Highlighted

v24.0.0.194 breaks flash embed chats.

New Here ,
Jan 10, 2017

Copy link to clipboard

Copied

Just looking to see what has changed from 186 to 194 that stops flash based chats from connecting. When using 186 connection was fine. As soon as updated to 194 same chat gets a flash policy error even though flash policy is running. only thing to change was updating to the new flash player version. This is effecting both microsoft edge/ie and firefox. Not effecting google chrome as of yet as they haven't updated to the new version.

Views

39.4K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

v24.0.0.194 breaks flash embed chats.

New Here ,
Jan 10, 2017

Copy link to clipboard

Copied

Just looking to see what has changed from 186 to 194 that stops flash based chats from connecting. When using 186 connection was fine. As soon as updated to 194 same chat gets a flash policy error even though flash policy is running. only thing to change was updating to the new flash player version. This is effecting both microsoft edge/ie and firefox. Not effecting google chrome as of yet as they haven't updated to the new version.

Views

39.4K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Jan 10, 2017 0
Adobe Employee ,
Jan 10, 2017

Copy link to clipboard

Copied

Hi,

Which operating system are you using.?

Also, Please share a snapshot of the "error" as you mentioned above.

Thanks!

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 10, 2017 0
New Here ,
Jan 10, 2017

Copy link to clipboard

Copied

Im currently on Windows 10, but it happens on any OS i believe as we have had reports of issues on mac aswell. This happens on any type of web based flash chat. lightIRC is one of the ones I use that is having the issue: you can test with:
ChainScriptz

also happens on oasiz chat ( Oasiz Home  )

and buzzen chat ( Buzzen Chat - Free Chat Network )

All three of these use different flash compenents to their chat so it is a wide spread issue with connect to chat networks using flash.  All of them use so variation of an irc chat backend ( hence the flashpolicy being need ) 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 10, 2017 0
Adobe Employee ,
Jan 11, 2017

Copy link to clipboard

Copied

Thanks for reporting. We are investigating the issue.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 11, 2017 0
New Here ,
Jan 11, 2017

Copy link to clipboard

Copied

This issue is affecting hundred's of our users and we have verified the issue is impacting many other websites that use Flash Based Socket to connect to IRC. Hopefully a fix can be found very soon. We can offer any information you require to speed up this process.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 11, 2017 0
Community Beginner ,
Jan 11, 2017

Copy link to clipboard

Copied

Unfortunatly we also have this problem with Adobe Flash Player. People can not connect to our LightIRC webchat application.

They get error about flash policy daemon should not be installed. But it is installed and running. We have these problems since yesterday update from Adobe Flash Player.

Best Regards, Herman.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 11, 2017 0
Adobe Employee ,
Jan 11, 2017

Copy link to clipboard

Copied

Sorry for the inconvenience.  Flash Player has historically blocked communication on a number of ports.  As Flash and the Internet continue to grow and mature, it's important that Flash behaves as a responsible citizen in regard to the larger ecosystem.  In many instances, this means ensuring that Flash Player conforms to limit its capabilities to match those available through HTML and JavaScript.  These changes bring Flash Player in line with the latest thinking about what ports should be restricted.

While updates to the official documentation are forthcoming, I can confirm that we've expanded the list of blocked ports.  Here's the current list:

1, 7, 9, 11, 13, 15, 17, 19, 21, 22, 23, 25, 37, 42, 43, 53, 77, 79, 87, 95, 101, 102, 103, 104, 109, 110, 111, 113, 115, 117, 119, 123, 135, 139, 143, 179, 389, 465, 512, 513, 514, 515, 526, 530, 531, 532, 540, 556, 563, 587, 601, 636, 993, 995, 1720, 1723, 2049, 3659, 4045, 5060, 6000, 6566, 6665, 6666, 6667, 6668, and 6669.

Unfortunately, one of the side effects of this change is that a few of these ports are in the range of ports informally used by IRC servers when an IRC daemon is not run with administrative privileges, or many IRC instances are served from a single IP.  In this instance, our recommendation would be to proxy traffic on affected ports in this range to different ports, in order to make them available to a Flash-based IRC client.

The message about installing a policy daemon is generated by the content, and is incorrect.  In this instance, you're encountering the error because you're attempting to connect to a port that's blocked, and it fails.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 11, 2017 2
Community Beginner ,
Jan 11, 2017

Copy link to clipboard

Copied

Hello Jeromiek,

With the help of your answer we could fix this isue. Thank you verry much. What did we do?

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<site-control permitted-cross-domain-policies="master-only"/>

<allow-access-from domain="*" to-ports="6667" />

In the last line remove 6667 and replace that with a star *

Then think about what port you would like to use and put that port in a listen block in your Unrealircd.conf  and in Lightirc in config.js put that same IP      in params.port                         = "ooooo"; replace the zeros. When you finished then /rehash you unreal server. and also after the changes you made in restart the flashpollicy. Good luck and get it up and running again>

Best Regards, Herman.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 11, 2017 1
Community Beginner ,
Jan 12, 2017

Copy link to clipboard

Copied

Hello Jeromiek,

thanks for the clarification.

Could you please explain why you make such a major restriction out of the blue? Are you aware that this foredooms all Flash-based IRC clients in the whole Internet? 6667 is the de-facto standard port for IRC daemons and it's in use for decades already.

Though, the fact that you blocked 6665-6669 is a clear indicator that you explicitely wanted to prohibit IRC connections. I think the policy server restrictions were already tight enough to prevent abuse. This kind of full dismissal will affect thousands of webmasters and hundreds of thousands users, which were quite happy with their Flash-based IRC clients. Until now.

Please consider a relaxation of the amount of blocked ports as this restriction has unreasonably heavy impacts compared to the small "security"  improvements it will bring.

In any case, we would appreciate if you could shed some light on your motivation to block IRC connections in Flash Player.

Best regards,

Valentin Manthei (developer of lightIRC)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 12, 2017 6
New Here ,
Jan 12, 2017

Copy link to clipboard

Copied

Would really like to see a "real" answer to your question as well. I just didn't realize that Adobe felt the need to be a follower, instead of a leader. I for one can see no good, that came out of this move to "block" ports. A port is a port is a port.

If they actually wanted to do something, to be a good net citizen (whatever that really is), they should get back into the fight, and start making AS3 dominant again.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 12, 2017 2
Adobe Employee ,
Jan 12, 2017

Copy link to clipboard

Copied

It would be better if you updated the to-ports="6667" value to the new port that you pick, but that's the ideal workaround.

Using * allows Flash Player to talk to any unblocked port on that server, which, if you have any poorly configured or vulnerable services running your host, might not be the best thing to do.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 12, 2017 0
Community Beginner ,
Jan 12, 2017

Copy link to clipboard

Copied

Hello,

thats what I tried to do but then I get the flash policy error agin.

The new port I use has 5 figures. Should be the reason because it is one more then 6667?

Best Regards, Herman.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 12, 2017 0
Adobe Employee ,
Jan 12, 2017

Copy link to clipboard

Copied

It sounds like there's probably more than one port in play.  Since * allows everything, it works.  Specifying the single port is too tight, because there's traffic on a different port that also fails.

You could look with a packet sniffer like Wireshark to see what ports are actually being used, but it's a little bit of a research project.  Taking a more surgical approach when opening ports is better, simply because you're limiting your attack surface, but * will definitely get it done.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 12, 2017 0
New Here ,
Jan 13, 2017

Copy link to clipboard

Copied

I am really trying to figure out if you guys are trying to kill what is left of flash. Why would you guys block IRC ports for websites that use flash as a median for IRC servers.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 13, 2017 0
mudd1970 LATEST
New Here ,
Jan 31, 2017

Copy link to clipboard

Copied

Hi Valentin,

i also agree with you that is really a big question mark why the people of Adobe have blocked the "6667" port as it is the standard irc port for ages. Good of you too to put this on your own website of lightIRC with the link to this thread where people can read all the info they need. I just added some more info to this thread as an reply to "Herman" which may/could be helpfull to other admins of their (Unreal)IRCd server.

Kind regards,

Maarten.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 31, 2017 1
Community Beginner ,
Jan 14, 2017

Copy link to clipboard

Copied

Hello,

I am still in doubt.that It should be better to use "to-ports="6667" value"

But when I do enter a port then I get the flash policy error again. So for now I use  to-ports="*" (with a star)

Is there someone who can tell me  what to do so I can use "to-ports="6667" value" ?

Best regards, Herman.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 14, 2017 0
Adobe Employee ,
Jan 14, 2017

Copy link to clipboard

Copied

The socket policy file tells Flash Player what ports it's allowed to communicate on.  The value foo in to-ports="foo" is the list of ports you want to allow.  If you've modified your instance to use 6670 instead of 6667 as an example, then you would want to specify:

<allow-access-from domain="mysite.com" to-ports="6670"/>

You can also specify a comma-separated list, or a range, like:

<allow-access-from domain="mysite.com" to-ports="6670,6671,6673"/>

<allow-access-from domain="mysite.com" to-ports="6670-6679"/>

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 14, 2017 1
Community Beginner ,
Jan 14, 2017

Copy link to clipboard

Copied

yes but the problem is untill now, when I specified a port in flashpolicy.xml Again I get flashpolicy error.

Thats whyI ask the question,

For now I use * (star) instead of a portnumber. But it is not safe or not safe enough.

Best regards, Herman

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 14, 2017 0
New Here ,
Jan 31, 2017

Copy link to clipboard

Copied

Good afternoon Herman,

I also had a problem with lightIRC not working and i just found out  that you can also use port "6664" instead of using a * .

Ofcourse you need to change this in the config.js form lightIRC and also in the flashpolicyd.xml file as mentioned earlier.

In Unrealircd.conf just change the "6667" into "6664-6667" behind the ip-adres and ofcourse open this range also in your router at home :-).

Kind regards,

M. Udo

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 31, 2017 0
New Here ,
Jan 14, 2017

Copy link to clipboard

Copied

1. kill flashpolicyd.rb process

In flashpolicy.xml put on port value 6660, line become:  <allow-access-from domain="*" to-ports="6660" />

start with: ./flashpolicyd.rb --xml flashpolicy.xml --logfile flashpolicyd.log

2. In  config.sys put on params.port value 6660, line become: params.port                         = 6660;

3. In conf/unrealircd.conf add on listen section:

listen {

<------>ip *;

<------>port 6660;

};

rehash server with /rehash

4. if you have firewall unblock sure 6660

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 14, 2017 1