Die Hacking Attempt when entering Forums,PM,MemberList

myrtletrees · Worker Joined: Sep 13, 2005 Posts: 140

Hello.

I recently moved my website(temporary) to a local server running here in my home.

The main differences, currently running PHP5 and I was running PHP4 with my online web host.

Here's my dilemma.

EVERYTHING seems to be working. Shortlinks work, all pages work EXCEPT, forums, forum admin, Private messages and Member List. All produce the following:
Hacking attempt!

I searched the forums here and found a few topics somewhat related, but none of which were relevant or my issue nor provided a solution.
I have changed the domain/url for the Forums in mysql from

Only registered users can see links on this board!
Get registered or login to the forums!

to localhost, however that resolved nothing.
I am at the moment running on a localhost server name.

Am I missing something?

Currently, the Sentinel version is 2.5.10 (I know, I should upgrade, it's in my to-do list) Wink

Thank you for any help.

Any additional information needed? Please ask Smile

P.S. I disabled Sentinel, just to see if it would make a difference and it did not.

evaders99 · Moderator Joined: Apr 30, 2004 Posts: 2847

As far as I can tell, "Hacking Attempt" is only generated when IN_PHPBB is not defined

All the .php files within modules/Forums and modules/Forums/admin (not any other subfolders) should define this value.

myrtletrees · Worker Joined: Sep 13, 2005 Posts: 140

evaders99 wrote:

As far as I can tell, "Hacking Attempt" is only generated when IN_PHPBB is not defined

All the .php files within modules/Forums and modules/Forums/admin (not any other subfolders) should define this value.

They do. Curiously, everything worked on my web host, but is not on my localhost.

fkelly · Posted: Sun Feb 03, 2008 12:07 pm

I just did a global search for "hacking attempt" in the /modules/forums directory. It looks to me like your problem may be coming from common.php and may reflect something about the settings of global variables there.

If you know how to modify this file (backing it up first) you might modify the die statements there to show which line number the hacking attempt message is coming from and then narrow in on it that way. Montego made some changes to this program for PHP5 in the soon to be released RN2.20 and he might have a better idea of what type of error was being generated that necessitated this.

Anyway start with common.php in the modules/forums directory.

myrtletrees · Worker Joined: Sep 13, 2005 Posts: 140

In common.php it is stopping here:

Code:

// Merge all into one extremely huge array; unset
// this later
$input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES);

unset($input['input']);
unset($input['not_unset']);

while (list($var,) = @each($input))
{
   if (in_array($var, $not_unset))
   {
      die('Hacking attempt! Line 4');
   }
   unset($$var);
}

unset($input);
}

I don't think it likes the php4 line above that says this

Code:

// PHP4+ path
$not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS', 'HTTP_ENV_VARS', 'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path', 'name', 'admin', 'nukeuser', 'user', 'no_page_header', 'cookie', 'db', 'prefix');

If I comment out that php4 line, everything then works. Although I do nto think that is the "solution"

Heres an interesting read

Only registered users can see links on this board!
Get registered or login to the forums!

Even more interesting. I am using 7.6 pl 3.3
If you compare my common.php with Raven's, the difference is Raven's does NOT have the Die Hacking Attempt line there. SO, if I remove the Die hacking attempt part, and uncomment the php4 line it works. But this to me would be a security issue. Either way, the php5 is seeing it as a hacking attempt.

fkelly · Posted: Sun Feb 03, 2008 12:43 pm

Yes, that's exactly where Montego made the fix in RN2.20, at least I'm pretty sure. If the fix works for you temporarily go ahead with it and the permanent fix will be in 2.20.

Good narrowing job you did!

myrtletrees · Worker Joined: Sep 13, 2005 Posts: 140

fkelly wrote:

Yes, that's exactly where Montego made the fix in RN2.20, at least I'm pretty sure. If the fix works for you temporarily go ahead with it and the permanent fix will be in 2.20.

Good narrowing job you did!

Thank you, and I'll wait and see what montego comes up with.