Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.6.x
Author Message
crypto
Worker
Worker


Joined: Aug 02, 2004
Posts: 165

PostPosted: Mon Nov 17, 2008 10:31 am Reply with quote

Why this action has been blocked? Query string seems to be clean:

Query String: name=Forums&file=viewtopic&t=16769&highlight=msiexec

Quote:

Created By: NukeSentinel(tm) 2.6.01
Date & Time: 2008-11-17 16:22:55 EET GMT +0200
Blocked IP: _removed_
User ID: _removed_ (12345)
Reason: Abuse-Filter
--------------------
Referer: on site
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; MEGAUPLOAD 1.0; MEGAUPLOAD 2.0)
HTTP Host: _removed_
Script Name: /modules.php
Query String: name=Forums&file=viewtopic&t=16769&highlight=msiexec
Get String: name=Forums&file=viewtopic&t=16769&highlight=msiexec
Post String: Not Available
Forwarded For: none
Client IP: none
Remote Address: _removed_
Remote Port: 1453
Request Method: GET
--------------------
Who-Is for IP
Unable to query WhoIs information for _removed_.
 
View user's profile Send private message
Susann
Moderator


Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Mon Nov 17, 2008 10:47 am Reply with quote

Because of "exec" I think. U
Btw:Users with such names are also blocked.
 
View user's profile Send private message
crypto
PostPosted: Mon Nov 17, 2008 10:55 am Reply with quote

Susann wrote:
Because of "exec" I think. U
Btw:Users with such names are also blocked.

What is behind of this reason? It's search/highlight function, so it should not cause blocking - or am I missing now something?

msiexec.exe belongs to the Windows Installer Component and is used to install new programs that use Windows Installer package files (MSI). This program is important for the stable and secure running of your computer and should not be terminated.
 
Susann
PostPosted: Mon Nov 17, 2008 11:08 am Reply with quote

Well check this post and you will find exact the same behavior:

ravenphpscripts.com/posts14208-highlight-exec.html

Exec is a shell script.
Search on Google. I quess you will find some interesting info.
 
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Tue Nov 18, 2008 8:29 am Reply with quote

If you look at line 295 of the current NS program /includes/nukesentinel.php you will see the culprit. A lot of these filters are written with a pretty broad brush and sometimes result in false positives. It appears from the code that the word "exec" in a query string will be filtered unless it is part of the string "execu". You could add an exception for "msiexec" easily enough I suppose though it would be overwritten by the next NS upgrade.
 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.6.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©