Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

HTTP Referers
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> v2.3 RN Issues
Author Message
mrix
Client



Joined: Dec 04, 2004
Posts: 757
PostPosted: Wed Oct 29, 2008 6:50 pm Reply with quote
Hi there, something I find very usefull is the HTTP Referers in admin panel.
Unfortunately its stopped working with the upgrade Confused
anyone else noticed this or is it just a problem my end Sad
cheers
mrix
 
View user's profile Send private message Visit poster's website
ecchi_goshujinsama
New Member
New Member



Joined: Jul 11, 2008
Posts: 9
PostPosted: Wed Oct 29, 2008 6:56 pm Reply with quote
I have also experience the same problem. I'm wondering if it's a bug on RN2.3 or mayhap something went wrong with the upgrade process.
 
View user's profile Send private message
jestrella
Moderator



Joined: Dec 01, 2005
Posts: 593
Location: Santiago, Dominican Republic
PostPosted: Wed Oct 29, 2008 7:38 pm Reply with quote
Nothing wrong with it.
This feature was removed from RN230, because of some security flaws present...

If you still want it on your server, and you understand the risk of having it active, you can get the files from previous version and upload it to your server.

If I remember correctly, the given files were:

/admin/case/case.referers.php
/admin/links/links.httpreferers.php
/admin/modules/referers.php


NOTE: We highly discourage using this feature on Nuke systems

_________________
"For those whom have not reach the sky... Every mountain seems high"

Best Regards
Jonathan Estrella
http://about.me/jestrella04 
View user's profile Send private message Visit poster's website
ecchi_goshujinsama
PostPosted: Wed Oct 29, 2008 7:41 pm Reply with quote
Jestrella, is it possible to point me in the correct direction on this security flaw that was found in the http referers?

Thank you
 
mrix
PostPosted: Wed Oct 29, 2008 7:43 pm Reply with quote
Quote:
This feature was removed from RN230, because of some security flaws present...


Thats a shame as it was such a useful tool Crying or Very sad

I`ll say goodbye to it though for the sake of better security Crying or Very sad

cheers anyway
mrix
 
jestrella
PostPosted: Wed Oct 29, 2008 7:49 pm Reply with quote
ecchi_goshujinsama, With this active there's a risk of a potential sql injection attack. Hope this clear your doubt.
 
jestrella
PostPosted: Wed Oct 29, 2008 7:53 pm Reply with quote
hey mrix sorry on this one.

I can see you joined the site same day as my bday. killing me
 
evaders99
Former Moderator in Good Standing



Joined: Apr 30, 2004
Posts: 3221
PostPosted: Wed Oct 29, 2008 9:09 pm Reply with quote
As far as I know, that injection was fixed a while ago. There shouldn't be any harm in it, but I believe it was removed because NukeSentinel had its own referrers feature

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
jestrella
PostPosted: Wed Oct 29, 2008 10:17 pm Reply with quote
Thats so true.

You can enter
NukeSentinel -> Tracked IP Menu -> Display Tracked Referers

and have a look at the sites referring people to your site.
Cheers
 
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
PostPosted: Wed Oct 29, 2008 10:45 pm Reply with quote
NS definitely does it better Wink
 
View user's profile Send private message Send e-mail
mrix
PostPosted: Thu Oct 30, 2008 5:29 am Reply with quote
Quote:
You can enter
NukeSentinel -> Tracked IP Menu -> Display Tracked Referers


I did take a look and nothing in there also? has that side been effected as well? or do I have to enable something in sentinal to get that recieving them etc?
cheers
mrix
 
jakec
Site Admin



Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom
PostPosted: Thu Oct 30, 2008 6:56 am Reply with quote
You have to make sure it is turned on in the Nukesentinel admin, I think it might be under the IP Tracking option.
 
View user's profile Send private message
hube
Hangin' Around



Joined: May 02, 2008
Posts: 28
PostPosted: Sat Jan 10, 2009 2:56 am Reply with quote
Sorry for bumping.

I also miss the refers feature, however I understand that its not worth the risk.

Regarding the referers in Sentinel (via tracked ip) is there a way to exclude my own domain from being tracked?
 
View user's profile Send private message
jakec
PostPosted: Sat Jan 10, 2009 3:14 am Reply with quote
You need to add you IP to the Excluded ranges.
 
hube
PostPosted: Sat Jan 10, 2009 4:27 am Reply with quote
tnx!
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> v2.3 RN Issues


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©