Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) Bug Reports
Author Message
NovemberRain
New Member
New Member



Joined: Jul 12, 2003
Posts: 8
Location: Istanbul

PostPosted: Thu Dec 30, 2004 3:34 am Reply with quote

When i click on a review, there is no content. I removed the senintel lines in mainfile.php and it is ok now.
 
View user's profile Send private message ICQ Number
raul2010
New Member
New Member



Joined: Aug 06, 2004
Posts: 5

PostPosted: Thu Dec 30, 2004 3:39 am Reply with quote

the same here Sad
 
View user's profile Send private message
skeen
Hangin' Around



Joined: Jul 17, 2003
Posts: 29

PostPosted: Thu Dec 30, 2004 4:07 am Reply with quote

My Profiles module only half works after uprgade to 2.1.3
Any help would be appreciated as it is a main part of my site.
 
View user's profile Send private message
manunkind
Client



Joined: Apr 26, 2004
Posts: 368
Location: Albuquerque, NM

PostPosted: Thu Dec 30, 2004 7:27 am Reply with quote

Same here.
 
View user's profile Send private message Visit poster's website
skeen







PostPosted: Thu Dec 30, 2004 7:32 am Reply with quote

it is probaly the same thing as why the forums didnt work properly, something to do with the santy worm fixes, but i sure would like a fix for it, pleaseeee
 
BobMarion
Former Admin in Good Standing



Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)

PostPosted: Thu Dec 30, 2004 3:10 pm Reply with quote

Open includes/sentinel.php and find:
Code:
// Stop Santy Worm

$bad_uri_content="rush,highlight,perl,chr(,pillar,visualcoder,sess_";
global $REQUEST_URI;
$tmp=explode(",",$bad_uri_content);
while(list($id,$uri_content)=each($tmp)) {
   if (strpos($REQUEST_URI,$uri_content)) {
      die("Illegal Content");
   }
}


This is the Santy Worm protection. There are two things in it that would most likely interfer with the Forums/Private Message. highlight and sess_. Remove one then the other and let me know which one solves it or if neither helped.

_________________
Bob Marion
Codito Ergo Sum
http://www.nukescripts.net 
View user's profile Send private message Send e-mail Visit poster's website
skeen







PostPosted: Thu Dec 30, 2004 4:07 pm Reply with quote

Hi Bob,
I have already removed highlight to get my forums working so I tried sess_ and that didnt work either. So I commented out the whole block of code and now it comes back with illegal content ?? (whoops missed a line doh)
Ok with the whole block commented out the profiles work fine again so somethin in there is causing me grief.
 
sixonetonoffun
Spouse Contemplates Divorce



Joined: Jan 02, 2003
Posts: 2496

PostPosted: Thu Dec 30, 2004 4:44 pm Reply with quote

PHP 4.3.10 ? Check your error logs and see if there is an error being thrown by includes/sentinel.php
Bad arguement for $id in function each() or something like that.

Just a thought I had trouble with a simular bit of code I use and had to change it to get rid of the error. The code worked but kept throwing out that error. The issue only happens with php 4.3.10 as far as I know.

_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8

Last edited by sixonetonoffun on Fri Dec 31, 2004 10:29 am; edited 1 time in total 
View user's profile Send private message
skeen







PostPosted: Thu Dec 30, 2004 4:49 pm Reply with quote

it has been working fine with 2.1.2 and below, it is just the Santy stuff that is the problem
 
skeen







PostPosted: Thu Dec 30, 2004 4:55 pm Reply with quote

Found the sucker that is causing my problems....

while(list($id,$uri_content)=each($tmp)) {

The $id is the culprit, how important is it to the Santy protection ?
 
skeen







PostPosted: Thu Dec 30, 2004 5:27 pm Reply with quote

I know of a lot of people running this mod and I guess we would all like to get a fix for it. Anyone have an answer ??

The rest of the mod seems to be working fine it is just one file that has the conflict in it and that is the one that actually displays the profile info.


Last edited by skeen on Thu Dec 30, 2004 5:30 pm; edited 1 time in total 
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088

PostPosted: Thu Dec 30, 2004 5:29 pm Reply with quote

If you have protection via .htaccess then you don't need that.
 
View user's profile Send private message
skeen







PostPosted: Thu Dec 30, 2004 5:36 pm Reply with quote

excuse my ignorance but what would that code be for the .htaccess file Raven ?
 
skeen







PostPosted: Thu Dec 30, 2004 5:40 pm Reply with quote

currently I have this to combat the Santy worm is it sufficient ?

#Place these directives at the TOP of your .htaccess file!
#Check for Santy Worms and redirect them to a PHANTOM site.
#Variant-1 May cause problems with CRON jobs set from cPanel.
RewriteCond %{HTTP_USER_AGENT} ^LWP [NC,OR]
#Variant-2 No reported problems.
RewriteCond %{REQUEST_URI} ^visualcoders [NC,OR]
#Variant-3 No reported problems.
RewriteCond %{QUERY_STRING} rush=([^&]+) [NC,OR]
#Variant-4 May cause problems with cPanel updates, et cetera.
RewriteCond %{QUERY_STRING} ^(.*)wget(.*) [NC]
#Redirect - Send worms packing, but NOT to a real web site!
RewriteRule ^.*$ [ Only registered users can see links on this board! Get registered or login! ] [L]
 
Raven







PostPosted: Thu Dec 30, 2004 5:42 pm Reply with quote

Code:
#Check for Santy Worms and redirect them to a fake page

RewriteCond %{HTTP_USER_AGENT} ^LWP                   [NC,OR]
RewriteCond %{REQUEST_URI} ^visualcoders              [NC,OR]
RewriteCond %{QUERY_STRING} rush=([^&]+)              [NC,OR]
RewriteCond %{REQUEST_URI} ^envidiosos                [NC,OR]
RewriteCond %{REQUEST_URI} ^civa                      [NC,OR]
#variant-6 redirect all inner http:// request
RewriteCond %{QUERY_STRING} ^(.*)http://(.*)            [NC,OR]
#variant-7 redirect all inner http request regardless if encoded
RewriteCond %{QUERY_STRING} ^(.*)http%3A%2F%2F(.*)      [NC]
RewriteRule ^.*$ http://WHERE_EVER.com [R,L]


The where_ever can be a preformatted page or fake.


Last edited by Raven on Fri Dec 31, 2004 8:27 pm; edited 1 time in total 
skeen







PostPosted: Thu Dec 30, 2004 5:51 pm Reply with quote

Hehehe if is not one thing it is another, profiles are working fine now my site messenger has died. Image
 
skeen







PostPosted: Thu Dec 30, 2004 6:20 pm Reply with quote

dont know what the prob was but it fixed itself.

Hey thanks for your help Raven, and I wish you a great New Year, celebrate it well my friend and enjoy.
 
Raven







PostPosted: Thu Dec 30, 2004 6:28 pm Reply with quote

Cheers
 
skeen







PostPosted: Thu Dec 30, 2004 6:42 pm Reply with quote

I will have a cupla cold Aussie Brews for Ya as well Image
 
manunkind







PostPosted: Thu Dec 30, 2004 10:37 pm Reply with quote

Does this fix the Reviews?
 
manunkind







PostPosted: Fri Dec 31, 2004 7:57 pm Reply with quote

Raven wrote:
Code:
#Check for Santy Worms and redirect them to a fake page

RewriteCond %{HTTP_USER_AGENT} ^LWP                   [NC,OR]
RewriteCond %{REQUEST_URI} ^visualcoders              [NC,OR]
RewriteCond %{QUERY_STRING} rush=([^&]+)              [NC,OR]
RewriteCond %{REQUEST_URI} ^envidiosos                [NC,OR]
RewriteCond %{REQUEST_URI} ^civa                      [NC,OR]
#variant-6 redirect all inner http:// request
RewriteCond %{QUERY_STRING} ^(.*)http://(.*)            [NC,OR]
#variant-7 redirect all inner http request regardless if encoded
RewriteCond %{QUERY_STRING} ^(.*)http%3A%2F%2F(.*)      [NC]
RewriteRule ^.*$ http://WHERE_EVER.com [R,L]


The where_ever can be a preformatted page or fake.


I just put this code in my .htaccess and it redirected me when I clicked on a link. What did I do wrong?
 
Raven







PostPosted: Fri Dec 31, 2004 8:00 pm Reply with quote

Redirected you where? That's the exact code that I'm running.
 
manunkind







PostPosted: Fri Dec 31, 2004 8:03 pm Reply with quote

It redirected me to the URL on the last line. Not sure what I did wrong. I copied and pasted it right into my file and then just changed the URL on the last line. I went to refresh my page by clicking on a link, and boom....I was redirected.
 
manunkind







PostPosted: Fri Dec 31, 2004 8:08 pm Reply with quote

I can email you my edited .htaccess file if you want to take a look, Raven. Maybe I have something else in there conflicting with it?
 
Raven







PostPosted: Fri Dec 31, 2004 8:26 pm Reply with quote

Try taking the last OR out. It should be [NC]
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) Bug Reports

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©