Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Kisgb security
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> KISGB General Support
Author Message
fondy
Regular
Regular



Joined: Sep 12, 2003
Posts: 63
PostPosted: Thu Jul 13, 2006 11:43 pm Reply with quote
Hello

I am using nuke 7.6, sentinel 2.3.0 and Kisgb v5.0.2. For the last weeks someone is writing rubbish in the guestbook. The guestbook was open for all to write, but yesterday I configured the system so only registered users can write here. I set the parameter "only_registered_users_can_add" to "true"

This morning a user with name "888" had been writing in the guestbook. The user is not a member of my site, is not registrated in the user table.

How is this possible?

I cant block these guys in sentinel because it seems they are using proxies and that they have different IPs.

Can someone help? How can I secure kisgb so only registered users can add?

Regards fondy
 
View user's profile Send private message
fondy
PostPosted: Fri Jul 14, 2006 2:33 am Reply with quote
I have upgraded to kisgb-nuke 5.1.1 this morning

fondy
 
gregexp
The Mouse Is Extension Of Arm



Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol
PostPosted: Fri Jul 14, 2006 5:13 am Reply with quote
Are you running this as a module or a seperate script from the site?

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
fondy
PostPosted: Fri Jul 14, 2006 5:33 am Reply with quote
darklord wrote:
Are you running this as a module or a seperate script from the site?


Hi, I am running it as a module
 
gregexp
PostPosted: Fri Jul 14, 2006 9:43 pm Reply with quote
Deny access to the module through the modules admin panel, setting it to REGISTERED users only. And sentinel will protect it.
 
fondy
PostPosted: Sat Jul 15, 2006 12:25 pm Reply with quote
darklord wrote:
Deny access to the module through the modules admin panel, setting it to REGISTERED users only. And sentinel will protect it.


Hi, thanks a lot, I will do that

regards fondy
 
fondy
PostPosted: Tue Jul 18, 2006 12:06 pm Reply with quote
Hei

forgot one thing. I want visitors til read the guestbook, men only registered users can write.

Today there where several writings in KISGB from users who is not registrated. In sentinel I could se this:

/modules.php?USERNAME=OMAHA HI LO&SUBJECT=OMAHA HI LO&HELPBOX=OMAHA HI LO&DISABLE_HTML=&DISABLE_BBCODE=&DISABLE_SMILIES=&MODE=NEWTOPIC&F=15&POST=OK&MESSAGE=FOR A START BLIND CHURN STIFF BOTTOM PROFIT FREE 7 CARD STUD POKER RIVER SOFT FISH? ALL PLAY OMAHA HI LO HTTP://2051.JAMMATOWN.COM/08/ TIME TELL EM LONGSHOT PUSH HTTP://2051.JAMMATOWN.COM/08/ CROWN VIGORISH HIGH TUTORIAL LIVE? FOR EXAMPLE FREE VIDEO POKER BANKROLL! &ADDBBCODE18=RED&ADDBBCODE20=12

Is it possible to deny scripts like this ?

fondy
 
gregexp
PostPosted: Tue Jul 18, 2006 12:39 pm Reply with quote
Upgrade Sentinel and itll block any url that contains a http:// in it.
 
fondy
PostPosted: Tue Jul 18, 2006 1:23 pm Reply with quote
darklord wrote:
Upgrade Sentinel and itll block any url that contains a http:// in it.


thanks, I will upgrade and try it.

fondy
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> KISGB General Support


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©