Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm)
Author Message
cyberdog
New Member
New Member



Joined: Apr 28, 2006
Posts: 15
Location: Menomonie, WI

PostPosted: Thu Aug 16, 2007 2:52 pm Reply with quote

Afternoon everyone. I need a little help and scratching my head right now.

I have a PHP website and I am running NukeSentinel(tm) 2.5.03. It's been working awesome and I have not made any changes or other to my sites configuration.

Over the last couple weeks, members have been getting banned from the site for trying for trying to make a donation by clicking on our donate picture.

Here is the Log shows:

User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR
2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.2)
Query String: [ Only registered users can see links on this board! Get registered or login! ]
me=Team+N+Tense+Site+Donation&item_number=Servers&no_shipping=1&custom=72.204.17
.27&on0=ID&os0=18&notify_url=http://www.teamntense.com/ipn_don.php&return=http:/
/www.teamntense.com/modules.php?name=Donate&op=received&uid=18&no_note=1&currenc
y_code=USD&tax=0&on1=Show+Donation&os1=1&submit.x=75&submit.y=37
Get String: [ Only registered users can see links on this board! Get registered or login! ]
me=Team N Tense Site
Donation&item_number=Servers&no_shipping=1&custom=72.204.17.27&on0=ID&os0=18&not
ify_url= [ Only registered users can see links on this board! Get registered or login! ]
hp?name=Donate&op=received&uid=18&no_note=1&currency_code=USD&tax=0&on1=Show
Donation&os1=1&submit_x=75&submit_y=37
Post String: [ Only registered users can see links on this board! Get registered or login! ]
Forwarded For: none
Client IP: none
Remote Address: 72.***.17.27 (**Privacy)
Remote Port: 52740
Request Method: GET


Is there anything I can do to get NS to stop banning people from making donations?
 
View user's profile Send private message Send e-mail Visit poster's website
Gremmie
Former Moderator in Good Standing



Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA

PostPosted: Thu Aug 16, 2007 5:07 pm Reply with quote

I think it is probably the [ Only registered users can see links on this board! Get registered or login! ] stuff in the arguments that is tripping it up.

What version of Nuke and what is the name of the donation block?

As to how to fix it or work around it.....hmmmm. If you could find a way to code the block so those [ Only registered users can see links on this board! Get registered or login! ] aren't there, that would do it. Failing that, you'd have to modify Sentinel.

_________________
GCalendar - An Event Calendar for PHP-Nuke
Member_Map - A Google Maps Nuke Module 
View user's profile Send private message
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam

PostPosted: Thu Aug 16, 2007 5:35 pm Reply with quote

You may want to also check the
Code:
cmd=
as I think nukesentinel.php specifically looks for this string - at least in newer versions.
 
View user's profile Send private message Send e-mail
fkelly
Former Moderator in Good Standing



Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Thu Aug 16, 2007 6:28 pm Reply with quote

I can't quote every version of NS to you and you have to realize that 2.5.03 is seriously out of date and you should look into upgrading. I believe you are like 8 versions out of date. RN upgrades you automatically at least to NS 2.5.10 (the most recent is 2.5.11) but still I will try to address your problem.

The "cmd=" string is indeed blocked in NS. We've had similar issues with Gallery trying to issue it and getting blocked. You'll find the block down under the comment:

Code:
  // Check for XSS attack

  if(!stristr($nsnst_const['query_string'], "index.php?url=") AND (!isset($_COOKIE['admin']) OR !is_admin($_COOKIE['admin']))) {
    if( (isset($name) AND (eregi("http\:\/\/", $name) OR eregi("https\:\/\/", $name)))
    OR (isset($file) AND (eregi("http\:\/\/", $file) OR eregi("https\:\/\/", $file)))
    OR (isset($libpath) AND (eregi("http\:\/\/", $libpath) OR eregi("https\:\/\/", $libpath)))
    OR stristr($nsnst_const['query_string'], "http://") OR stristr($nsnst_const['query_string'], "https://")
    OR ( stristr($nsnst_const['query_string'], "cmd=") AND !stristr($nsnst_const['query_string'], "&cmd") )
    OR ( stristr($nsnst_const['query_string'], "exec") AND !stristr($nsnst_const['query_string'], "execu") )
    OR stristr($nsnst_const['query_string'],"concat") AND !stristr($nsnst_const['query_string'], "../") ) {
      block_ip($blocker_row);
    }


I'm not sure what the best approach is to fixing this. Your could just comment out the cmd= part of the OR. Or you could find out what module is generating that (say "donations") and code an exclusion. I think we did that for Gallery a year or two ago. I can't (and don't have the time to) simulate this so I can't give you a bullet proof answer. But I understand the frustration.
 
View user's profile Send private message Visit poster's website
cyberdog







PostPosted: Fri Aug 17, 2007 7:28 am Reply with quote

Thanks for the information. I am using PNC Nuke 4.01. The Donations block is from Teli at Codezwiz.

I will look into all this tonight when I get home. It is strange because everything was working just great, then one day people were getting banned going into this block-module. That's why I am scratching my head.

Thanks, for the assistance. I will get back to everyone when I get this figured out with a resolution.

I also realize I am a couple versions behind. I haven't had the time to get the updates going. I plan on getting the updates on ASAP.

But, it has been doing what we need it to do.

Thanks everyone for the info again!!!
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm)

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©