Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
thebishop
Worker
Worker


Joined: Aug 30, 2005
Posts: 243
Location: Flying to close to the sun

PostPosted: Thu Oct 26, 2006 4:39 pm Reply with quote

I have never allowed anonymous posting on my site and i also have the approve membership module installed.

I spoke with chatserv about this and he said someone has found out my site is not using a default Your Account module and is exploting it.

When i try the following, It just gives me a page cannot be found error. Only registered users can see links on this board! Get registered or login!"

I'm going to check the Ulsoft site to see if Arnold knows anything about this and i'll post back. In the mean time, if you know how i would go about fixing this, that would be great. Thanks.


Last edited by thebishop on Thu Oct 26, 2006 10:51 pm; edited 1 time in total 
View user's profile Send private message
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Thu Oct 26, 2006 9:23 pm Reply with quote

Sorry about that, I meant

modules.php ? name=Reviews&rop=savecomment&xanonpost=1&uname=test&id=1&score=1&comments=blah

(without the space ... it was added to bypass the GoogleTap rules on this site)

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
thebishop
PostPosted: Thu Oct 26, 2006 10:59 pm Reply with quote

thanks for the quick reply. this is very strange, that gives me a version of my site but with no CSS and everything looks way different.
maybe im not typing that in right. I'm so noob still.

if you have a free moment, could you go to my site real quick and see what that gives you. this is what i tried to access.
Only registered users can see links on this board! Get registered or login!
modules.php/name=Reviews&rop=savecomment&xanonpost=1&uname=test&id=1&score=1&comments=blah


Last edited by thebishop on Fri Oct 27, 2006 12:32 am; edited 1 time in total 
evaders99
PostPosted: Thu Oct 26, 2006 11:19 pm Reply with quote

Seems to block it for me Only registered users can see links on this board! Get registered or login!
 
thebishop
PostPosted: Thu Oct 26, 2006 11:29 pm Reply with quote

evaders99 wrote:
Seems to block it for me Only registered users can see links on this board! Get registered or login!




Ok i think thats because i had it blocked to unregistered users (sorry).
ill unblock it right now.

OMG Shocked, when i go to that link, there is hundreds of spam comments from penis enlarment to drugs and porno. and the strange thing is, my site doesn't show me as being an admin. it shows that im logged into my site account , but not my god account. this is starting to worry me.
no wonder i have been getting the (max_questions) error so much.
this lame spammer is creating that problem with all of these links.

i dont understand how someone can post comments to reviews that dont exist.

ok well im not going to have this module activated so people with see all of this spam, so ill activate it again, when some one can take a look at it.
thanks
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Fri Oct 27, 2006 1:01 am Reply with quote

thebishop - do you have a control panel with your hosting account?
If you have, would you allow me access so I can go through the server log to see how they are doing this?
If you can allow me access, please PM me the details and I'l take a look as son as I can.
 
View user's profile Send private message Send e-mail
thebishop
PostPosted: Fri Oct 27, 2006 1:07 am Reply with quote

will pm you details ASAP. and TYVM.
 
thebishop
PostPosted: Fri Oct 27, 2006 1:29 am Reply with quote

Done Wink
 
thebishop
PostPosted: Fri Oct 27, 2006 7:27 pm Reply with quote

I'm sure this is an exploit in the Your Account module, probably due to using the non default YA module that comes with the approve membership module. So i have used phpMyadmin to delete the 656 URL comments that the spammer was able to post in the reviews module. ( I just emptied the table).

my question is, if i add the following code to the modules/Reviews/index.php, to stop unregistered users from being able to submit reviews, will that also stop them from being able to spam the reviews comments or will this person still be able to use the YA module exploit to spam more comments. I do not want to stop using the approve membership module because i have to have the abilitie to approve new members. or would it be better to just install the default Your Account module from chatservs latest patch and then install NSN_Your_Account_760_330. thanks for any replies.

Quote:
if (!is_user($user)) {
echo "You need to be
<a href=\"account.html\">logged in</a> or
<a href=\"account-new_user.html\">become a member</a>
to submit reviews.";
} else {


As an after thought, is there anyway that the next version of RavenNuke could include an approve membership module that would not be exploitable through the YA module.
 
evaders99
PostPosted: Sat Oct 28, 2006 11:45 pm Reply with quote

It looks like it should work.
 
thebishop
PostPosted: Sun Oct 29, 2006 3:49 am Reply with quote

Thanks evaders99, i added that code to the reviews/index.php so we will see if that stops this spammer. I also installed the NSN_Your_Account_760_330 module to see if it was more functional.

So far i have only one problem with the NSN YA module, the only links that work in the Your Account area are, "logout exit" and "messages", if i click on any of the other links, the page just refreshes. no one can do any of the following
Change Info, Change Home , Comments Setup , Select Theme.
hehe any help appreciated.

[EDIT]
well i tried the CNB_Your_Account_750_441 for my installation of nuke 7.6-3.3 and it works flawlessly, so far.


RavensScripts
 
Guardian2003
PostPosted: Sun Nov 12, 2006 3:44 pm Reply with quote

Just to update this thread, I'm throwing a 'Comments' module together so that admins can view the last xx number of comments from News and Reviews.
I'll also throw in some admin delete function to make it easier to remove unwanted comments.

Evaders99 fix works fine but I'm guessing a comment module might also be handy in case you have registered users posting comment spam too.
 
thebishop
PostPosted: Sun Nov 12, 2006 4:02 pm Reply with quote

most excellent Guardian. you da man.
let me know were i can get it when it's ready. Wink
 
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Sun Nov 12, 2006 4:09 pm Reply with quote

Some other options include moderating comments, stripping out HTML from comments, or adding NOFOLLOW tags to all links in comments (this stops search engines from giving credit to the linked site, wasting the time of comment spammer).

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
Guardian2003
PostPosted: Sun Nov 12, 2006 4:37 pm Reply with quote

thebishop - ran out of time to finish what I wanted to do but I have completed for News comments and Reviews comments including the deleting function.
I wanted to include Poll comments but I guess it could wait till I have more time.

If I don't get it packaged up tonight it will be in the morning.

kguske - excellent idea's!!
Although I would like to think the html stripping *should* be a part of the core nuke, I do not see any reason why I couldn't (when I get the time) get my module to iterate through the comments fields and do the stripping.
Hmm, certainly worth considering, thanks!!
 
kguske
PostPosted: Sun Nov 12, 2006 5:27 pm Reply with quote

Those should be added to any module that allows comments - as well as email notification (configurable, of course).
 
Guardian2003
PostPosted: Sun Nov 12, 2006 5:35 pm Reply with quote

Agree - all my module does is list all the comments posted (already in the DB) so the admins have an at-a-glance view to spot any comment spam (order by date DESC) instead of having to click all the comment links in News atc.
 
kguske
PostPosted: Sun Nov 12, 2006 5:44 pm Reply with quote

Nice - that will definitely be helpful in cleaning up spam comments in News and Reviews (the primary targets, it seems).
 
Guardian2003
PostPosted: Sun Nov 12, 2006 6:01 pm Reply with quote

I hope so. I just had an hour or so spare today so thought I would get a grip on it as it's been on my 'to do' list for so long.
 
thebishop
PostPosted: Mon Nov 13, 2006 4:44 am Reply with quote

hmm check this out and let me know what you think guardian.
it looks like it may do some good. Only registered users can see links on this board! Get registered or login!
 
Guardian2003
PostPosted: Mon Nov 13, 2006 6:50 am Reply with quote

I have released the 'Comment' module and it's available from my site.

Our Spam Stopper module uses some code from Bad Behaviour and employs other checks against the refering url.
I have not had time to implement it fully within the forums in terms of posting,replying etc but the methodology it uses it pretty good.

Basically, Spam Blocker looks at the incoming referer and tries to validate the link they followed from an external site to your, it also checks to see if the incoming IP when converted to a hostname matches the incoming data (in other words, that they cross reference each other and produce a match) then as a final check, it looks up the incoming IP or domain to see if it is already listed within three seperate external blacklists like Spamhaus.
 
evaders99
PostPosted: Mon Nov 13, 2006 10:00 am Reply with quote

Bad Behavior has done great on my site. I'll try out 2.0.7 and see how it goes
 
Guardian2003
PostPosted: Mon Nov 13, 2006 12:49 pm Reply with quote

I have just completed getting it working within the Forums environment, I'll keep you posted on how it does.
 
thebishop
PostPosted: Mon Nov 13, 2006 4:28 pm Reply with quote

Guardian2003: I'll stop by your site and pick up the comment module.
I'm also going to install bad behavior later tonight.
for now im going to sleep, i been up all night messing with my new site. LOL.
 
thebishop
PostPosted: Wed Nov 15, 2006 12:13 pm Reply with quote

evaders99 do you have a ported copy of bad behavior for phpNuke because i cannot find it anywere.


Guardian2003 i had to catch up on some much needed sleep over the last 24 hours but i will DL the comment module and test it out.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©