Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Sentinel is doing its job and then some
 View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> RN NukeSentinel(tm) issues
Author Message
wrecit
Regular
Regular



Joined: Jan 27, 2008
Posts: 99
PostPosted: Tue Feb 05, 2008 9:17 pm Reply with quote
I have...... Well Sentinel has caught and blocked a few hack attempts on my site and I love it.

I do have one problem though. I am running HTTP Video stream modual and one of the features of this modual is members can submit videos to the site then the admin gets the request info in the admin panel and approves or denies the video.

When my members submit a video Sentinel does not allow the submition and I recieve this



Quote:
Date & Time: 2008-02-05 17:52:31 EST GMT -0500
Blocked IP: 205.188.116.130
User ID: miguel (6)
Reason: Abuse-Script
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; iebar; acc=vonner)
Query String: therectorboys.com/modules.php?name=Video_Stream&page=vidadd
Get String: therectorboys.com/modules.php?name=Video_Stream&page=vidadd
Post String: therectorboys.com/modules.php?title=king george speedway&category=8&description=the final Virginia pavement Divisional in jr stock&url=<object width=\"425\" height=\"355\"><param name=\"movie\" value=\"http://www.youtube.com/v/wlsDA2-Hy_k&rel=1\"></param><param name=\"wmode\" value=\"transparent\"></param><embed src=\"http://www.youtube.com/v/wlsDA2-Hy_k&rel=1\" type=\"application/x-shockwave-flash\" wmode=\"transparent\" width=\"425\" height=\"355\"></embed></object>&picurl=&thumbimg=&width=425&height=355&plugin=5&ADDIT=Add Video
Forwarded For: none
Client IP: none
Remote Address: 205.188.116.130
Remote Port: 37197
Request Method: POST
--------------------
Who-Is for IP


How can I fix this?
 
View user's profile Send private message
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088
PostPosted: Wed Feb 06, 2008 1:34 am Reply with quote
Try this. Edit includes/nukesentinel.php.

FIND:
if (stristr($qs,'name=Forums')!==false && stristr($qs,'file=posting')!==false && (strtolower($qsName[0])=="private_messages" || strtolower($qsName[0])=="forums")) {

CHANGE TO:
if (stristr($qs,'name=Video_Stream')!==false || stristr($qs,'name=Forums')!==false && stristr($qs,'file=posting')!==false && (strtolower($qsName[0])=="private_messages" || strtolower($qsName[0])=="forums")) {

Should this work, there are security implications which I will discuss after you reply back.
 
View user's profile Send private message
wrecit
PostPosted: Sun Apr 27, 2008 12:27 pm Reply with quote
ok Raven it took me a while to get back to my site (real world job gave no time)

I just made the code modifycation and going to have some friends submit a video today

Now how bad have I just opened my site to hacking lol
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> RN NukeSentinel(tm) issues


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©