How to exclude sentinel 2.4x from the Forum module

New Member Joined: Mar 07, 2005 Posts: 10

I am using invisionboard on my site, After upgrading the forum the sentinel causes problem. I cannot browse in the pages.

Is there any way to exclude sentinel only from the forum module? I appreciate your help.

registered · Posted: Wed Aug 31, 2005 1:30 pm

It could be dangerous to exclude it but you could change the include lines from:

Code:

if (defined('FORUM_ADMIN')) {


    @include_once("../../../includes/nukesentinel.php");


} elseif (defined('INSIDE_MOD')) {


    @include_once("../../includes/nukesentinel.php");


} else {


    @include_once("includes/nukesentinel.php");


}

To something like:

Code:

if (defined('FORUM_ADMIN') && $name != "Forums") {


    @include_once("../../../includes/nukesentinel.php");


} elseif (defined('INSIDE_MOD') && $name != "Forums") {


    @include_once("../../includes/nukesentinel.php");


} elseif($name != "Forums") {


    @include_once("includes/nukesentinel.php");


}

Posted: Thu Sep 01, 2005 9:25 am

Thank you Bob!

You said it could be dangerous, did you mean it for phpnuke part or the invisionboard?

I actually found the problem, it is the "Scripting Blocker Settings" in sentinel which conflicts with the invision. When i turned it off it works as usual. I just want to say that i am not expecting to get support for invision. But I also think that invision may have some protect against this kind of abuse. Is it possible to disable scripting blocker settings for only invision by editing these lines (from includes/nukesentinel.php) like this

Code:

if(!is_admin($admin) && $name != "Forums")  {


  // Check for SCRIPTING attack


  // Copyright 2004(c) ChatServ


  $blocker_row = $blocker_array[4];


  if($blocker_row['activate'] > 0) {


    foreach ($_GET as $sec_key => $secvalue) {


      $secvalue = strtolower($secvalue);


      str_replace("%3c", "<", $secvalue);


      str_replace("%3e", ">", $secvalue);


      if ((eregi("<[^>]script*\"?[^>]*>", $secvalue))


      || (eregi("<[^>]*object*\"?[^>]*>", $secvalue))


      || (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue))


      || (eregi("<[^>]*applet*\"?[^>]*>", $secvalue))


      || (eregi("<[^>]*meta*\"?[^>]*>", $secvalue))


      || (eregi("<[^>]style*\"?[^>]*>", $secvalue))


      || (eregi("<[^>]*form*\"?[^>]*>", $secvalue))


      || (eregi("<[^>]*img*\"?[^>]*>", $secvalue))


      || (eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue))


      || (eregi("\([^>]*\"?[^)]*\)", $secvalue))) {


        block_ip($blocker_row);


      }


    }

Posted: Thu Sep 01, 2005 9:32 am

By adding the $name != "Forums:

Code:

if(!is_admin($admin) && $name != "Forums")  {

It should stop it from be active during a users visits to your forums.

Posted: Thu Sep 01, 2005 9:34 am

Quote:

You said it could be dangerous, did you mean it for phpnuke part or the invisionboard?

For your site. If invision does not have scripting protection you could be attacked and your site compromised by defeating the logic in NukeSentinel(tm).

Posted: Thu Sep 01, 2005 3:27 pm

According to Invision support, there is protection against scripting.
Thank you for helping me, it works fine.