Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Thu Nov 18, 2004 4:08 pm Reply with quote

Due to conflicts with standard code in nuke releases, we highly recommend that you do the following if you haven't already. NukeSentinel protects without this code.

In mainfile.php, if you have this code, you should either comment it out or delete it.
Code:
//Union Tap

//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 3 Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER["QUERY_STRING"]), $matches)) {
   die();
}

$queryString = strtolower($_SERVER['QUERY_STRING']);
if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0')) {
header("Location: index.php");
die();
}

And again, in admin.php do the same. Please note that where you see the ///////////////, that indicates a REQUIRED line of code. That is where you may have this line: require_once("mainfile.php"); That line must remain.
Code:
// Uncomment the following block of code after editing the next line to match your site domain

$domainname = "www.yourdomainname.com";
if ($_SERVER['SERVER_NAME'] != $domainname ) {
  echo "Access denied";
  die();
}
//////////////////////////////////////////////////
$checkurl = $_SERVER['REQUEST_URI'];
if((stripos_clone($_SERVER["QUERY_STRING"],'AddAuthor')) || (stripos_clone($_SERVER["QUERY_STRING"],'VXBkYXRlQXV0aG9y')) || (stripos_clone($_SERVER["QUERY_STRING"],'QWRkQXV0aG9y')) || (stripos_clone($_SERVER["QUERY_STRING"],'UpdateAuthor')) || (preg_match("/\?admin/", "$checkurl")) || (preg_match("/\&admin/", "$checkurl"))) {
die("Illegal Operation");
}
 
View user's profile Send private message
blith
Client


Joined: Jul 18, 2003
Posts: 977

PostPosted: Fri Nov 19, 2004 8:05 am Reply with quote

Okay to be sure... in admin.php. We are to leave
Code:


$checkurl = $_SERVER['REQUEST_URI'];
if((stripos_clone($_SERVER["QUERY_STRING"],'AddAuthor')) || (stripos_clone($_SERVER["QUERY_STRING"],'VXBkYXRlQXV0aG9y')) || (stripos_clone($_SERVER["QUERY_STRING"],'QWRkQXV0aG9y')) || (stripos_clone($_SERVER["QUERY_STRING"],'UpdateAuthor')) || (preg_match("/\?admin/", "$checkurl")) || (preg_match("/\&admin/", "$checkurl"))) {
die("Illegal Operation");
}

Or just leave the
Code:
require_once("mainfile.php");
 
View user's profile Send private message Visit poster's website
Raven
PostPosted: Fri Nov 19, 2004 10:08 am Reply with quote

Just the mainfile.php
 
blith
PostPosted: Thu Mar 10, 2005 9:28 am Reply with quote

In my code the
Code:
require_once("mainfile.php");

had a @ in front of it like this
Code:
@require_once("mainfile.php");

should it stay?
 
Mesum
Useless


Joined: Aug 23, 2002
Posts: 213
Location: Chicago

PostPosted: Thu Mar 10, 2005 9:58 am Reply with quote

Right, 2.9 patch version has @ before the includes.

_________________
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Raven
PostPosted: Thu Mar 10, 2005 10:08 am Reply with quote

Let me add that the @ suppresses any error messages and you will probably receive a blank screen if an error occurs. While it can mask some incidental error messages, it can make debugging more difficult. That's not a reason to remove it, but just an awareness.
 
blith
PostPosted: Thu Mar 10, 2005 10:56 am Reply with quote

ahh interesting. Thank you.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©