Hi!
I am running
v1.17.5 (7c20036)
during the last month, once in a day i notice a Invalid CSRF Token CSRFToken in my logs coming from some kind of non-legit IP .
The weird thing is that when i hover it says "Invalid CSRF token [] on https://155.207.XX.XX/" which is the server's IP and not even the normal login screen and normal login URL. :
What can be possibly happening?
Can i somehow be protected?
Invalid CSRF Token
- Best Answerset by KevinTheJedi
Seems like someone is accessing the IP directly or maybe even sending fake requests. Regardless, you should look into hardening your server for further "protection". I mean anyone can do a simple DNS lookup and get the public IP to your server and access that directly.
On the osTicket side of things we only have a few options like Force HTTPS (Admin Panel > Settings > System), ACL (Admin Panel > Settings > System), etc. Hardening your server is the best route forward as that stops them before they even hit the application.
Cheers.
KevinTheJedi
What measures in hardening my server do you propose?
Regarding osTicket side, can i add cidrs (whole subnets of IPs) in the ACL?
In addition to this can i disable opening a ticket from the frontend, as i am only using e-mail fetching for that purpose?
: 
Thanks
There are loads of different hardening methods like denying access to only the IP, stuff like iptables to blacklist IPs that are scanning ports, denying requests with improper user agent information, etc. I would suggest Googling "how to harden [insert_server_name] server" for different hardening guides specific to your server.
No, you cannot add a block, etc. you can only add individual IPs. Stuff like this will be changing in v2.0 so stay tuned!
Yes, you can disable Ticket creation on the Client Portal by going to Admin Panel > Settings > Users, enable Registration Required, set Registration Method to Disabled, and Save Changes.
Cheers.
After using a CDN service this issue will not bother me anymore. sometimes the login page session has expired can also make things happen.