| Author |
Message |
myrtletrees
Involved
Joined: Sep 13, 2005
Posts: 259
Location: Cornfields of Indiana
|
 Posted:
Sat Feb 02, 2008 8:35 pm |
|
Hello.
I recently moved my website(temporary) to a local server running here in my home.
The main differences, currently running PHP5 and I was running PHP4 with my online web host.
Here's my dilemma.
EVERYTHING seems to be working. Shortlinks work, all pages work EXCEPT, forums, forum admin, Private messages and Member List. All produce the following:
Hacking attempt!
I searched the forums here and found a few topics somewhat related, but none of which were relevant or my issue nor provided a solution.
I have changed the domain/url for the Forums in mysql from www.mywebiste.com to localhost, however that resolved nothing.
I am at the moment running on a localhost server name.
Am I missing something?
Currently, the Sentinel version is 2.5.10 (I know, I should upgrade, it's in my to-do list) 
Thank you for any help.
Any additional information needed? Please ask 
P.S. I disabled Sentinel, just to see if it would make a difference and it did not. |
| |
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Sat Feb 02, 2008 10:56 pm |
|
As far as I can tell, "Hacking Attempt" is only generated when IN_PHPBB is not defined
All the .php files within modules/Forums and modules/Forums/admin (not any other subfolders) should define this value. |
_________________
- Only registered users can see links on this board! Get registered or login! -
Need help? Only registered users can see links on this board! Get registered or login! |
|
|
|
myrtletrees
|
| Posted:
Sun Feb 03, 2008 8:05 am |
|
| evaders99 wrote: | As far as I can tell, "Hacking Attempt" is only generated when IN_PHPBB is not defined
All the .php files within modules/Forums and modules/Forums/admin (not any other subfolders) should define this value. |
They do. Curiously, everything worked on my web host, but is not on my localhost. |
| |
|
|
|
|
fkelly
Former Moderator in Good Standing
Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY
|
| Posted:
Sun Feb 03, 2008 12:07 pm |
|
I just did a global search for "hacking attempt" in the /modules/forums directory. It looks to me like your problem may be coming from common.php and may reflect something about the settings of global variables there.
If you know how to modify this file (backing it up first) you might modify the die statements there to show which line number the hacking attempt message is coming from and then narrow in on it that way. Montego made some changes to this program for PHP5 in the soon to be released RN2.20 and he might have a better idea of what type of error was being generated that necessitated this.
Anyway start with common.php in the modules/forums directory. |
| |
|
|
|
|
myrtletrees
|
| Posted:
Sun Feb 03, 2008 12:37 pm |
|
In common.php it is stopping here:
Code: // Merge all into one extremely huge array; unset
// this later
$input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES);
unset($input['input']);
unset($input['not_unset']);
while (list($var,) = @each($input))
{
if (in_array($var, $not_unset))
{
die('Hacking attempt! Line 4');
}
unset($$var);
}
unset($input);
}
|
I don't think it likes the php4 line above that says this
Code: // PHP4+ path
$not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS', 'HTTP_ENV_VARS', 'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path', 'name', 'admin', 'nukeuser', 'user', 'no_page_header', 'cookie', 'db', 'prefix');
|
If I comment out that php4 line, everything then works. Although I do nto think that is the "solution"
Heres an interesting read
http://marc.info/?l=bugtraq&m=113081113317600&w=2
Even more interesting. I am using 7.6 pl 3.3
If you compare my common.php with Raven's, the difference is Raven's does NOT have the Die Hacking Attempt line there. SO, if I remove the Die hacking attempt part, and uncomment the php4 line it works. But this to me would be a security issue. Either way, the php5 is seeing it as a hacking attempt. |
Last edited by myrtletrees on Sun Feb 03, 2008 12:44 pm; edited 1 time in total |
|
|
|
|
fkelly
|
| Posted:
Sun Feb 03, 2008 12:43 pm |
|
Yes, that's exactly where Montego made the fix in RN2.20, at least I'm pretty sure. If the fix works for you temporarily go ahead with it and the permanent fix will be in 2.20.
Good narrowing job you did! |
| |
|
|
|
|
myrtletrees
|
| Posted:
Sun Feb 03, 2008 12:50 pm |
|
| fkelly wrote: | Yes, that's exactly where Montego made the fix in RN2.20, at least I'm pretty sure. If the fix works for you temporarily go ahead with it and the permanent fix will be in 2.20.
Good narrowing job you did! |
Thank you, and I'll wait and see what montego comes up with. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
