Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ Bug Reports
Author Message
CurtisH
Life Cycles Becoming CPU Cycles


Joined: Mar 15, 2004
Posts: 638
Location: West Branch, MI

PostPosted: Tue Mar 15, 2005 6:14 pm Reply with quote

With Santy Worm protection enabled, if I search for an author and then click on any of there posts (link) I am directed to a possible santy worm attack. Disabling the Santy Worm protection the issue goes away.

_________________
Those who dream by day are cognizant of many things which escape those who dream only by night. ~Poe 
View user's profile Send private message Visit poster's website Yahoo Messenger
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Tue Mar 15, 2005 6:21 pm Reply with quote

If you are using the SantyWorm code in NukeSentinel, I highly recommend that you don't. Use the .htaccess method because it is safer and less conflicts. That code is for those that have no other alternative.
 
View user's profile Send private message
CurtisH
PostPosted: Tue Mar 15, 2005 6:26 pm Reply with quote

Ok, I will seek out directions on the htaccess method. Thanks Raven. Smile
 
Raven
PostPosted: Tue Mar 15, 2005 6:29 pm Reply with quote

Code:
RewriteEngine on

#The next lines check for Email Spammers Robots and redirect them to a fake page
#Check for Santy Worms and redirect them to a fake page
RewriteCond %{HTTP_USER_AGENT} ^LWP                   [NC,OR]
RewriteCond %{REQUEST_URI} ^visualcoders              [NC,OR]
RewriteCond %{QUERY_STRING} rush=([^&]+)              [NC,OR]
RewriteCond %{REQUEST_URI} ^envidiosos                [NC,OR]
RewriteCond %{REQUEST_URI} ^civa                      [NC,OR]
#variant-6 redirect all inner http:// request
RewriteCond %{QUERY_STRING} ^(.*)http://(.*)            [NC,OR]
#variant-7 redirect all inner http request regardless if encoded
RewriteCond %{QUERY_STRING} ^(.*)http%3A%2F%2F(.*)      [NC]
RewriteRule ^.*$ http://127.0.0.1 [R,L]
 
CurtisH
PostPosted: Tue Mar 15, 2005 6:38 pm Reply with quote

Do I place that at the beginning of my htaccess?
 
Raven
PostPosted: Tue Mar 15, 2005 6:44 pm Reply with quote

Doesn't really matter, but I would have it towards the top
 
CurtisH
PostPosted: Tue Mar 15, 2005 7:01 pm Reply with quote

Thanks a bunch. That got me taken care of. Smile
 
Dreakon
New Member
New Member


Joined: Aug 17, 2004
Posts: 11

PostPosted: Fri Mar 25, 2005 7:56 am Reply with quote

I am having the same problem. I added the code to .htaccess, but I dont know how to stop NukeSentinel from using the Santy worm code. Care to explain please?
 
View user's profile Send private message
CurtisH
PostPosted: Fri Mar 25, 2005 8:02 am Reply with quote

Under Sentinel Administration scroll down to the Santy Worm Protection setting. Select OFF

That should fix your issue
 
Dreakon
PostPosted: Fri Mar 25, 2005 8:03 am Reply with quote

d***, that was a fast reply, I feel stupid because I looked through the options and saw it. Tried to come back here and edit and it was already answered. Thanks! Smile
 
SmackDaddy
Involved
Involved


Joined: Jun 02, 2004
Posts: 268
Location: Englewood, OH

PostPosted: Wed Mar 30, 2005 10:41 am Reply with quote

Thank you for the info....this helped me out as well....cheers!

_________________
Smack out...
Only registered users can see links on this board! Get registered or login!

Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website
shmk
Worker
Worker


Joined: Dec 21, 2004
Posts: 116

PostPosted: Wed Apr 20, 2005 2:12 am Reply with quote

I have to use santy worm protection because haven't the possibility to use .htaccess on my host.

I got the same problem, I have resolved it removing the "highlight" option in the search (in my search highlight field is always void... probably a bug in my theme Confused ):

Code:
Open ./modules/Forums/search.php


Find:

$topic_url = append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . '=' . $searchset[$i]['topic_id'] . "&highlight=$highlight_active");
$post_url = append_sid("viewtopic.$phpEx?" . POST_POST_URL . '=' . $searchset[$i]['post_id'] . "&highlight=$highlight_active") . '#' . $searchset[$i]['post_id'];

Substitute with (or comment and add under...):

$topic_url = append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . '=' . $searchset[$i]['topic_id']);
$post_url = append_sid("viewtopic.$phpEx?" . POST_POST_URL . '=' . $searchset[$i]['post_id']) . '#' . $searchset[$i]['post_id'];


You now haven't highlight search function, but won't get the error "probably santy worm" Wink
 
View user's profile Send private message
blith
Client


Joined: Jul 18, 2003
Posts: 977

PostPosted: Tue Oct 10, 2006 8:43 pm Reply with quote

Raven wrote:
Code:
RewriteEngine on

#The next lines check for Email Spammers Robots and redirect them to a fake page
#Check for Santy Worms and redirect them to a fake page
RewriteCond %{HTTP_USER_AGENT} ^LWP                   [NC,OR]
RewriteCond %{REQUEST_URI} ^visualcoders              [NC,OR]
RewriteCond %{QUERY_STRING} rush=([^&]+)              [NC,OR]
RewriteCond %{REQUEST_URI} ^envidiosos                [NC,OR]
RewriteCond %{REQUEST_URI} ^civa                      [NC,OR]
#variant-6 redirect all inner http:// request
RewriteCond %{QUERY_STRING} ^(.*)http://(.*)            [NC,OR]
#variant-7 redirect all inner http request regardless if encoded
RewriteCond %{QUERY_STRING} ^(.*)http%3A%2F%2F(.*)      [NC]
RewriteRule ^.*$ http://127.0.0.1 [R,L]


I had a user with crush in his name and he received this message. I put your code in thehtaccess and it worked. Is this still the case with RavenNuke 2.20? That is what I am using...
 
View user's profile Send private message Visit poster's website
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9453
Location: Arizona

PostPosted: Tue Oct 10, 2006 9:31 pm Reply with quote

I believe, from what Technocrat has said, that if you are up on the BBtoNuke forum updates, this issue is no longer there, and so these are no longer necessary. Since 2.02.02 is at 2.0.20, you should be fine.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
blith
PostPosted: Tue Oct 10, 2006 11:16 pm Reply with quote

montego wrote:
I believe, from what Technocrat has said, that if you are up on the BBtoNuke forum updates, this issue is no longer there, and so these are no longer necessary. Since 2.02.02 is at 2.0.20, you should be fine.

Okay, but I had a "possible Santy Worm attack" message when a user clicked on his account activation link.
 
Raven
PostPosted: Tue Oct 10, 2006 11:43 pm Reply with quote

Compare it to that logic in .htaccess and you should see right away why it got flagged. Remember that NukeSentinel(tm) also has Santy Worm protection.
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Wed Oct 11, 2006 10:43 am Reply with quote

Make sure the username isn't using anything banned like "perl"

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
blith
PostPosted: Fri Oct 13, 2006 12:14 pm Reply with quote

so my question is: Now that I have placed the code in my htaccess can I turn off Nuke Sentinel Santy Worm protection? Thank you all!
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ Bug Reports

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©