| Author |
Message |
AndyB
Worker
Joined: Jun 03, 2004
Posts: 231
Location: Torrevieja, Spain
|
 Posted:
Mon Jun 07, 2004 10:49 am |
|
Chatserv's tweaked/ patched nuke distro 6.9 (from this site?)
Sentinel 1.2
Admin secure
Hack Alert Script
Menalto Gallery v1.4.3-pl1
When I am logged in as admin, and go to highlight a sub album (or photo of a sub album) Sentinel Blocked me... in a big way! (Maybe I should disable the block IP, email and HUUUGE amounts of windows.....
(managed to crash a P4 3.6ghz with half a gig of ram in approx 10 seconds..... mates @ work were impressed  )
Unfortunately, I've needed to disable Sentinel right now until a "fix" is resolved (if anybody gets ideas, btw, there's still some security on the site...  )- if anybody can help, please let me know. I can give more details if necessary, and possibly set up an admin account if it helps.... |
| |
|
|
|
Brujo
Regular
Joined: Jun 04, 2004
Posts: 84
Location: Germany
|
| Posted:
Tue Jun 08, 2004 1:53 pm |
|
confirmed, same problem on my site with sentinel 1.2 & menalto Gallery v1.4.3-pl2 if i try to highlight a photo or remake the thumps as admin.
here the email from Sentinel:
normaly this function opens a new window but now in this window there is the banned message from Sentinel, but it shows the full path to the sentinel script:
| Quote: | Warning: fopen(.htaccess): failed to open stream: Permission denied in /srv/www/htdocs/html/includes/sentinel.php on line 386
Warning: fwrite(): supplied argument is not a valid stream resource in /srv/www/htdocs/html/includes/sentinel.php on line 387
Warning: fclose(): supplied argument is not a valid stream resource in /srv/www/htdocs/html/includes/sentinel.php on line 388
This IP has been blocked from.....
|
|
| |
|
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2496
|
| Posted:
Tue Jun 08, 2004 2:35 pm |
|
|
|
|
|
AndyB
|
| Posted:
Tue Jun 08, 2004 2:36 pm |
|
looks like you may have an install issue with your version of sentinel- I never get the warning messages....... That said I've got disipal's error messages tweak installed as well, not sure if that would make a difference...
I've set sentinel to just email me at the minute with this one- another user triggered it tonight by adding photo's or similar....
That said, I tried the changes to includes/sentinel.php on this thread:
http://www.ravenphpscripts.com/posts1796-highlightgallery.html
which *looks* like it may have kinda cured the problem, somewhat- I'll keep monitoring the mails, etc. Once I'm happy that gallery install isn't going to casue any problems, I'll up the ante to "block and background"...  |
| |
|
|
|
|
Brujo
|
| Posted:
Tue Jun 08, 2004 3:39 pm |
|
@sixonetonoffun
i try´d it and the remake of thumbs works now, but not the highlight function. I still get banned. I used the code from your posting:
Code:if (eregi("http\:\/\/", $name) OR (eregi("cmd",$querystring) AND !eregi("&cmd",$querystring)) OR eregi("exec",$querystring) AND !eregi("execu",$querystring) OR eregi("concat",$querystring)) {
|
@andyb
| Quote: | | looks like you may have an install issue with your version of sentinel- I never get the warning messages....... |
you was right, i have setted up sentinel to write down to the .htaccess but i didnt chmoded to 666 it was still 644. after i corrected this the full path is not more shown but still the banned message if i try to highlight a photo, maybe one more mistake of me.. |
| |
|
|
|
|
sixonetonoffun
|
| Posted:
Tue Jun 08, 2004 3:42 pm |
|
Is your htaccess chmod 0666 ? That "should" get rid of the failed to open stream issue. Somehow I missed that one when I posted originally. |
| |
|
|
|
|
Brujo
|
| Posted:
Tue Jun 08, 2004 3:52 pm |
|
| sixonetonoffun wrote: | | Is your htaccess chmod 0666 ? That "should" get rid of the failed to open stream issue. Somehow I missed that one when I posted originally. |
yes it is now 666, this was one mistake from me before, now the path to sentinel.php is not more shown, but i still get banned if i try to highlight a photo |
| |
|
|
|
|
sixonetonoffun
|
| Posted:
Tue Jun 08, 2004 4:28 pm |
|
You can try this
Code:
if (eregi("http\:\/\/", $name) OR (eregi("cmd",$querystring) AND !eregi("&cmd",$querystring) AND !eregi("cmd=highlight",$querystring)) OR eregi("exec",$querystring) AND !eregi("execu",$querystring) OR eregi("concat",$querystring)) {
|
Seems to work ok let us know if you find anymore Gallery issues so they can be addressed in a future release. |
| |
|
|
|
|
Brujo
|
| Posted:
Wed Jun 09, 2004 6:39 am |
|
@sixonetonoffun
yepp this works, thanks a lot for your help |
| |
|
|
|
|
AndyB
|
| Posted:
Sat Jul 10, 2004 3:21 pm |
|
I've tried all the permeatations of the codes listed above;
just upgraded gallery as well to v1.4.3-pl2
If I try to highlight an album, or photo, or do anything a normal user can do, sentinel sends me an email;
In the pop up window, instead of getting a confirmation window or similar, it throws the whole site into the smaller pop up window.....
Thanks for any input you can give- I'm gonna be on holiday for the next 2 weeks or so, so I'll look into it when I get back...
So far, in this thread (and some others) I am pelased and appreciative of the work that you guys do; the only problems I really have that I struggle to get my noggin round all appear to relate to Gallery..... 
If you need a guinea pig to try on a "live" site any future versions of Sentinel, give me a shout via pm or similar......
We've got a user base of over 2,000, galleries with over 3,000 photos, nearly a dozen moderators and three admins....  |
| |
|
|
|
|
sharlein
Member Emeritus
Joined: Nov 19, 2002
Posts: 322
Location: On the Road
|
| Posted:
Sun Jul 11, 2004 1:30 pm |
|
I am having the same trouble with gallery. Six, you said| Quote: | You can try this
Code:
if (eregi("http\:\/\/", $name) OR (eregi("cmd",$querystring) AND !eregi("&cmd",$querystring) AND !eregi("cmd=highlight",$querystring)) OR eregi("exec",$querystring) AND !eregi("execu",$querystring) OR eregi("concat",$querystring)) {
Seems to work ok let us know if you find anymore Gallery issues so they can be addressed |
Where does this code go?
Also, on a side note, I now have 2 deny from sections in myhtacess file. Will that cause any problems? Thanks, Steve |
_________________
Give Me Ambiguity Or Give Me Something Else! |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Sun Jul 11, 2004 4:01 pm |
|
Steve,
All of the changes, as in http://www.ravenphpscripts.com/postt1796.html , are in includes/sentinel.php as that's where the block comes from. Now, for those who are still having problems, make sure that you are only using Senitnel™ as if you are using other blockers they may be interferring with the work-around code. |
Last edited by Raven on Sun Jul 11, 2004 5:09 pm; edited 1 time in total |
|
|
|
|
sharlein
|
| Posted:
Sun Jul 11, 2004 5:03 pm |
|
Thank you, Gaylen. That did it. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
