Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

web links sql injection
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
gopo
New Member
New Member



Joined: Dec 28, 2005
Posts: 12
PostPosted: Fri Aug 17, 2007 2:47 am Reply with quote
hi guys
I'm using an older release of raven nuke with NukeSentinel(tm) 2.4.2 and for the past few days I'm geting flooded with spam web links (awaiting admin approval) One of the lines on my error log...could be related:
request failed: erroneous characters after protocol string: $MyNick Ammut|$Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.689ABCABC|
I reach MaxClients and I guess everything comes to a crawl.
My question is: will the latest release address this kind of injections?
thanx
 
View user's profile Send private message
xblader
Client



Joined: Aug 17, 2006
Posts: 28
PostPosted: Fri Aug 17, 2007 3:25 am Reply with quote
i would recommend upgrading to the latest release even if it doesnt stop your problem.
 
View user's profile Send private message
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
PostPosted: Fri Aug 17, 2007 6:18 am Reply with quote
I don't believe this is a SQL injection as the older Web Links module had an issue with the "Add Link" permissions (it was bypassing it). That was fixed in RN 2.10.00 and doubtful that any other PHP-Nuke out there has this fixed. In addition, RN 2.10.00 has an added "spam captcha" which also helps.

_________________
Where Do YOU Stand?
HTML Newsletter::ShortLinks::Mailer::Downloads and more... 
View user's profile Send private message Visit poster's website
montego
PostPosted: Fri Aug 17, 2007 6:19 am Reply with quote
I don't believe this is a SQL injection as the older Web Links module had an issue with the "Add Link" permissions (it was bypassing it). That was fixed in RN 2.10.00 and doubtful that any other PHP-Nuke out there has this fixed. In addition, RN 2.10.00 has an added "spam captcha" which also helps.
 
gopo
PostPosted: Sun Aug 19, 2007 10:26 am Reply with quote
ok thanks I removed the entire old nuke and upgraded to the latest RN, so far so good, no more spam

I have a different question. I'm trying to keep the system as light as possible, Im not using most of the modules (forums, your account...) but after I remove the Groups module no other new modules appear. Is there an easy way arround this?
 
montego
PostPosted: Sun Aug 19, 2007 10:39 am Reply with quote
I would not remove that one. Too much is integrated into RavenNuke with regards to that module.

BTW, not sure you really want to remove the others either. Not sure the impact as some of these modules, such as the forums, members list and private messages are very deeply integrated into it. Many of the other modules (other than these mentioned here), "could" potentially be removed.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©