| Author |
Message |
64bitguy
The Mouse Is Extension Of Arm
Joined: Mar 06, 2004
Posts: 1164
|
 Posted:
Thu Oct 28, 2004 11:11 am |
|
Hi
I wanted to just ask a quick question about possible changes not mentioned in the NukeSentinel documentation.
One thing I've noticed about the ever evolving mainfile.php of different versions from 6.x on (but especially 7.x and all of Chatserv's great "Patched" solutions) is that the beginning of mainfile.php includes a section specifically dedicated to preventing certain types of known abuses including forbidden query strings and Union abuses. This section has grown larger and larger over time with each new mainfile.php.
My question is, if you have implemented NukeSentinel and setup all of the banning features, is it then safe to remark out this section entirely?
In my mind, NukeSentinel is now guarding against all of these abuses and additionally, it at least provides some level of notification (as well as banning the abuser) which is much more than what the mainfile.php section does.
If my assumptions are correct, would be a bad idea to suggest making a notation in the User Guide and readme.txt that says something like, "once you have completed NukeSentinel installation, and then completed configuration and enabled all individual types of protection, it is safe to remark out this section in the mainfile.php?
Mine is below:
Code://Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 3 Code to prevent UNION SQL Injections
//unset($matches);
//unset($loc);
//if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER["QUERY_STRING"]), $matches)) {
// die();
//}
//$queryString = strtolower($_SERVER['QUERY_STRING']);
//if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($querystring,'c2nyaxb0')) {
//header("Location: index.php");
//die();
//}
|
If I'm way off here, please advise.
Thanks! |
_________________
Steph Benoit
100% Section 508 and W3C HTML5 and CSS Compliant (Truly) Code, because I love compliance. |
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Thu Oct 28, 2004 1:41 pm |
|
Remove them all if you are using NukeSentinel. Also remove the 1 or 2 lines of code from admin.php. We will modify the User's Guide. |
| |
|
|
|
|
BobMarion
Former Admin in Good Standing
Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)
|
| Posted:
Thu Oct 28, 2004 1:52 pm |
|
I'll make note of it in the 2.1.1 readme file  |
_________________
Bob Marion
Codito Ergo Sum
Only registered users can see links on this board! Get registered or login! |
|
 
|
|
64bitguy
|
| Posted:
Thu Oct 28, 2004 2:05 pm |
|
You mean these in admin.php right?
Code://$checkurl = $_SERVER['REQUEST_URI'];
//if((stripos_clone($_SERVER["QUERY_STRING"],'AddAuthor')) || (stripos_clone($_SERVER["QUERY_STRING"],'UpdateAuthor')) || (preg_match("/\?admin/", "$checkurl")) || (preg_match("/\&admin/", "$checkurl"))) {
//die("Illegal Operation");
//}
|
Thanks guys! |
| |
|
|
|
|
Raven
|
| Posted:
Thu Oct 28, 2004 2:06 pm |
|
|
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2496
|
| Posted:
Thu Oct 28, 2004 2:12 pm |
|
Should speed things up a bit too as a added bonus! |
_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 |
|
|
|
|
64bitguy
|
| Posted:
Thu Oct 28, 2004 2:26 pm |
|
Well, I have now eliminated Protector and made these changes.
This coupled with gzip has increased my average page load times from 0.53 to 1.0 and forums 0.39 to 1.0 to now averaging 0.15 to 0.19 and forums at 0.13 to 0.20.
I guess I can't complain.
Getting rid of Protector also forced me to get rid of a few other things like my Login block, but I'm using a new BETA solution that I've modded to give me the features that I want and so far (other than a few minor bugs I'm working out) everything is great and much faster.
Now if I can only figure out how  to turn caching on and off in particular blocks/sections....   |
| |
|
|
|
|
Raven
|
| Posted:
Thu Oct 28, 2004 2:40 pm |
|
You are anything but subtle, to be sure  My module does not yet have that feature. I have hand loaded my properties to this point. I will be adding several things over the next couple of days. Hang tight - you will be a tester |
| |
|
|
|
|
64bitguy
|
| Posted:
Thu Oct 28, 2004 2:44 pm |
|
lol Subtle...  
Thanks Raven |
| |
|
|
|
|
JRSweets
Worker
Joined: Aug 06, 2004
Posts: 192
|
| Posted:
Tue Nov 02, 2004 3:05 pm |
|
Six posted this in another thread, but you guys are talking about removing the other code from mainfile.php
| Quote: | 1) //Union Tap code
2) #--------------- Base64 sanitize by Waraxe code
3) foreach ($_GET as $secvalue) code
4) foreach ($_POST as $secvalue)
|
Is this the code he talking about?
foreach ($_GET as $secvalue) code is this:
Code:foreach ($_GET as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||
(eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
(eregi("\"", $secvalue)) ||
(eregi("forum_admin", $var_name)) ||
(eregi("inside_mod", $var_name))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
|
foreach ($_POST as $secvalue) is:
Code:foreach ($_POST as $secvalue) {
if ((eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*style*\"?[^>]*>", $secvalue))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
|
Can this be removed to?
Code:// Post filtering patch by telli - http://codezwiz.com/ - edited by chatserv
if ($_SERVER["REQUEST_METHOD"] == "POST") {
foreach ($_POST as $FormFieldName=>$FormFieldValue)
{
if (gettype($FormFieldValue) == 'array')
{
$iCount = count($_POST[$FormFieldName]);
for ($i=0;$i<$iCount;$i++)
{
$FormFieldValue = $_POST[$FormFieldName][$i];
$sTemp .= "name=\"" . $FormFieldName . "[$i]\" value=\"$FormFieldValue\"\r\n";
}
}
else {$sTemp .= "name=\"$FormFieldName\" value=\"$FormFieldValue\"\r\n"; }
$sTemp = urldecode($sTemp);
}
}
if($_SERVER["REQUEST_METHOD"] == "POST" && (preg_match("/mod_authors/", $sTemp) || preg_match("/displayadmins/", $sTemp) || preg_match("/updateadmin/", $sTemp) || preg_match("/modifyadmin/", $sTemp) || preg_match("/deladmin/", $sTemp) || preg_match("/deladmin2/", $sTemp)))
{
die ("<center><img src=images/logo.gif><br><br><b>Illegal Operation - You Are Not An Authorized Admin</b>");
}
// End Post filtering patch
|
What is #--------------- Base64 sanitize by Waraxe code?
Is it this?
Code:if(isset($admin))
{
$admin = base64_decode($admin);
$admin = addslashes($admin);
$admin = base64_encode($admin);
}
if(isset($user))
{
$user = base64_decode($user);
$user = addslashes($user);
$user = base64_encode($user);
}
|
|
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
