Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
VinDSL
Life Cycles Becoming CPU Cycles


Joined: Jul 11, 2004
Posts: 614
Location: Arizona (USA) Admin: NukeCops.com Admin: Disipal Designs Admin: Lenon.com

PostPosted: Mon Jul 24, 2006 4:43 am Reply with quote

I discovered I had 3900+ of them in my download comments today... Shocked

Here's a cute little fix! Testing it as we 'speak'... Anyone interested?

Image

_________________
.:: "The further in you go, the bigger it gets!" ::.
.:: Only registered users can see links on this board! Get registered or login! | Only registered users can see links on this board! Get registered or login! ::. 
View user's profile Send private message Visit poster's website ICQ Number
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Mon Jul 24, 2006 4:58 am Reply with quote

i dont have that problem... killing me
 
View user's profile Send private message
VinDSL
PostPosted: Mon Jul 24, 2006 7:44 am Reply with quote

Man, I guess they think I do...

If you pardon the pun, here's my Only registered users can see links on this board! Get registered or login!. Smile

I just cleared the (ahem) dead wood a couple of hours ago!
 
hitwalker
PostPosted: Mon Jul 24, 2006 7:47 am Reply with quote

a few owned by....... ?
 
VinDSL
PostPosted: Mon Jul 24, 2006 7:53 am Reply with quote

Heh! Maybe I should change that wording!

Sounds like my site was hacked (by myself)... Wink
 
hitwalker
PostPosted: Mon Jul 24, 2006 7:59 am Reply with quote

mmm, have a coffee vin.. killing me
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Mon Jul 24, 2006 8:59 am Reply with quote

Quote:
Anyone interested?

Your kidding right? Give me, give me.......
Nice to see you about mate, thought you were bedridden (pun intended).
 
View user's profile Send private message Send e-mail
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Mon Jul 24, 2006 10:57 am Reply with quote

What was the name of the last Lord of the Rings movie? Very Happy

I would LOVE to use that, VinDSL, even for registered users!

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Mon Jul 24, 2006 8:33 pm Reply with quote

Sign me up! Did I actually say "up"?????

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
sledster
New Member
New Member


Joined: Jul 24, 2006
Posts: 5
Location: Fairbanks, Alaska

PostPosted: Mon Jul 24, 2006 10:52 pm Reply with quote

heya Vin, I have been waiting for you to give me access to your site as a member. I wanted to check out more of your great work you have done with Blocks and Mods
Anyways, still waiting on if I can be a member...


Thanks Sledster
 
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger ICQ Number
VinDSL
PostPosted: Tue Jul 25, 2006 1:50 am Reply with quote

Heh! It would appear the game is afoot, my friends! Smile


Image
 
kguske
PostPosted: Tue Jul 25, 2006 1:58 pm Reply with quote

Sad...such a waste of valuable brain tissue...

Keep up the good work, VinDSL!
 
VinDSL
PostPosted: Tue Jul 25, 2006 3:25 pm Reply with quote

Okay, this is all preliminary, but it's working pretty good...

The hack is in the 'viewdownloadcomments function' in 'modules/Downloads/index.php'
Only registered users can see links on this board! Get registered or login!

I've been leaving the sql db alone -- just modifying the display!

It's a LOT easier to find & delete these evil entries, in the db, by doing a search query for 'http' in the 'ratingcomments' field, in the 'downloads_votedata' table... and a LOT easier to debug modifications to the code, e.g the hack!

Later on, I'll probably add a button to the download admin panel, for a one-click solution, but this will do for now. I like using phpMyAdmin anyway! Smile
 
kguske
PostPosted: Tue Jul 25, 2006 3:34 pm Reply with quote

Nice! Thanks!
 
VinDSL
PostPosted: Tue Jul 25, 2006 3:50 pm Reply with quote

Use with a 'grain of salt'... It's NOT a drop-in!

I started making a custom download module (interface) about 3 years ago, and never got back to it, so the code is a mess, but I commented the pertinent stuff... Wink
 
kguske
PostPosted: Tue Jul 25, 2006 3:56 pm Reply with quote

Didn't you also create an enhanced feedback module with lots of additional checks, etc.? I see the flash feedback module on your site, but that doesn't seem to be the one I am thinking of...
 
VinDSL
PostPosted: Fri Jul 28, 2006 2:35 am Reply with quote

Update:

Only registered users can see links on this board! Get registered or login!

Continuing... Wink
 
Guardian2003
PostPosted: Fri Jul 28, 2006 12:05 pm Reply with quote

Looking good!
 
VinDSL
PostPosted: Sat Aug 05, 2006 3:57 pm Reply with quote

Okay, I'm happy with the first part (the display function). See the link above. It's been catching everything for the last week.

Now for the second part -- killing this stuff before it makes it into the sql db... Wink

I horsed around with the code, last night, and ended up killing 100% (so far) of the spam tring to get into the rating comments. This is what I did...

Hacking the same file, '/modules/Downloads/index.php'

Near the top, I added:

Code:
<snip>


require_once("modules/$module_name/d_config.php");
$index = 1;

// VinDSL - EvilTagR DSL definition
define("_COMPLETEVOTE7","Links Detected by EvilTagR DSL - Comments not saved.");

<snip>


Then, in the 'addrating function' I added:

Code:
<snip>


    /* Make sure only 1 anonymous from an IP in a single day. */
    $ip = $_SERVER["REMOTE_HOST"];
    if (empty($ip)) {
       $ip = $_SERVER["REMOTE_ADDR"];
    }


    /* VinDSL - Check rating comments for evil links. */
    if (preg_match("/(http|https|ftp)|(([0-2]*[0-9]+[0-9]+)\.([0-2]*[0-9]+[0-9]+)\.([0-2]*[0-9]+[0-9]+)\.([0-2]*[0-9]+[0-9]+))/i", $ratingcomments)) {
        $error = "evillink";
        completevote($error);
        $passtest = "no";
    }


    /* Check if Rating is Null */
    if ($rating=="--") {
        $error = "nullerror";
        completevote($error);
        $passtest = "no";
    }

<snip>


A little further down, I changed:

Code:
<snip>


    /* Passed Tests */
    if ($passtest == "yes") {

        // VinDSL -  Part of EvilTagR DSL Hack
        $comment = stripslashes(FixQuotes(check_html(removecrlf($comment))));

        /*$comment = stripslashes(FixQuotes($comment)); */

<snip>


Then, finally, I added:

Code:
<snip>


function completevote($error) {
    global $module_name;
    include("modules/$module_name/d_config.php");
    if ($error == "none") echo "<center><font class=\"content\"><b>"._COMPLETEVOTE1."</b></font></center>";
    if ($error == "anonflood") echo "<center><font class=\"option\"><b>"._COMPLETEVOTE2."</b></font></center><br>";
    if ($error == "regflood") echo "<center><font class=\"option\"><b>"._COMPLETEVOTE3."</b></font></center><br>";
    if ($error == "postervote") echo "<center><font class=\"option\"><b>"._COMPLETEVOTE4."</b></font></center><br>";
    if ($error == "nullerror") echo "<center><font class=\"option\"><b>"._COMPLETEVOTE5."</b></font></center><br>";
    if ($error == "outsideflood") echo "<center><font class=\"option\"><b>"._COMPLETEVOTE6."</b></font></center><br>";

    // VinDSL - Part of EvilTagR DSL Hack
    if ($error == "evillink") echo "<center><font class=\"option\"><b>"._COMPLETEVOTE7."</b></font></center><br>";

}

<snip>


Continuing...
 
Guardian2003
PostPosted: Sat Aug 05, 2006 4:34 pm Reply with quote

Shame you couldn't couple this with the forums censor word list to populate the $EvilWord array - it might provide a ready made interface for adding/deleting 'bad' words.
Excellent work Vin, love it!
 
Guardian2003
PostPosted: Thu Aug 17, 2006 3:50 am Reply with quote

<Bumped> I want to follow up on this and don't want it scrolling off the page just yet.
 
Unit1
Worker
Worker


Joined: Oct 26, 2004
Posts: 134
Location: Boston

PostPosted: Sat Aug 19, 2006 11:36 am Reply with quote

<Bumped> me also
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©