| Author |
Message |
shmk
Worker
Joined: Dec 21, 2004
Posts: 116
|
 Posted:
Thu Jul 07, 2005 1:36 pm |
|
I got the "possible santy worm attack" with this url:
".etc.etc./Anurid%20Brushhopper.full.jpg"
Which is the string founded as "possible" attack ?
How I can resolve it ?
Thx  |
| |
|
|
|
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
| Posted:
Thu Jul 07, 2005 2:44 pm |
|
|
|
|
|
shmk
|
| Posted:
Fri Jul 08, 2005 2:50 am |
|
|
|
|
|
hitwalker
|
| Posted:
Fri Jul 08, 2005 4:08 am |
|
well its registered only so i cannot see,but i think your mistaken on this...
the spaces with % usualy are created because there is a space in a filename.
for example..if a image name "theair.jpg" suddenly is called "the air.jpg"(see the space) then it would show as the%air.jpg. |
| |
|
|
|
|
shmk
|
| Posted:
Sat Jul 09, 2005 3:07 am |
|
| hitwalker wrote: | well its registered only so i cannot see,but i think your mistaken on this...
the spaces with % usualy are created because there is a space in a filename.
for example..if a image name "theair.jpg" suddenly is called "the air.jpg"(see the space) then it would show as the%air.jpg. |
The strange is that I have hundreds of link with %20 in the middle but only this one is blocked by sentinel... which is the string that it found as bad ?
"%20Br" ?
"id%20" ?
"id%20Br" ?
"BOH" ? |
| |
|
|
|
|
hitwalker
|
| Posted:
Sat Jul 09, 2005 4:25 am |
|
i dont know that for sure,this is not a bug...
just repost in proper sentinel forum and will be answered. |
| |
|
|
|
|
64bitguy
The Mouse Is Extension Of Arm
Joined: Mar 06, 2004
Posts: 1164
|
| Posted:
Sat Jul 09, 2005 3:44 pm |
|
The only thing I can think of is that it seeing the hex code and then the "rush" which could be a problem. I'm just not sure how to nail it down in Sentinel as I'm kind of using my own hacked version.
If it's a link to an image on your site, change the properties of it to an underscore and eliminate the hex code which should (at least from my perspective) resolve the issue. |
_________________
Steph Benoit
100% Section 508 and W3C HTML5 and CSS Compliant (Truly) Code, because I love compliance. |
|
|
|
|
shmk
|
| Posted:
Thu Aug 04, 2005 9:39 am |
|
I renamed, substituting the spaces with underscores, my 22074 images and reuploaded but the error remains.
I think that a part of the error is caused by the word Rush... but what u means with "hex code" ? The %20 that i removed ? |
| |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Thu Aug 04, 2005 10:08 am |
|
Just try turning off the Santy worm check and see if it works. |
| |
|
|
|
|
shmk
|
| Posted:
Fri Aug 05, 2005 2:15 am |
|
| Raven wrote: | | Just try turning off the Santy worm check and see if it works. |
Sure it works.
But I want to know why sentinel with santy ON blocks it.
Which is the string that it founds as bad, so I can miss that error in my future modules. |
| |
|
|
|
|
Raven
|
| Posted:
Fri Aug 05, 2005 4:53 am |
|
The word RUSH would be my guess as it was yours. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
