| Author |
Message |
Dauthus
Worker
Joined: Oct 07, 2003
Posts: 211
|
 Posted:
Mon Jun 19, 2006 4:48 pm |
|
NukeSentinel(tm) Version 2.4.2pl9
I just noticed that when I click on any of the links listed in the HTTP Referers in the Admin control panel, I get banned. I can copy and paste the link, but clicking on it causes the ip to be banned. Here's the sentinel report.
I haven't had this happen in the prior patch levels. Any way to fix this or is it best to leave it alone? |
_________________
Only registered users can see links on this board! Get registered or login!
Vivere disce, cogita mori |
|
 
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Mon Jun 19, 2006 10:04 pm |
|
Yes, I would not click those. The filters in NS must have been "tuned up" a bit since your last version. NS is tripping on the inclusing of http:// in the query string. This is a no-no and is a good thing. |
_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
benji
New Member
Joined: Jul 15, 2006
Posts: 1
|
| Posted:
Sat Jul 15, 2006 1:55 pm |
|
Hi guys.. i'm not a programer or anything like that but that option is disabled for many reasons.. if you want that to be enabled then you need to enable (something on sentinel which i dont know which one it is but but but) its best not to do so as there are many kiddie scripts that use this type of hacking...
www.yoursite.com/modules=http://www.somesite.com.txtfile.txt
now the txtfile contains codes and stuff that will break your protection and get access to your site.. so thats why that is now allowing you to do so..
my suggestion would be copy and paste the link to a new browser.. it will be no harm for u
Benji |
| |
|
|
|
|
Dauthus
|
| Posted:
Sun Jul 16, 2006 12:19 am |
|
Ok, here's a simple fix for this issue:
Code:#
#-----[ OPEN ] -----
#
admin/modules/referers.php
#
#-----[ FIND ] -----
#
."<td bgcolor=\"$bgcolor2\"><font class=\"content\"><a href=\"index.php?url=$url\" target=\"_blank\">$url</a></td></tr>";
#
#-----[ REPLACE WITH ] -----
#
//."<td bgcolor=\"$bgcolor2\"><font class=\"content\"><a href=\"index.php?url=$url\" target=\"_blank\">$url</a></td></tr>";
."<td bgcolor=\"$bgcolor2\"><font class=\"content\"><a href=\"$url\" target=\"_blank\">$url</a></td></tr>";
#
#-----[ SAVE AND CLOSE ALL FILES ] -----
#
EOM
|
|
| |
|
|
|
|
spottedhog
Regular
Joined: Jun 02, 2004
Posts: 88
|
| Posted:
Fri Jul 21, 2006 1:12 pm |
|
Here is another work around.....
The issue is the "http://" being inside a URL and this happens also in the Downloads and Web Links modules in Admin.
I think it was the 3.1 patches where "http://" was added to the cross-scripting code. Now, at least from what I have seen that code is now inside the includes/nukesentinel.php file. For a very short time, this code was a part of mainfile.php, but now it is requested to move it to the includes/nukesentinel.php file.
My work around is to move those lines of cross-scripting code back to the mainfile.php, then surround it with ---> if(!is_admin) {cross-script code};
From what I have seen in the includes/nukesentinel.php file, it does not include the mainfile.php, so that file has no idea what is_admin is, so my work around would not be functional except in the mainfile.php file.
Sooo, if that code were moved to mainfile.php then the admin would never have an issue.
I know this runs contrary to what is listed in Sentinel, but it seems to work OK this way.
sorry....... |
| |
|
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
| Posted:
Fri Jul 21, 2006 1:37 pm |
|
spottedhog wrote | Quote: | | From what I have seen in the includes/nukesentinel.php file, it does not include the mainfile.php, so that file has no idea what is_admin is, so my work around would not be functional except in the mainfile.php file. |
nukesentinel.php does not do an include for mainfile.php because it is mainfile.php that includes nukesentinel.php |
Last edited by Guardian2003 on Fri Jul 21, 2006 2:25 pm; edited 1 time in total |
|
|
|
spottedhog
|
| Posted:
Fri Jul 21, 2006 2:23 pm |
|
 right......
I mentioned that as to the reason why my suggested work around could not be used when the code was located in the includes file..... hence, move the code to the mainfile.php so "!is_admin" can be used. |
| |
|
|
|
|
Guardian2003
|
| Posted:
Fri Jul 21, 2006 2:30 pm |
|
Yup.
I think this is already being investigated in another thread (use of is_admin) with a view to making sure an admin doesnt have an issue with this type of problem.
Both are interesting resolutions though. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
