Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.6.x
Author Message
hicuxunicorniobestbuildpc
Life Cycles Becoming CPU Cycles


Joined: Aug 13, 2009
Posts: 967
Location: Netherland

PostPosted: Wed Dec 08, 2010 2:42 am Reply with quote

Hello Guys

I modify the Private Messages. Correct me is something is wrong.

Code:
      // END - Added by Raven 11/19/2007 to exclude Forums and Private_Message Posting blocks 

        foreach($_POST as $secvalue) {
          if((@eregi("<[^>]*iframe*\"?[^>]*", $secvalue)) ||
            (@eregi("<[^>]*object*\"?[^>]*", $secvalue)) ||
            (@eregi("<[^>]*applet*\"?[^>]*", $secvalue)) ||
            (@eregi("<[^>]*meta*\"?[^>]*", $secvalue)) ||
            (@eregi("<[^>]*onmouseover*\"?[^>]*", $secvalue)) ||
            (@eregi("<[^>]script*\"?[^>]*", $secvalue)) ||
            (@eregi("<[^>]body*\"?[^>]*>", $secvalue) && !eregi("<[^>]tbody*\"?[^>]*>", $secvalue)) ||
            (@eregi("<[^>]style*\"?[^>]*", $secvalue))) {
            block_ip($blocker_row);
          }
       }
     }
  }
}


Replace with

Code:
      // END - Added by Raven 11/19/2007 to exclude Forums and Private_Message Posting blocks

        foreach($_POST as $secvalue) {
      if(strpos($secvalue,'"') OR preg_match('#(\<([^>]*(script|object|iframe|applet|meta|style|onmouse(over|out))|[^t]*body)"?[^>]*\>|\([^>]*"?[^)]*\))#i',$secvalue)) {
           block_ip($blocker_row);
        }
      }
     }
  }
}
 
View user's profile Send private message Visit poster's website
hicuxunicorniobestbuildpc
PostPosted: Wed Dec 08, 2010 2:51 am Reply with quote

Related to these codes

Quote:
function get_ip() {
global $nsnst_const;
if(strpos($nsnst_const['client_ip'], ', ') AND isset($nsnst_const['client_ip'])) {
$client_ips = explode(', ', $nsnst_const['client_ip']);
if($client_ips[0] != 'unknown' AND $client_ips[0] != 'none' AND !empty($client_ips[0]) AND !is_reserved($client_ips[0])) {
if(!ereg("^([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})$", $client_ips[0])) { $client_ips[0] = "none"; }
} else {
if(!ereg("^([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})$", $client_ips[1])) { $client_ips[1] = "none"; }
}
}
if(strpos($nsnst_const['forward_ip'], ', ') AND isset($nsnst_const['forward_ip'])) {
$x_forwardeds = explode(', ', $nsnst_const['forward_ip']);
if($x_forwardeds[0] != 'unknown' AND $x_forwardeds[0] != 'none' AND !empty($x_forwardeds[0]) AND !is_reserved($x_forwardeds[0])) {
if(!ereg("^([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})$", $x_forwardeds[0])) { $x_forwardeds[0] = "none"; }
} else {
if(!ereg("^([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})$", $x_forwardeds[1])) { $x_forwardeds[1] = "none"; }
}
}
if(strpos($nsnst_const['remote_addr'], ', ') AND isset($nsnst_const['remote_addr'])) {
$remote_addrs = explode(', ', $nsnst_const['remote_addr']);
if($remote_addrs[0] != 'unknown' AND $remote_addrs[0] != 'none' AND !empty($remote_addrs[0]) AND !is_reserved($remote_addrs[0])) {
if(!ereg("^([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})$", $remote_addrs[0])) { $remote_addrs[0] = "none"; }
} else {
if(!ereg("^([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})$", $remote_addrs[1])) { $remote_addrs[1] = "none"; }
}
}
if(isset($nsnst_const['client_ip']) && !stristr($nsnst_const['client_ip'], "none") && !stristr($nsnst_const['client_ip'], "unknown") AND !is_reserved($nsnst_const['client_ip'])) {
return $nsnst_const['client_ip'];
} elseif(isset($nsnst_const['forward_ip']) && !stristr($nsnst_const['forward_ip'], "none") && !stristr($nsnst_const['forward_ip'], "unknown") AND !is_reserved($nsnst_const['forward_ip'])) {
return $nsnst_const['forward_ip'];
} elseif(isset($nsnst_const['remote_addr']) && !stristr($nsnst_const['remote_addr'], "none") && !stristr($nsnst_const['remote_addr'], "unknown") AND !is_reserved($nsnst_const['remote_addr'])) {
return $nsnst_const['remote_addr'];
} else {
return "none";
}
}


Should I replace with This one

Code:
function get_ip() {

   global $nsnst_const;
   if($nsnst_const['client_ip'] != 'none' AND !is_reserved($nsnst_const['client_ip'])) {
      $ipaddr = $nsnst_const['client_ip'];
   } else if($nsnst_const['forward_ip'] != 'none' AND !is_reserved($nsnst_const['forward_ip'])) {
      $ipaddr = $nsnst_const['forward_ip'];
   } else if($nsnst_const['remote_addr'] != 'none' AND !is_reserved($nsnst_const['remote_addr'])) {
      $ipaddr = $nsnst_const['remote_addr'];
   } else {
      $ipaddr = 'none';
   }
   return($ipaddr);
}

  if(isset($nsnst_const['client_ip']) && !stristr($nsnst_const['client_ip'], "none") && !stristr($nsnst_const['client_ip'], "unknown") AND !is_reserved($nsnst_const['client_ip'])) {
    return $nsnst_const['client_ip'];
  } elseif(isset($nsnst_const['forward_ip']) && !stristr($nsnst_const['forward_ip'], "none") && !stristr($nsnst_const['forward_ip'], "unknown") AND !is_reserved($nsnst_const['forward_ip'])) {
    return $nsnst_const['forward_ip'];
  } elseif(isset($nsnst_const['remote_addr']) && !stristr($nsnst_const['remote_addr'], "none") && !stristr($nsnst_const['remote_addr'], "unknown") AND !is_reserved($nsnst_const['remote_addr'])) {
    return $nsnst_const['remote_addr'];
  } else {
    return "none";
  }
}


Correct me if something is wrong and please give more details about it. This post is not complete at all and looks like nukesentinel.php does need a little bit attention. Thanks in advance.
 
PHrEEkie
Subject Matter Expert


Joined: Feb 23, 2004
Posts: 358

PostPosted: Wed Dec 08, 2010 6:27 am Reply with quote

Enter the party pooper Wink

Nuke Sentinel in its current form needs nothing. It served its purpose in that form. It needs to be re-written, not hacked.

Sentinel was designed to get us all by while all of the numerous exploits in PHP-Nuke began to get patched many years ago. It really did -actually- save a lot of attacks that would have been successful back then, but today, a huge majority of the attacks it stops would not have done any damage anyways. It mostly stands to stop people from 'banging' on your server, looking for something they won't be getting. It babysits script kiddies.

Seriously, think about it... back in those days, we used to watch Sentinel banning for things we had no idea whether or not Chatserv had patched yet or not. Today, everything's patched. Raven and the team constantly watch sites like Secunia and Waraxe, and if anything new is revealed, it gets patched. Looking at Waraxe's Forums, the PHP-Nuke board is almost DEAD, thanks to Chatserv and the countless others who have religiously patched month after month over the years.

So... yeah. I wouldn't lose too much sleep over this one tiny script. It does what it's supposed to do. There are sooooo many other portions of the base code that are still not optimized very well, and hyper-focusing on Sentinel does nothing to help that problem. Anyways, after reading all of this, I'd like to reiterate my original thought, so it isn't lost...

Sentinel needs to be re-written, not hacked. I'll leave that to the guys who specialize in that area, as there is plenty of work elsewhere that can be done in the meantime. Smile

- Keith

_________________
PHP - Breaking your legacy scripts one build at a time. 
View user's profile Send private message
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Sat Dec 11, 2010 10:02 am Reply with quote

Also note that the replacements suggested here are not equivalent replacements. There were reasons for having an "*" in some places and in others not. Unfortunately, those reasons may now have been lost in the "collective" memories of those here. I know for a fact that on at least one occasion I had brought up a false positive with Bob which resulted in one of those asterisks being removed, but for the life of me I can no longer remember why.

I agree with Raven and Keith. Either NS needs an overall, or the role it plays within RN needs to shift towards only needing to protect against "unknown" add-ons. As was mentioned here already, the core of RN has been shored up and exploits are watched closely and closed up. What NS does is help protect against all the other add-ons people put into RN that are old, not written well, or no longer maintained. Maybe that is the shift that needs to occur here...

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.6.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©