Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
Andrzej
Hangin' Around


Joined: Jan 22, 2004
Posts: 31

PostPosted: Thu Aug 05, 2004 11:21 pm Reply with quote

Hello,

using your wonderfull Sentinel, I get almost every day a mail, that hackers couldn't get , what they want. So thanks for o graet security tool.

Last day one user get a problem of bannig after sending a story to a friend (not with the first send, but with fiffth or sth)

He was banned, but after some ours - he was able to see the page.

The link sent to me was
Code:


Query String: prawica.net/modules.php?name=News&file=friend&op=StorySent&title=Fa%B3szerstwo+koronnego+
dowodu+%28V%29&fname=Gazeta+Wyborcza
Forwarded For: none


I couldn't find sth like that through searching the Forums. Did you know this problem?
Is it fixed v. 2.0 (I want to upgrade)

Thank for ypur work - GRAET!!!

Andrzej
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Thu Aug 05, 2004 11:56 pm Reply with quote

Don't know if we fixed it cause I don't see the problem, but you need to upgrade regardless Wink
 
View user's profile Send private message
Andrzej
PostPosted: Sun Aug 08, 2004 11:15 am Reply with quote

I upgraded - VEEEERY nice progress. Smile

But my problem remains Confused It doesn't occur, when I sent a friend, but when sb uses a "strange" (%22) character

I receive such an email:

Code:
Reason: Abuse-Script

--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Query String: Only registered users can see links on this board! Get registered or login!
StorySent&fname=%22Midrasz%22
Forwarded For: none
Client IP: none
Remote Address: 62.87.189.132
Remote Port: 3325
Request Method: GET


What to do?

Andrzej
 
Raven
PostPosted: Sun Aug 08, 2004 12:58 pm Reply with quote

%22, I believe, is a " mark. Neither nuke nor Sentinel allow " marke is query strings. That's how scripting attacks occur.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©