| Author |
Message |
cyberdog
New Member
Joined: Apr 28, 2006
Posts: 15
Location: Menomonie, WI
|
 Posted:
Thu Aug 16, 2007 2:52 pm |
|
Afternoon everyone. I need a little help and scratching my head right now.
I have a PHP website and I am running NukeSentinel(tm) 2.5.03. It's been working awesome and I have not made any changes or other to my sites configuration.
Over the last couple weeks, members have been getting banned from the site for trying for trying to make a donation by clicking on our donate picture.
Here is the Log shows:
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR
2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.2)
Query String:
www.teamntense.com/index.php?cmd=_xclick&business=servers@teamntense.com&item_na
me=Team+N+Tense+Site+Donation&item_number=Servers&no_shipping=1&custom=72.204.17
.27&on0=ID&os0=18¬ify_url=http://www.teamntense.com/ipn_don.php&return=http:/
/www.teamntense.com/modules.php?name=Donate&op=received&uid=18&no_note=1¤c
y_code=USD&tax=0&on1=Show+Donation&os1=1&submit.x=75&submit.y=37
Get String:
www.teamntense.com/index.php?cmd=_xclick&business=servers@teamntense.com&item_na
me=Team N Tense Site
Donation&item_number=Servers&no_shipping=1&custom=72.204.17.27&on0=ID&os0=18¬
ify_url=
http://www.teamntense.com/ipn_don.php&return=http://www.teamntense.com/modules.p
hp?name=Donate&op=received&uid=18&no_note=1¤cy_code=USD&tax=0&on1=Show
Donation&os1=1&submit_x=75&submit_y=37
Post String: www.teamntense.com/index.php
Forwarded For: none
Client IP: none
Remote Address: 72.***.17.27 (**Privacy)
Remote Port: 52740
Request Method: GET
Is there anything I can do to get NS to stop banning people from making donations? |
| |
|
  
|
|
Gremmie
Former Moderator in Good Standing
Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA
|
| Posted:
Thu Aug 16, 2007 5:07 pm |
|
I think it is probably the http:// stuff in the arguments that is tripping it up.
What version of Nuke and what is the name of the donation block?
As to how to fix it or work around it.....hmmmm. If you could find a way to code the block so those http://'s aren't there, that would do it. Failing that, you'd have to modify Sentinel. |
_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module |
|
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
| Posted:
Thu Aug 16, 2007 5:35 pm |
|
You may want to also check the as I think nukesentinel.php specifically looks for this string - at least in newer versions. |
| |
|
|
|
|
fkelly
Former Moderator in Good Standing
Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY
|
| Posted:
Thu Aug 16, 2007 6:28 pm |
|
I can't quote every version of NS to you and you have to realize that 2.5.03 is seriously out of date and you should look into upgrading. I believe you are like 8 versions out of date. RN upgrades you automatically at least to NS 2.5.10 (the most recent is 2.5.11) but still I will try to address your problem.
The "cmd=" string is indeed blocked in NS. We've had similar issues with Gallery trying to issue it and getting blocked. You'll find the block down under the comment:
Code: // Check for XSS attack
if(!stristr($nsnst_const['query_string'], "index.php?url=") AND (!isset($_COOKIE['admin']) OR !is_admin($_COOKIE['admin']))) {
if( (isset($name) AND (eregi("http\:\/\/", $name) OR eregi("https\:\/\/", $name)))
OR (isset($file) AND (eregi("http\:\/\/", $file) OR eregi("https\:\/\/", $file)))
OR (isset($libpath) AND (eregi("http\:\/\/", $libpath) OR eregi("https\:\/\/", $libpath)))
OR stristr($nsnst_const['query_string'], "http://") OR stristr($nsnst_const['query_string'], "https://")
OR ( stristr($nsnst_const['query_string'], "cmd=") AND !stristr($nsnst_const['query_string'], "&cmd") )
OR ( stristr($nsnst_const['query_string'], "exec") AND !stristr($nsnst_const['query_string'], "execu") )
OR stristr($nsnst_const['query_string'],"concat") AND !stristr($nsnst_const['query_string'], "../") ) {
block_ip($blocker_row);
}
|
I'm not sure what the best approach is to fixing this. Your could just comment out the cmd= part of the OR. Or you could find out what module is generating that (say "donations") and code an exclusion. I think we did that for Gallery a year or two ago. I can't (and don't have the time to) simulate this so I can't give you a bullet proof answer. But I understand the frustration. |
| |
|
|
|
|
cyberdog
|
| Posted:
Fri Aug 17, 2007 7:28 am |
|
Thanks for the information. I am using PNC Nuke 4.01. The Donations block is from Teli at Codezwiz.
I will look into all this tonight when I get home. It is strange because everything was working just great, then one day people were getting banned going into this block-module. That's why I am scratching my head.
Thanks, for the assistance. I will get back to everyone when I get this figured out with a resolution.
I also realize I am a couple versions behind. I haven't had the time to get the updates going. I plan on getting the updates on ASAP.
But, it has been doing what we need it to do.
Thanks everyone for the info again!!! |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
