Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
64bitguy
The Mouse Is Extension Of Arm


Joined: Mar 06, 2004
Posts: 1159
Location: Sanbornton, NH USA

PostPosted: Thu Oct 28, 2004 11:11 am Reply with quote

Hi

I wanted to just ask a quick question about possible changes not mentioned in the NukeSentinel documentation.

One thing I've noticed about the ever evolving mainfile.php of different versions from 6.x on (but especially 7.x and all of Chatserv's great "Patched" solutions) is that the beginning of mainfile.php includes a section specifically dedicated to preventing certain types of known abuses including forbidden query strings and Union abuses. This section has grown larger and larger over time with each new mainfile.php.

My question is, if you have implemented NukeSentinel and setup all of the banning features, is it then safe to remark out this section entirely?

In my mind, NukeSentinel is now guarding against all of these abuses and additionally, it at least provides some level of notification (as well as banning the abuser) which is much more than what the mainfile.php section does.

If my assumptions are correct, would be a bad idea to suggest making a notation in the User Guide and readme.txt that says something like, "once you have completed NukeSentinel installation, and then completed configuration and enabled all individual types of protection, it is safe to remark out this section in the mainfile.php?

Mine is below:

Code:
//Union Tap

//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 3 Code to prevent UNION SQL Injections
//unset($matches);
//unset($loc);
//if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER["QUERY_STRING"]), $matches)) {
//   die();
//}

//$queryString = strtolower($_SERVER['QUERY_STRING']);
//if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($querystring,'c2nyaxb0')) {
//header("Location: index.php");
//die();
//}


If I'm way off here, please advise.

Thanks!

_________________
Steph Benoit Only registered users can see links on this board! Get registered or login!
1CMS, 100% Section 508 and W3C XHTML/CSS Compliant (Truly) 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Thu Oct 28, 2004 1:41 pm Reply with quote

Remove them all if you are using NukeSentinel. Also remove the 1 or 2 lines of code from admin.php. We will modify the User's Guide.
 
View user's profile Send private message
BobMarion
Former Admin in Good Standing


Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)

PostPosted: Thu Oct 28, 2004 1:52 pm Reply with quote

I'll make note of it in the 2.1.1 readme file Smile

_________________
Bob Marion
Codito Ergo Sum
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website
64bitguy
PostPosted: Thu Oct 28, 2004 2:05 pm Reply with quote

You mean these in admin.php right?

Code:
//$checkurl = $_SERVER['REQUEST_URI']; 

//if((stripos_clone($_SERVER["QUERY_STRING"],'AddAuthor')) || (stripos_clone($_SERVER["QUERY_STRING"],'UpdateAuthor')) || (preg_match("/\?admin/", "$checkurl")) || (preg_match("/\&admin/", "$checkurl"))) {
//die("Illegal Operation");
//}


Thanks guys!
 
Raven
PostPosted: Thu Oct 28, 2004 2:06 pm Reply with quote

Yep
 
sixonetonoffun
Spouse Contemplates Divorce


Joined: Jan 02, 2003
Posts: 2496

PostPosted: Thu Oct 28, 2004 2:12 pm Reply with quote

Should speed things up a bit too as a added bonus!

_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 
View user's profile Send private message
64bitguy
PostPosted: Thu Oct 28, 2004 2:26 pm Reply with quote

Well, I have now eliminated Protector and made these changes.

This coupled with gzip has increased my average page load times from 0.53 to 1.0 and forums 0.39 to 1.0 to now averaging 0.15 to 0.19 and forums at 0.13 to 0.20.

I guess I can't complain. Smile

Getting rid of Protector also forced me to get rid of a few other things like my Login block, but I'm using a new BETA solution that I've modded to give me the features that I want and so far (other than a few minor bugs I'm working out) everything is great and much faster.

Now if I can only figure out how OffTopic to turn caching on and off in particular blocks/sections.... worship Wink
 
Raven
PostPosted: Thu Oct 28, 2004 2:40 pm Reply with quote

You are anything but subtle, to be sure Laughing My module does not yet have that feature. I have hand loaded my properties to this point. I will be adding several things over the next couple of days. Hang tight - you will be a tester Wink
 
64bitguy
PostPosted: Thu Oct 28, 2004 2:44 pm Reply with quote

lol Subtle... Arrow ROTFL

Thanks Raven
 
JRSweets
Worker
Worker


Joined: Aug 06, 2004
Posts: 192

PostPosted: Tue Nov 02, 2004 3:05 pm Reply with quote

Six posted this in another thread, but you guys are talking about removing the other code from mainfile.php

Quote:
1) //Union Tap code
2) #--------------- Base64 sanitize by Waraxe code
3) foreach ($_GET as $secvalue) code
4) foreach ($_POST as $secvalue)


Is this the code he talking about?

foreach ($_GET as $secvalue) code is this:
Code:
foreach ($_GET as $secvalue) {

    if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||
   (eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
   (eregi("\"", $secvalue)) ||
   (eregi("forum_admin", $var_name)) ||
   (eregi("inside_mod", $var_name))) {
   die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
    }
}


foreach ($_POST as $secvalue) is:
Code:
foreach ($_POST as $secvalue) {

    if ((eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*style*\"?[^>]*>", $secvalue))) {
        die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
    }
}



Can this be removed to?
Code:
// Post filtering patch by telli - http://codezwiz.com/ - edited by chatserv

   if ($_SERVER["REQUEST_METHOD"] == "POST") {
   foreach ($_POST as $FormFieldName=>$FormFieldValue)
         {
            if (gettype($FormFieldValue) == 'array')
         {
           $iCount = count($_POST[$FormFieldName]);
           for ($i=0;$i<$iCount;$i++)
           {
                $FormFieldValue = $_POST[$FormFieldName][$i];
                $sTemp .= "name=\"" . $FormFieldName . "[$i]\" value=\"$FormFieldValue\"\r\n";
             }
         }
         else {$sTemp .= "name=\"$FormFieldName\" value=\"$FormFieldValue\"\r\n"; }
         $sTemp = urldecode($sTemp);
            }
       }
           if($_SERVER["REQUEST_METHOD"] == "POST" && (preg_match("/mod_authors/", $sTemp) || preg_match("/displayadmins/", $sTemp) || preg_match("/updateadmin/", $sTemp) || preg_match("/modifyadmin/", $sTemp) || preg_match("/deladmin/", $sTemp) || preg_match("/deladmin2/", $sTemp)))
      {
         die ("<center><img src=images/logo.gif><br><br><b>Illegal Operation - You Are Not An Authorized Admin</b>");
      }
// End Post filtering patch


What is #--------------- Base64 sanitize by Waraxe code?

Is it this?
Code:
if(isset($admin))

{
   $admin = base64_decode($admin);
   $admin = addslashes($admin);
   $admin = base64_encode($admin);
}

if(isset($user))
{
   $user = base64_decode($user);
   $user = addslashes($user);
   $user = base64_encode($user);
}
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©