indicate the site was compromised! Remove the download immediately and run a full security scan of the site.
TOO_MANY_USERS=There are too many users online. Please come back later.
TOO_MUCH_DOWNLOAD=Too much has been downloaded this month and the download bandwidth throttle has kicked in.
ONLY_LOCAL_HOST_FOR_TYPE=This database driver only works over 'localhost'
