Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Sara
New Member
New Member


Joined: Jan 14, 2005
Posts: 6

PostPosted: Fri Jan 14, 2005 1:19 pm Reply with quote

I have some jerk posting links into the comments field of the reviews section of one of my sites. He's using a script of some sort.

As I don't use the comments, I'm trying to de-activate them. Can anyone help?

1) My first thought is to use .htaccess. I am trying to prevent access to the first part of the string:
"modules.php... reviews.... =postcomment"(this isn't coming out right in the message)
but can't work out the comand to do it correctly (nothing seems to work).

Can anyone advise?

2) I've looked at the code in nuke, but can't work it out (I'm no programmer). Anyone know of a quick and eay block on this function?

3) Any other ideas?


I'm totally stuck now... so any help is valued.

Thanks.
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Fri Jan 14, 2005 3:36 pm Reply with quote

Try the STRING blocker in NukeSentinel.
 
View user's profile Send private message
Sara
PostPosted: Fri Jan 14, 2005 5:10 pm Reply with quote

I haven't got NukeSentinel on this particular site. I'm just looking for a quickie: preferably with htaccess, but if not with a one line code change?

Is there a way?
 
Raven
PostPosted: Fri Jan 14, 2005 5:22 pm Reply with quote

Code:
RewriteCond %{QUERY_STRING} ^(.*)=postcomment(.*)      [NC]

RewriteRule ^.*$ http://127.0.0.1 [R,L]

That should direct it right back to his local machine.
 
Sara
PostPosted: Fri Jan 14, 2005 5:47 pm Reply with quote

Thank you so much. That's just what I needed.

The site is very static but has lots of info. This guy has been wrecking it for me by sticking dozens of links in every night. The only way I could stop him was to deactivate Reviews, which lost a lot of the good content.

Now I can re-activate again and have the site back up to full strength. No-one ever posts comments anyway.
 
Raven
PostPosted: Fri Jan 14, 2005 5:48 pm Reply with quote

Make sure you test it Smile
 
Sara
PostPosted: Fri Jan 14, 2005 5:57 pm Reply with quote

Good thinking. I just tried it and it didn't make any difference. I could still post by running the above URL string.

I stuck it in the main .htaccess in the root, exactly as above. Is that the right place, or is it intended for the \Reviews sub-directory? I always thought the main root htaccess would percolate down through all the sub-directories.


Last edited by Sara on Fri Jan 14, 2005 6:20 pm; edited 1 time in total 
Raven
PostPosted: Fri Jan 14, 2005 6:19 pm Reply with quote

Put it in reviews. I'll test it too.
 
Sara
PostPosted: Fri Jan 14, 2005 6:23 pm Reply with quote

I just got it! Stupid me!

I didn't have: RewriteEngine on in the .htaccess at all.

Now, the question is, do I need anything like a RewriteEngine off to clean up? Or is it fine without?
 
Sara
PostPosted: Fri Jan 14, 2005 6:33 pm Reply with quote

I'm guessing there isn't actually a RewriteEngine off command. In which case I am a happy bunny. I've got my reviews back, and learned how to use this rewrite stuff a bit.

I'm very grateful. You are a gent. Thank you.
 
Raven
PostPosted: Fri Jan 14, 2005 6:34 pm Reply with quote

There is a rewriteEngine off, but it's not necessary here.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©