Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x
Author Message
Gremmie
Former Moderator in Good Standing


Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA

PostPosted: Fri Jan 05, 2007 7:39 pm Reply with quote

I had a new user try to post some html to the forums Smack and got blocked for abuse.

Here is a Only registered users can see links on this board! Get registered or login! to part of the abuse report from Sentinel.

You'll probably have to save it to a file to see it all because it's all run together on a couple of lines.

There is just "a" and "img" tags in there.... no script tags or anything.
 
View user's profile Send private message
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Fri Jan 05, 2007 9:42 pm Reply with quote

It's usually a reserved word that's part of another word, but I didn't see anything other than object inside a tag that might have set it off.

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9457
Location: Arizona

PostPosted: Sat Jan 06, 2007 8:25 am Reply with quote

I am thinking it might be this line here under the $_POST section of that blocker code:

(eregi("<[^>]*object*\"?[^>]*", $secvalue)) ||

and the line containing "WebObjects" (in the href) might have tripped it.

While I know the prefix part of this regex would "trip", I need to analyze the suffix part to understand exactly what it is doing... but right now, I suspect that is it.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Gremmie
PostPosted: Sat Jan 06, 2007 10:15 am Reply with quote

If that is it, you might want to tighten that up a bit. Maybe

Code:


eregi("<[[:space:]]*ob~ject.*>", $secvalue)


I think I got that right. In any event, I'm trying to say:

< followed by 0 or more spaces, followed by ob~ject, and then any old junk up until a >.

The way you have it now is "a <, then anything but a > 0 or more times, then ob~jec followed by t 0 or more times, etc". I can see how that matched WebObjects.

(I had to mangle ob~ject to get it through sentinel here Smile )
 
montego
PostPosted: Sat Jan 06, 2007 10:51 am Reply with quote

I follow that, but I am not the developer. Personally, I wonder about the others too. I'll PM Bob to take a look at this and get his expert opinion.

Thanks Gremmie!
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©