Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other
Author Message
onnig
Hangin' Around


Joined: Jun 15, 2006
Posts: 36

PostPosted: Fri Feb 20, 2009 2:42 am Reply with quote

Ever since I changed the admin file name, also in the config.php, I have not been able to approve articles. Getting:

Forbidden

Referred From : (new admin file)
Your IP : x.x.x.x
The Page Requested: /(new admin file)
Agent : my browser
Redirect Status : 403
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Fri Feb 20, 2009 3:23 am Reply with quote

Change it back - seriously. It does no good anyway. No real security. Symbolism without substance Wink
 
View user's profile Send private message
onnig
PostPosted: Fri Feb 20, 2009 10:09 am Reply with quote

OK, I changed it back but I'm still getting the forbidden error. Earlier I posted that my authors table in my database was removed so I manually added it back in and then created the god account again. Could this have something to do with it?

The forbidden page is the following: /admin.php?op=DisplayStory&qid=38

Either preview or post, same error.
 
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Fri Feb 20, 2009 10:32 am Reply with quote

How was the authors table removed and how did you manually add it back in? Can you carry out other admin functions ... for instance when logged in as your God admin can you go into edit admins and add a new admin? That would tell us whether your authors table is corrupt or not.
 
View user's profile Send private message Visit poster's website
onnig
PostPosted: Fri Feb 20, 2009 10:49 am Reply with quote

I was able to add another admin and it does show my account as the god account. I'm not sure how the table was removed, I believe it was some kind of hack.
 
slackervaara
Worker
Worker


Joined: Aug 26, 2007
Posts: 236

PostPosted: Fri Feb 20, 2009 9:58 pm Reply with quote

You can protect your admin.php via .htaccess, so only your ip-address can access it. It is good if hackers gets the password and username, because they don't have much use of it then.

<Files "admin.php">
Order allow,deny
Allow from xx.xx.xxx.xxx
Allow from xx.xx.xx.
Allow from xx.xx.
</Files>

This also protects all admin.php of your site.
 
View user's profile Send private message
onnig
PostPosted: Wed Feb 25, 2009 11:16 am Reply with quote

My hosting company upgraded php to 4.4.9. They said to add this handler in my htaccess file:

AddHandler php-script .php .php3 .php4 .htm .html .phtml

which I did because I have htm/html files with php lines. Can anyone help?
 
Palbin
Site Admin


Joined: Mar 30, 2006
Posts: 2583
Location: Pittsburgh, Pennsylvania

PostPosted: Wed Feb 25, 2009 11:33 am Reply with quote

onnig wrote:
My hosting company upgraded php to 4.4.9.


Not sure how they can even call that an upgrade.

Sorry I had to. killing me

_________________
"Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." — Brian W. Kernighan. 
View user's profile Send private message
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Wed Feb 25, 2009 6:30 pm Reply with quote

Ok, since you have changed the name of your admin file back to admin.php, the original error message doesn't help much. Please post back the full text of the error message that you are getting now.

I suspect you may be missing some files or other tables. If you were hacked, as you suggest that you might have been, then who knows what could have been compromised.

Also, what CMS are you running and version?

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
onnig
PostPosted: Thu Feb 26, 2009 12:01 am Reply with quote

Here's the entire error:

Forbidden

Referred From : Only registered users can see links on this board! Get registered or login!
Your IP : (my ip)
The Page Requested: /admin.php
Agent : Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.2)
Redirect Status : 403

Current CMS: RavenNuke 022001, Nuke Sentinel 2.6.01
 
montego
PostPosted: Thu Feb 26, 2009 5:58 am Reply with quote

Ok, couple things to try / look into:

1) Does it happen with all other news articles or is there something about this one only?

2) It may be something you have added to your .htaccess file that is doing the redirect?

3) Try it with FireFox too (and without any active plug-ins) just to rule out client-side issues.

4) Make sure all of your files were uploaded using a good FTP client, such as FileZilla (free from sourceforge.net) and if your target server is Linux, upload in binary mode.
 
montego
PostPosted: Thu Feb 26, 2009 6:00 am Reply with quote

Just thought of something else that might be even more possible. When you were going through changing the name of the admin.php file, had you, by chance, made any hard-coded changes to scripts - like with ones that didn't recognize the new name because of poor/old coding - that maybe you need to change back?
 
onnig
PostPosted: Thu Feb 26, 2009 6:34 pm Reply with quote

montego wrote:
Ok, couple things to try / look into:

1) Does it happen with all other news articles or is there something about this one only?

2) It may be something you have added to your .htaccess file that is doing the redirect?

3) Try it with FireFox too (and without any active plug-ins) just to rule out client-side issues.

4) Make sure all of your files were uploaded using a good FTP client, such as FileZilla (free from sourceforge.net) and if your target server is Linux, upload in binary mode.


Your line of questioning actually led me down the right path here. I shortened the article, it wasn't too long I think but then it took, no forbidden error. Is there an area where I can increase the size of articles? Is there a limit somewhere?
 
slackervaara
PostPosted: Thu Feb 26, 2009 9:54 pm Reply with quote

Did you have the word union in the text? This can cause blocking or that you just is throwed back to the index page.
 
Raven
PostPosted: Fri Feb 27, 2009 1:01 am Reply with quote

slackervaara,

Good thought Idea
 
onnig
PostPosted: Fri Feb 27, 2009 2:32 am Reply with quote

slackervaara wrote:
Did you have the word union in the text? This can cause blocking or that you just is throwed back to the index page.


I narrowed it down to this one sentence:

Quote:
This fits into the cultic mold where only a few select can interpret the Word of God or have other documents purported to also come from God.


This is really weird because if I remove the word "from" at the end of the sentence and ad the word "by" then it works just fine.

Can anyone tell me why this is happening?
 
Raven
PostPosted: Fri Feb 27, 2009 4:33 am Reply with quote

Articles can have a max of 65,535 characters unless you are using double byte then it is reduced byi more for every db character. Is it possible your article is that long? But even if it was you shouldn't be getting a 403 error. Can you load the full article into a .txt file and print the url so that I can download it?
 
onnig
PostPosted: Fri Feb 27, 2009 10:10 am Reply with quote

Raven wrote:
Articles can have a max of 65,535 characters unless you are using double byte then it is reduced byi more for every db character. Is it possible your article is that long? But even if it was you shouldn't be getting a 403 error. Can you load the full article into a .txt file and print the url so that I can download it?


No, its not that long. I've posted much longer articles than this one. Here is the link to the txt file:
Only registered users can see links on this board! Get registered or login!

Thanks!
 
Raven
PostPosted: Fri Feb 27, 2009 6:02 pm Reply with quote

Ok, I have it and will see what I can dig up. Btw, that's a most excellent article and a great presentation of the only way to salvation through Jesus Christ Wink. I'll get back to you if/when I find anything.
 
onnig
PostPosted: Fri Feb 27, 2009 7:08 pm Reply with quote

Raven wrote:
Ok, I have it and will see what I can dig up. Btw, that's a most excellent article and a great presentation of the only way to salvation through Jesus Christ Wink. I'll get back to you if/when I find anything.


Thanks Raven!
 
Raven
PostPosted: Sat Feb 28, 2009 2:24 am Reply with quote

I just saw that you are running v2.20.01 which is not current. I just tested the article under the latest version (v2.30.01) and it works as it should. You can verify this by submitting the story at Only registered users can see links on this board! Get registered or login!


Last edited by Raven on Sat Feb 28, 2009 2:44 pm; edited 1 time in total 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Sat Feb 28, 2009 2:28 pm Reply with quote

One too many .coms there Raven Smile

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Raven
PostPosted: Sat Feb 28, 2009 2:45 pm Reply with quote

evaders99, Thanks!
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©