Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x
Author Message
manunkind
Client


Joined: Apr 26, 2004
Posts: 368
Location: Albuquerque, NM

PostPosted: Thu Jun 29, 2006 7:10 pm Reply with quote

Hello everybody,

I just wanted to report that NukeSentinel is banning legitimate Admin functions. For example, today somebody submitted a download and I went to visit the homepage and got banned. The Nuke Administration Panel sends you to a URL like this:

Code:
http://www.domain.com/index.html?url=http://www.domain.com/


NukeSentinel is great and I wouldn't run without it, but can we lighten it up a bit for legitimate Admin functions?

_________________
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Thu Jun 29, 2006 9:08 pm Reply with quote

Which download module are you using?

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
manunkind
PostPosted: Thu Jun 29, 2006 9:14 pm Reply with quote

Just the basic 7.6 Nuke module for now. This is in the Admin area though.

When somebody submits a Download, nuke gives you a link to download the file yourself and visit the homepage. These links are in the above format and NukeSentinel bans you for it.
 
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Thu Jun 29, 2006 9:21 pm Reply with quote

sounds like u have gt installed but not properly functioning with the downloads module.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
manunkind
PostPosted: Thu Jun 29, 2006 9:25 pm Reply with quote

I run Googlifier, but nothing in the Admin area is "Rewrote". This is standard Nuke code.
 
gregexp
PostPosted: Thu Jun 29, 2006 9:30 pm Reply with quote

Then thats the issue I think, same thing as getting rid of the sid in forums, but others have far more expertise then I as I have never delt with gt or anything like it.
 
manunkind
PostPosted: Fri Jun 30, 2006 5:37 am Reply with quote

I don't think this has anything to do with mod_rewrite. Here is the Nuke code from the admin file in the Downloads module:

File Check:
Code:
."" . _FILEURL . ": <input type=\"text\" name=\"url\" value=\"$url\" size=\"50\" maxlength=\"100\">&nbsp;[ <a href=\"index.php?url=$url\" target=\"_blank\">" . _CHECK . "</a> ]<br>"


Visit link:
Code:
."" . _HOMEPAGE . ": <input type=\"text\" name=\"homepage\" size=\"30\" maxlength=\"200\" value=\"http://$homepage\"> [ <a href=\"index.php?url=http://$homepage\">" . _VISIT . "</a> ]<br>";


Nuke writes these links in the above format and NukeSentinel will ban you for it.
 
gregexp
PostPosted: Fri Jun 30, 2006 3:17 pm Reply with quote

hmm, I'm gonna need to test my 7.6 on my test site and see what I come up with.

I'm curious if this hasent been updated with the latest patch.
 
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Fri Jun 30, 2006 7:20 pm Reply with quote

does it change anything if you give the _VISIT a target like _CHECK ?
 
View user's profile Send private message
manunkind
PostPosted: Sat Jul 01, 2006 6:25 am Reply with quote

No, both links ban me.
 
jaded
Theme Guru


Joined: Nov 01, 2003
Posts: 1006

PostPosted: Sat Jul 01, 2006 6:53 am Reply with quote

the same thing happens on sites that use nukewrap. I have had to disable the filter on those sites because of the constant ban of admins and regular users.

_________________
Themes BB Skins Only registered users can see links on this board! Get registered or login!
Graphic Tees Only registered users can see links on this board! Get registered or login!
Paranormal Tees Only registered users can see links on this board! Get registered or login!
Ghost Stories & More Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
hitwalker
PostPosted: Sat Jul 01, 2006 7:22 am Reply with quote

so it looks like sentinel thinks the visited website address is hitting the admin area.
if im explaining it correctly...
 
jaded
PostPosted: Sat Jul 01, 2006 7:30 am Reply with quote

it seems to have an issue with http being in the strings.
Only registered users can see links on this board! Get registered or login!

nuke wrap does the same kind of thing and it blocks you right away. It is the http after the url= that is the issue. There is no way around it if you use nukewrap or some other functions like mentioned in this post. I hope that a solution is found as I am sure disabing filter cannot be the best choice lmao.
 
gregexp
PostPosted: Sat Jul 01, 2006 10:41 am Reply with quote

thats right, the http in the string will trigger sentinel, I'd recomend that you change to nsn downloads which wont put an http in your string. From my understanding, some possible hacks use an outside resource to difne things like modules.php?name=http

I'm positive they have implimented this to stop this form of attack and therefore I wouldnt recomend disabling it. NSN downloads has not triggered sentinel on my site at all and I think this would help you.
 
hitwalker
PostPosted: Sat Jul 01, 2006 3:10 pm Reply with quote

situations could easely vary for others.
this never happend to me,not with the downloads module.
i do use a different one but before that it never happend nor on the sites i maintain,as far as i know of anyway..
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9456
Location: Arizona

PostPosted: Wed Jul 05, 2006 8:56 pm Reply with quote

Yes, it is definitely the "http" in the query string. I am not certain if NSN Downloads uses this in validation of external links. None of the download modules have an issue with links that are internal to the nuke site that I am aware of.

BTW, this additional security was placed into NS2.4.2pl9 to help stop the various phpBB exploits giong around.

It should probably be "loosened up a bit" for the admins at least.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Wed Jul 05, 2006 11:30 pm Reply with quote

It was there before pl9. We started blocking http quite a while ago, if I remember correctly. It may have been lifted at some point and then put back in, but this is just one of the cases where NukeSentinel(tm) is overly cautious. In cases like these it is virtually impossible to work around it. It's an all or nothing situation. However, if you're a protected admin, you shouldn't be having the problem. Protected admins should never be banned nor caught in the blocker sections.
 
View user's profile Send private message
manunkind
PostPosted: Thu Jul 06, 2006 7:02 am Reply with quote

I am a protected Admin and I get (sort of) banned. In other words I get the banned page just like anybody would but it doesn't store my ip in the database of blocked ips and it doesn't write to the .htaccess. But I do get the banned page.

If it truely worked like Raven's last sentence above, it would work perfectly the way it should. But as of right now, Admins can still trigger it and get the banned page.
 
Raven
PostPosted: Thu Jul 06, 2006 8:39 am Reply with quote

manunkind wrote:
I am a protected Admin and I get (sort of) banned. In other words I get the banned page just like anybody would but it doesn't store my ip in the database of blocked ips and it doesn't write to the .htaccess. But I do get the banned page.

If it truely worked like Raven's last sentence above, it would work perfectly the way it should. But as of right now, Admins can still trigger it and get the banned page.

We purposely did it that way to be sure the ban was working while at the same time protecting the admin. Otherwise you have no [easy] way of "testing".
 
manunkind
PostPosted: Thu Jul 06, 2006 6:32 pm Reply with quote

Ahh ok. I see the logic in that.
 
montego
PostPosted: Thu Jul 06, 2006 10:49 pm Reply with quote

Ah, me too... now... Wink
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©