| Author |
Message |
hicuxunicorniobestbuildpc
The Mouse Is Extension Of Arm
Joined: Aug 13, 2009
Posts: 1123
|
 Posted:
Wed Dec 08, 2010 2:42 am |
|
Hello Guys
I modify the Private Messages. Correct me is something is wrong.
Code: // END - Added by Raven 11/19/2007 to exclude Forums and Private_Message Posting blocks
foreach($_POST as $secvalue) {
if((@eregi("<[^>]*iframe*\"?[^>]*", $secvalue)) ||
(@eregi("<[^>]*object*\"?[^>]*", $secvalue)) ||
(@eregi("<[^>]*applet*\"?[^>]*", $secvalue)) ||
(@eregi("<[^>]*meta*\"?[^>]*", $secvalue)) ||
(@eregi("<[^>]*onmouseover*\"?[^>]*", $secvalue)) ||
(@eregi("<[^>]script*\"?[^>]*", $secvalue)) ||
(@eregi("<[^>]body*\"?[^>]*>", $secvalue) && !eregi("<[^>]tbody*\"?[^>]*>", $secvalue)) ||
(@eregi("<[^>]style*\"?[^>]*", $secvalue))) {
block_ip($blocker_row);
}
}
}
}
}
|
Replace with
Code: // END - Added by Raven 11/19/2007 to exclude Forums and Private_Message Posting blocks
foreach($_POST as $secvalue) {
if(strpos($secvalue,'"') OR preg_match('#(\<([^>]*(script|object|iframe|applet|meta|style|onmouse(over|out))|[^t]*body)"?[^>]*\>|\([^>]*"?[^)]*\))#i',$secvalue)) {
block_ip($blocker_row);
}
}
}
}
}
|
|
| |
|
|
|
hicuxunicorniobestbuildpc
|
| Posted:
Wed Dec 08, 2010 2:51 am |
|
Related to these codes
| Quote: | function get_ip() {
global $nsnst_const;
if(strpos($nsnst_const['client_ip'], ', ') AND isset($nsnst_const['client_ip'])) {
$client_ips = explode(', ', $nsnst_const['client_ip']);
if($client_ips[0] != 'unknown' AND $client_ips[0] != 'none' AND !empty($client_ips[0]) AND !is_reserved($client_ips[0])) {
if(!ereg("^([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})$", $client_ips[0])) { $client_ips[0] = "none"; }
} else {
if(!ereg("^([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})$", $client_ips[1])) { $client_ips[1] = "none"; }
}
}
if(strpos($nsnst_const['forward_ip'], ', ') AND isset($nsnst_const['forward_ip'])) {
$x_forwardeds = explode(', ', $nsnst_const['forward_ip']);
if($x_forwardeds[0] != 'unknown' AND $x_forwardeds[0] != 'none' AND !empty($x_forwardeds[0]) AND !is_reserved($x_forwardeds[0])) {
if(!ereg("^([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})$", $x_forwardeds[0])) { $x_forwardeds[0] = "none"; }
} else {
if(!ereg("^([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})$", $x_forwardeds[1])) { $x_forwardeds[1] = "none"; }
}
}
if(strpos($nsnst_const['remote_addr'], ', ') AND isset($nsnst_const['remote_addr'])) {
$remote_addrs = explode(', ', $nsnst_const['remote_addr']);
if($remote_addrs[0] != 'unknown' AND $remote_addrs[0] != 'none' AND !empty($remote_addrs[0]) AND !is_reserved($remote_addrs[0])) {
if(!ereg("^([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})$", $remote_addrs[0])) { $remote_addrs[0] = "none"; }
} else {
if(!ereg("^([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})$", $remote_addrs[1])) { $remote_addrs[1] = "none"; }
}
}
if(isset($nsnst_const['client_ip']) && !stristr($nsnst_const['client_ip'], "none") && !stristr($nsnst_const['client_ip'], "unknown") AND !is_reserved($nsnst_const['client_ip'])) {
return $nsnst_const['client_ip'];
} elseif(isset($nsnst_const['forward_ip']) && !stristr($nsnst_const['forward_ip'], "none") && !stristr($nsnst_const['forward_ip'], "unknown") AND !is_reserved($nsnst_const['forward_ip'])) {
return $nsnst_const['forward_ip'];
} elseif(isset($nsnst_const['remote_addr']) && !stristr($nsnst_const['remote_addr'], "none") && !stristr($nsnst_const['remote_addr'], "unknown") AND !is_reserved($nsnst_const['remote_addr'])) {
return $nsnst_const['remote_addr'];
} else {
return "none";
}
} |
Should I replace with This one
Code:function get_ip() {
global $nsnst_const;
if($nsnst_const['client_ip'] != 'none' AND !is_reserved($nsnst_const['client_ip'])) {
$ipaddr = $nsnst_const['client_ip'];
} else if($nsnst_const['forward_ip'] != 'none' AND !is_reserved($nsnst_const['forward_ip'])) {
$ipaddr = $nsnst_const['forward_ip'];
} else if($nsnst_const['remote_addr'] != 'none' AND !is_reserved($nsnst_const['remote_addr'])) {
$ipaddr = $nsnst_const['remote_addr'];
} else {
$ipaddr = 'none';
}
return($ipaddr);
}
if(isset($nsnst_const['client_ip']) && !stristr($nsnst_const['client_ip'], "none") && !stristr($nsnst_const['client_ip'], "unknown") AND !is_reserved($nsnst_const['client_ip'])) {
return $nsnst_const['client_ip'];
} elseif(isset($nsnst_const['forward_ip']) && !stristr($nsnst_const['forward_ip'], "none") && !stristr($nsnst_const['forward_ip'], "unknown") AND !is_reserved($nsnst_const['forward_ip'])) {
return $nsnst_const['forward_ip'];
} elseif(isset($nsnst_const['remote_addr']) && !stristr($nsnst_const['remote_addr'], "none") && !stristr($nsnst_const['remote_addr'], "unknown") AND !is_reserved($nsnst_const['remote_addr'])) {
return $nsnst_const['remote_addr'];
} else {
return "none";
}
}
|
Correct me if something is wrong and please give more details about it. This post is not complete at all and looks like nukesentinel.php does need a little bit attention. Thanks in advance. |
| |
|
|
|
|
PHrEEkie
Subject Matter Expert
Joined: Feb 23, 2004
Posts: 358
|
| Posted:
Wed Dec 08, 2010 6:27 am |
|
Enter the party pooper 
Nuke Sentinel in its current form needs nothing. It served its purpose in that form. It needs to be re-written, not hacked.
Sentinel was designed to get us all by while all of the numerous exploits in PHP-Nuke began to get patched many years ago. It really did -actually- save a lot of attacks that would have been successful back then, but today, a huge majority of the attacks it stops would not have done any damage anyways. It mostly stands to stop people from 'banging' on your server, looking for something they won't be getting. It babysits script kiddies.
Seriously, think about it... back in those days, we used to watch Sentinel banning for things we had no idea whether or not Chatserv had patched yet or not. Today, everything's patched. Raven and the team constantly watch sites like Secunia and Waraxe, and if anything new is revealed, it gets patched. Looking at Waraxe's Forums, the PHP-Nuke board is almost DEAD, thanks to Chatserv and the countless others who have religiously patched month after month over the years.
So... yeah. I wouldn't lose too much sleep over this one tiny script. It does what it's supposed to do. There are sooooo many other portions of the base code that are still not optimized very well, and hyper-focusing on Sentinel does nothing to help that problem. Anyways, after reading all of this, I'd like to reiterate my original thought, so it isn't lost...
Sentinel needs to be re-written, not hacked. I'll leave that to the guys who specialize in that area, as there is plenty of work elsewhere that can be done in the meantime. 
- Keith |
_________________
PHP - Breaking your legacy scripts one build at a time. |
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Sat Dec 11, 2010 10:02 am |
|
Also note that the replacements suggested here are not equivalent replacements. There were reasons for having an "*" in some places and in others not. Unfortunately, those reasons may now have been lost in the "collective" memories of those here. I know for a fact that on at least one occasion I had brought up a false positive with Bob which resulted in one of those asterisks being removed, but for the life of me I can no longer remember why.
I agree with Raven and Keith. Either NS needs an overall, or the role it plays within RN needs to shift towards only needing to protect against "unknown" add-ons. As was mentioned here already, the core of RN has been shored up and exploits are watched closely and closed up. What NS does is help protect against all the other add-ons people put into RN that are old, not written well, or no longer maintained. Maybe that is the shift that needs to occur here... |
_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
