| Author |
Message |
blith
Client
Joined: Jul 18, 2003
Posts: 977
|
 Posted:
Tue Nov 16, 2004 7:50 am |
|
One of my registered members got this one:
Code:www.gamersroam.com/modules.php?name=Downloads&d_op=gfx&random_num=givlexec
|
I use the fetchit mod that is used here so I am not sure why I am getting it. Thanks for the help. |
| |
|
 
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Tue Nov 16, 2004 8:05 am |
|
My guess it's the 'exec' at the end. In includes/sentinel.php, on or about line 201, change thisCode: if (eregi("http\:\/\/", $name) OR (eregi("cmd",$querystring) AND !eregi("&cmd",$querystring)) OR (eregi("exec",$querystring) AND !eregi("execu",$querystring)) OR eregi("concat",$querystring)) {
block_ip($ip, $banuser, $bantime, $blocker_row);
|
toCode: if (eregi("http\:\/\/", $name) OR (eregi("cmd",$querystring) AND !eregi("&cmd",$querystring)) /*OR (eregi("exec",$querystring) AND !eregi("execu",$querystring))*/ OR eregi("concat",$querystring)) {
block_ip($ip, $banuser, $bantime, $blocker_row);
|
And see if that fixes it. Note that commenting that out will not hurt anything because in order to use 'exec' as an attack, other things are used that get trapped. |
| |
|
|
|
|
blith
|
| Posted:
Tue Nov 16, 2004 8:09 am |
|
ah... that is why it only happens every so often... I bet that unfortunate letter combination came up in all of them. Thank you Raven! |
| |
|
|
|
|
drmike
Worker
Joined: Jul 15, 2004
Posts: 108
Location: Charlotte, NC
|
| Posted:
Wed Mar 23, 2005 10:43 am |
|
Greets:
I just installed the Gallery here and kept getting the block messages when I tried to do anything with it with a string that contained the "?cmd" line.
I just went ahead and deleted out the cmd stuff out of the sentinel.php file as it appeared the edits did not work for me.
Should I be concerned about being open now?
Thanks,
-drmike |
_________________
Only registered users can see links on this board! Get registered or login! |
|
 |
|
dcasmr
Worker
Joined: Feb 06, 2004
Posts: 147
|
| Posted:
Fri Apr 08, 2005 12:04 am |
|
I am having the same problem with sentinel 2.1.3 and Gallery 1.4.4pl4 I used the suggested fixed, however, as soon as I logging and try to highlight a photo, I am banned. Santy worms block of codes have been removed also.
Any other suggestions?
Thanks,
dcasmr |
| |
|
|
|
|
Raven
|
| Posted:
Fri Apr 08, 2005 10:47 pm |
|
| dcasmr wrote: | I am having the same problem with sentinel 2.1.3 and Gallery 1.4.4pl4 I used the suggested fixed, however, as soon as I logging and try to highlight a photo, I am banned. Santy worms block of codes have been removed also.
Any other suggestions?
Thanks,
dcasmr |
What is the reason that NukeSentinel is recording as the ban? |
| |
|
|
|
|
dcasmr
|
| Posted:
Sat Apr 09, 2005 1:49 am |
|
Raven:
Thanks for your reply:
It is: modules.php?cmd=hide&index=1&set_albumName=testit=modload&name=gallery&file=index&include=do_command.php
I read thru your previous answers and since my blocked message has ?cmd I used this:
if (eregi("http\:\/\/", $name) OR (eregi("cmd",$querystring) AND !eregi("&cmd",$querystring) AND !eregi("?cmd",$querystring)) OR (eregi("exec",$querystring) AND !eregi("execu",$querystring)) OR eregi("concat",$querystring)) {
block_ip($ip, $banuser, $bantime, $blocker_row);
}
}
however, I am still getting banned the photo cannot be used to Highlight.
Thanks,
dcasmr
?cmd=hide&index=1&set_albumName= |
| |
|
|
|
|
Raven
|
| Posted:
Sat Apr 09, 2005 5:31 am |
|
CommentCode:if (eregi("http\:\/\/", $name) OR (eregi("cmd",$querystring) AND !eregi("&cmd",$querystring) AND !eregi("?cmd",$querystring)) OR (eregi("exec",$querystring) AND !eregi("execu",$querystring)) OR eregi("concat",$querystring))
|
toCode:if (eregi("http\:\/\/", $name)/* OR (eregi("cmd",$querystring) AND !eregi("&cmd",$querystring) AND !eregi("?cmd",$querystring))*/ OR (eregi("exec",$querystring) AND !eregi("execu",$querystring)) OR eregi("concat",$querystring))
|
|
| |
|
|
|
|
dcasmr
|
| Posted:
Tue Apr 12, 2005 8:51 pm |
|
Thanks Raven. That did it. If anyone try that fix and still get a "hidden.." gallery message, just update to gallery 1.5.X . The above code corrected my highlight problem.
Thanks again Raven |
| |
|
|
|
|
opcode
New Member
Joined: Oct 14, 2006
Posts: 1
|
| Posted:
Mon Jun 04, 2007 7:12 pm |
|
I wouldn't comment it out.
I would recode the gallery code to not use "cmd". |
| |
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Tue Jun 05, 2007 5:43 am |
|
opcode, what you are suggesting may not be as easy at it seems. There are other threads here which also suggest an alteration of the code rather than commenting it out. I believe it also checked for the module name of "Gallery" and only excluded the "cmd" check if that module was being requested at that time. |
_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
