Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
B3rt
New Member
New Member


Joined: Aug 17, 2004
Posts: 7

PostPosted: Tue Aug 17, 2004 12:11 pm Reply with quote

Some users of my website are automaticlly blocked when they try to login.
They do nothing more as normal login.

I receive the foillowing E-mail;
(I masked some details by xxxx for privacy reasons)

Date & Time: 2004-08-17 19:30:30
Blocked IP: 80.126.119.XXX
User ID: XXXXXXXXXX (xxx)
Reason: Abuse-Filter
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Query String: Only registered users can see links on this board! Get registered or login!
Forwarded For: none
Client IP: none
Remote Address: 80.126.119.XXX
Remote Port: 63856
Request Method: GET


I have no idea why this user is blocked, it says: Abuse-Filter
But what does it abuse?
He/she just normally logs in, he visits teh correctway my website and presses login, enter his username and password and clicks OK and the he gets blocked.
I turned of the blocking and just mailing only so he can normally log in.

What is happening here, is it a bug?!??!
 
View user's profile Send private message
sixonetonoffun
Spouse Contemplates Divorce


Joined: Jan 02, 2003
Posts: 2496

PostPosted: Tue Aug 17, 2004 12:37 pm Reply with quote

Can you post the complete query string it could be something in that. cmd exe are examples that would not pass.

_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 
View user's profile Send private message
B3rt
PostPosted: Tue Aug 17, 2004 12:45 pm Reply with quote

That is the complete string

The XXXXX is just the username, nothing more or less and I changed the url
I did not remove anything from thge query itself

But to be sure here it is: ( I changed my url)
Only registered users can see links on this board! Get registered or login!

This is the full query!


Last edited by B3rt on Tue Aug 17, 2004 12:47 pm; edited 1 time in total 
sixonetonoffun
PostPosted: Tue Aug 17, 2004 12:46 pm Reply with quote

The username is what I was questioning.
 
B3rt
PostPosted: Tue Aug 17, 2004 12:48 pm Reply with quote

The full query:
Only registered users can see links on this board! Get registered or login!
 
sixonetonoffun
PostPosted: Tue Aug 17, 2004 1:14 pm Reply with quote

Yep its the username cmd is setting it off You'll have to edit the check for cmd I'll work one out for ya and post it in a bit if no one else has.
 
sixonetonoffun
PostPosted: Tue Aug 17, 2004 2:09 pm Reply with quote

Try this I didn't get a chance to test it but ...
Code:


Find:
// Check for XSS attack
  if (eregi("http\:\/\/", $name) OR (eregi("cmd",$querystring) AND !eregi("&cmd",$querystring)) OR (eregi("exec",$querystring) AND !eregi("execu",$querystring)) OR eregi("concat",$querystring)) {
replace:
// Check for XSS attack
  if (eregi("http\:\/\/", $name) OR (eregi("cmd",$querystring) AND !eregi("&cmd",$querystring) AND !eregi("cmdr",$querystring)) OR (eregi("exec",$querystring) AND !eregi("execu",$querystring)) OR eregi("concat",$querystring)) {


Be sure and test it like I said I didn't get a chance yet.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©