Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ Bug Reports
Author Message
AndyB
Worker
Worker


Joined: Jun 03, 2004
Posts: 231
Location: Torrevieja, Spain

PostPosted: Mon Jun 07, 2004 10:49 am Reply with quote

HitsFan

Chatserv's tweaked/ patched nuke distro 6.9 (from this site?)
Sentinel 1.2
Admin secure
Hack Alert Script
Menalto Gallery v1.4.3-pl1

When I am logged in as admin, and go to highlight a sub album (or photo of a sub album) Sentinel Blocked me... in a big way! (Maybe I should disable the block IP, email and HUUUGE amounts of windows.....

(managed to crash a P4 3.6ghz with half a gig of ram in approx 10 seconds..... mates @ work were impressed Rolling Eyes )

Laughing

Unfortunately, I've needed to disable Sentinel right now until a "fix" is resolved (if anybody gets ideas, btw, there's still some security on the site... Wink )- if anybody can help, please let me know. I can give more details if necessary, and possibly set up an admin account if it helps.... Rolling Eyes
 
View user's profile Send private message
Brujo
Regular
Regular


Joined: Jun 04, 2004
Posts: 84
Location: Germany

PostPosted: Tue Jun 08, 2004 1:53 pm Reply with quote

confirmed, same problem on my site with sentinel 1.2 & menalto Gallery v1.4.3-pl2 if i try to highlight a photo or remake the thumps as admin.

here the email from Sentinel:

Quote:
Reason: Abuse - OTHER
--------------------
Query String: Only registered users can see links on this board! Get registered or login!
Forwarded For: none
Client IP: none
Remote Address: x.x.x.x
Remote Port: 33246
Request Method: GET


Quote:
Query String: Only registered users can see links on this board! Get registered or login!


normaly this function opens a new window but now in this window there is the banned message from Sentinel, but it shows the full path to the sentinel script:

Quote:
Warning: fopen(.htaccess): failed to open stream: Permission denied in /srv/www/htdocs/html/includes/sentinel.php on line 386

Warning: fwrite(): supplied argument is not a valid stream resource in /srv/www/htdocs/html/includes/sentinel.php on line 387

Warning: fclose(): supplied argument is not a valid stream resource in /srv/www/htdocs/html/includes/sentinel.php on line 388

This IP has been blocked from.....
 
View user's profile Send private message
sixonetonoffun
Spouse Contemplates Divorce


Joined: Jan 02, 2003
Posts: 2496

PostPosted: Tue Jun 08, 2004 2:35 pm Reply with quote

There is a work around posted here Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
AndyB
PostPosted: Tue Jun 08, 2004 2:36 pm Reply with quote

looks like you may have an install issue with your version of sentinel- I never get the warning messages....... That said I've got disipal's error messages tweak installed as well, not sure if that would make a difference...

I've set sentinel to just email me at the minute with this one- another user triggered it tonight by adding photo's or similar....

That said, I tried the changes to includes/sentinel.php on this thread:
Only registered users can see links on this board! Get registered or login!

which *looks* like it may have kinda cured the problem, somewhat- I'll keep monitoring the mails, etc. Once I'm happy that gallery install isn't going to casue any problems, I'll up the ante to "block and background"... Mr. Green
 
Brujo
PostPosted: Tue Jun 08, 2004 3:39 pm Reply with quote

@sixonetonoffun
Quote:
There is a work around posted here Only registered users can see links on this board! Get registered or login!

i try´d it and the remake of thumbs works now, but not the highlight function. I still get banned. I used the code from your posting:

Code:
if (eregi("http\:\/\/", $name) OR (eregi("cmd",$querystring) AND !eregi("&cmd",$querystring)) OR eregi("exec",$querystring) AND !eregi("execu",$querystring) OR eregi("concat",$querystring)) { 



Quote:
Query String: Only registered users can see links on this board! Get registered or login!


@andyb
Quote:
looks like you may have an install issue with your version of sentinel- I never get the warning messages.......

you was right, i have setted up sentinel to write down to the .htaccess but i didnt chmoded to 666 it was still 644. after i corrected this the full path is not more shown but still the banned message if i try to highlight a photo, maybe one more mistake of me..
 
sixonetonoffun
PostPosted: Tue Jun 08, 2004 3:42 pm Reply with quote

Is your htaccess chmod 0666 ? That "should" get rid of the failed to open stream issue. Somehow I missed that one when I posted originally.
 
Brujo
PostPosted: Tue Jun 08, 2004 3:52 pm Reply with quote

sixonetonoffun wrote:
Is your htaccess chmod 0666 ? That "should" get rid of the failed to open stream issue. Somehow I missed that one when I posted originally.


yes it is now 666, this was one mistake from me before, now the path to sentinel.php is not more shown, but i still get banned if i try to highlight a photo
 
sixonetonoffun
PostPosted: Tue Jun 08, 2004 4:28 pm Reply with quote

You can try this
Code:


if (eregi("http\:\/\/", $name) OR (eregi("cmd",$querystring) AND !eregi("&cmd",$querystring) AND !eregi("cmd=highlight",$querystring)) OR eregi("exec",$querystring) AND !eregi("execu",$querystring) OR eregi("concat",$querystring)) {


Seems to work ok let us know if you find anymore Gallery issues so they can be addressed in a future release.
 
Brujo
PostPosted: Wed Jun 09, 2004 6:39 am Reply with quote

@sixonetonoffun

yepp this works, thanks a lot for your help
 
AndyB
PostPosted: Sat Jul 10, 2004 3:21 pm Reply with quote

I've tried all the permeatations of the codes listed above;

just upgraded gallery as well to v1.4.3-pl2

If I try to highlight an album, or photo, or do anything a normal user can do, sentinel sends me an email;

In the pop up window, instead of getting a confirmation window or similar, it throws the whole site into the smaller pop up window.....
The Email from Sentinel wrote:
Date & Time: 2004-07-10 16:40:29
Blocked IP: 80.229.144.109
User ID: audioc (2)
Reason: Abuse - OTHER
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Query String: Only registered users can see links on this board! Get registered or login!
Forwarded For: none
Client IP: none
Remote Address: 80.229.144.109



Thanks for any input you can give- I'm gonna be on holiday for the next 2 weeks or so, so I'll look into it when I get back...

So far, in this thread (and some others) I am pelased and appreciative of the work that you guys do; the only problems I really have that I struggle to get my noggin round all appear to relate to Gallery..... Bang Head

If you need a guinea pig to try on a "live" site any future versions of Sentinel, give me a shout via pm or similar......
RavensScripts Wink
We've got a user base of over 2,000, galleries with over 3,000 photos, nearly a dozen moderators and three admins.... Confused
 
sharlein
Member Emeritus


Joined: Nov 19, 2002
Posts: 322
Location: On the Road

PostPosted: Sun Jul 11, 2004 1:30 pm Reply with quote

I am having the same trouble with gallery. Six, you said
Quote:
You can try this
Code:

if (eregi("http\:\/\/", $name) OR (eregi("cmd",$querystring) AND !eregi("&cmd",$querystring) AND !eregi("cmd=highlight",$querystring)) OR eregi("exec",$querystring) AND !eregi("execu",$querystring) OR eregi("concat",$querystring)) {



Seems to work ok let us know if you find anymore Gallery issues so they can be addressed
Where does this code go?

Also, on a side note, I now have 2 deny from sections in myhtacess file. Will that cause any problems? Thanks, Steve

_________________
Give Me Ambiguity Or Give Me Something Else! 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Sun Jul 11, 2004 4:01 pm Reply with quote

Steve,

All of the changes, as in Only registered users can see links on this board! Get registered or login! , are in includes/sentinel.php as that's where the block comes from. Now, for those who are still having problems, make sure that you are only using Senitnel™ as if you are using other blockers they may be interferring with the work-around code.


Last edited by Raven on Sun Jul 11, 2004 5:09 pm; edited 1 time in total 
View user's profile Send private message
sharlein
PostPosted: Sun Jul 11, 2004 5:03 pm Reply with quote

Thank you, Gaylen. That did it.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ Bug Reports

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©