| Author |
Message |
thoth
New Member
Joined: Oct 15, 2006
Posts: 15
|
 Posted:
Sat May 10, 2008 2:18 pm |
 
|
Hi, I have a bit of a problem, I'm using the Search Web module v2, and when people use a plus sign in the search string as you do in Google etc, Sentinel is banning them. I added an STR_REPLACE to replace the + signs as spaces,What's the best way forward? paste the search modules code in here?
Here's the report, I just noticed three lots of / character ..
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14
Query String: ****.com/modules.php?name=Search_Web&op=search&cx=mygooglestringq&cof=FORID:11&query=\"Ghost+Research+International\"
Get String: "Ghost Research International\\\"
Post String:
Forwarded For: none
Client IP: none
Remote Address: 220.253.31.21
Remote Port: 4216
Request Method: GET
The ****.com is my domain and 'mygooglestring* is just the api key that I've commented out. |
|
|
 
|
|
BobMarion
Site Admin
Joined: Oct 30, 2002
Posts: 1039
Location: RedNeck Land (known as Kentucky)
|
| Posted:
Mon May 12, 2008 5:44 am |
|
I do believe it's the quote marks that are triggering the blocks instead of the + marks. What is the blocker that is triggered? Filter or String blocker? |
|
|
|
|
BobMarion
Site Admin
Joined: Oct 30, 2002
Posts: 1039
Location: RedNeck Land (known as Kentucky)
|
| Posted:
Mon May 12, 2008 6:09 am |
|
I can tell you that it is not the + marks but the " marks that is triggering the blocks. You should get a notice that user BobMarion has been blocked from your site cause I just tested it on your site 
Tried the search string rock+roll and no block but you add " to it and you will get blocked
Here's what is weird about the block. The " marks cause it to trigger the Admin blocker instead of the Filter blocker as I would have expected it to.[/img] |
|
|
|
|
|
thoth
New Member
Joined: Oct 15, 2006
Posts: 15
|
| Posted:
Mon May 12, 2008 6:27 am |
|
Hi Bob..
You know I saw a registration Bob Marion, and I was thinking .. " I know that name from somewhere, but where ..hmmm"
Well I changed the code a bit, so that the results page is seperate from the search page, so it wasn't using $_GET etc. I picked up the Search Web 2 code from clan gamers or whatever it is. The new stuff I did myself, but it is still blocking you I see with the quotes.
I don't really want to get Sentinel to ignore the Search module, because spammers and hackers are trying to use the search for their activities.
I would've thought it would have blocked using the filter blocker. I'll go and unban you Bob 
Any ideas on how to put it right? I can send you the code for the modules, but for security would rather not post them here. |
|
|
|
|
|
BobMarion
Site Admin
Joined: Oct 30, 2002
Posts: 1039
Location: RedNeck Land (known as Kentucky)
|
| Posted:
Mon May 12, 2008 7:05 am |
|
Send a copy of the module to me at webmaster(at)nukescripts(dot)net . I 'll look at it but I don't know that there is a real solution without opening a hole. There might be a possible way of striping out the " marks but I would have to have the module to see how it is handling everything.
Oh, here is an example of something I posted to warn people not to use certain characters in searchs but they still ignore it. Look just below the search box:
|
|
|
|
|
|
thoth
New Member
Joined: Oct 15, 2006
Posts: 15
|
| Posted:
Tue May 13, 2008 2:05 am |
|
Hi, thanks I have just sent that off to you. I saw that alert box on your downloads area, and I can imagine people do still ignore it, even though it couldn't be made any more clear to them. I was thinking of using an str_replace(""","",$searchstring) just after the form input? Trouble is, that loses the Google search functionality.
Thanks again for helping |
|
|
|
|
|
thoth
New Member
Joined: Oct 15, 2006
Posts: 15
|
| Posted:
Tue May 13, 2008 5:48 am |
|
Hi Bob
Thanks so much for looking into this for me.Below is the code for the
search module. I tried mailing you, but your domain is bouncing googlemail addresses, and I tried to send it as a PM, but it told me it was incorrect content?
<!-- Google CSE Search Box Begins -->
<form id="cse-search-box"
action="http://www.book-of-thoth.com/Results.html">
<input type="hidden" name="cx"
value="apikey" />
<input type="hidden" name="cof" value="FORID:11" />
<input name="q" type="text" size="40" />
<input type="submit" name="sa" value="Search" />
</form>
<script type="text/javascript"
src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
<!-- Google CSE Search Box Ends --><br>
<br>
<br>
And this is the code of the results page
<!-- Google Search Result Snippet Begins -->
<div id="cse-search-results"></div>
<script type="text/javascript">
var googleSearchIframeName = "cse-search-results";
var googleSearchFormName = "cse-search-box";
var googleSearchFrameWidth = 600;
var googleSearchFrameborder = 0;
var googleSearchDomain = "www.google.com";
var googleSearchPath = "/cse";
</script>
<script type="text/javascript"
src="http://www.google.com/afsonline/show_afs_search.js"></script></center>
<!-- Google Search Result Snippet Ends -->
I really hope you can see a way round this, I think it's because people are seeing "google" in the search box, and think they can use the same syntax, which would be a shame if they couldn't.
Really am utterly impressed with Sentinel, and I will be making a donation soon. Is there anything else I can add to secure my site, it's been hacked a few times lately (before I upgraded to Raven and Sentinel).
Many thanks
Michael |
|
|
|
|
|
|
|
|
|
![[Valid RSS]](http://ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
