| Author |
Message |
NovemberRain
New Member
Joined: Jul 12, 2003
Posts: 8
Location: Istanbul
|
 Posted:
Thu Dec 30, 2004 3:34 am |
 
|
When i click on a review, there is no content. I removed the senintel lines in mainfile.php and it is ok now. |
|
|
 |
|
raul2010
New Member
Joined: Aug 06, 2004
Posts: 5
|
| Posted:
Thu Dec 30, 2004 3:39 am |
|
the same here  |
|
|
|
|
|
skeen
Hangin' Around
Joined: Jul 17, 2003
Posts: 29
|
| Posted:
Thu Dec 30, 2004 4:07 am |
|
My Profiles module only half works after uprgade to 2.1.3
Any help would be appreciated as it is a main part of my site. |
|
|
|
|
|
manunkind
Client
Joined: Apr 26, 2004
Posts: 368
Location: Albuquerque, NM
|
| Posted:
Thu Dec 30, 2004 7:27 am |
|
|
|
|
skeen
Hangin' Around
Joined: Jul 17, 2003
Posts: 29
|
| Posted:
Thu Dec 30, 2004 7:32 am |
|
it is probaly the same thing as why the forums didnt work properly, something to do with the santy worm fixes, but i sure would like a fix for it, pleaseeee |
|
|
|
|
|
BobMarion
Former Admin in Good Standing
Joined: Oct 30, 2002
Posts: 1043
Location: RedNeck Land (known as Kentucky)
|
| Posted:
Thu Dec 30, 2004 3:10 pm |
|
Open includes/sentinel.php and find: | Code: | // Stop Santy Worm
$bad_uri_content="rush,highlight,perl,chr(,pillar,visualcoder,sess_";
global $REQUEST_URI;
$tmp=explode(",",$bad_uri_content);
while(list($id,$uri_content)=each($tmp)) {
if (strpos($REQUEST_URI,$uri_content)) {
die("Illegal Content");
}
} |
This is the Santy Worm protection. There are two things in it that would most likely interfer with the Forums/Private Message. highlight and sess_. Remove one then the other and let me know which one solves it or if neither helped. |
|
|
|
|
skeen
Hangin' Around
Joined: Jul 17, 2003
Posts: 29
|
| Posted:
Thu Dec 30, 2004 4:07 pm |
|
Hi Bob,
I have already removed highlight to get my forums working so I tried sess_ and that didnt work either. So I commented out the whole block of code and now it comes back with illegal content ?? (whoops missed a line doh)
Ok with the whole block commented out the profiles work fine again so somethin in there is causing me grief. |
|
|
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2499
|
| Posted:
Thu Dec 30, 2004 4:44 pm |
|
PHP 4.3.10 ? Check your error logs and see if there is an error being thrown by includes/sentinel.php
Bad arguement for $id in function each() or something like that.
Just a thought I had trouble with a simular bit of code I use and had to change it to get rid of the error. The code worked but kept throwing out that error. The issue only happens with php 4.3.10 as far as I know. |
Last edited by sixonetonoffun on Fri Dec 31, 2004 10:29 am; edited 1 time in total |
|
|
|
|
skeen
Hangin' Around
Joined: Jul 17, 2003
Posts: 29
|
| Posted:
Thu Dec 30, 2004 4:49 pm |
|
it has been working fine with 2.1.2 and below, it is just the Santy stuff that is the problem |
|
|
|
|
|
skeen
Hangin' Around
Joined: Jul 17, 2003
Posts: 29
|
| Posted:
Thu Dec 30, 2004 4:55 pm |
|
Found the sucker that is causing my problems....
while(list($id,$uri_content)=each($tmp)) {
The $id is the culprit, how important is it to the Santy protection ? |
|
|
|
|
|
skeen
Hangin' Around
Joined: Jul 17, 2003
Posts: 29
|
| Posted:
Thu Dec 30, 2004 5:27 pm |
|
I know of a lot of people running this mod and I guess we would all like to get a fix for it. Anyone have an answer ??
The rest of the mod seems to be working fine it is just one file that has the conflict in it and that is the one that actually displays the profile info. |
Last edited by skeen on Thu Dec 30, 2004 5:30 pm; edited 1 time in total |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Thu Dec 30, 2004 5:29 pm |
|
If you have protection via .htaccess then you don't need that. |
|
|
 
|
|
skeen
Hangin' Around
Joined: Jul 17, 2003
Posts: 29
|
| Posted:
Thu Dec 30, 2004 5:36 pm |
|
excuse my ignorance but what would that code be for the .htaccess file Raven ? |
|
|
|
|
|
skeen
Hangin' Around
Joined: Jul 17, 2003
Posts: 29
|
| Posted:
Thu Dec 30, 2004 5:40 pm |
|
currently I have this to combat the Santy worm is it sufficient ?
#Place these directives at the TOP of your .htaccess file!
#Check for Santy Worms and redirect them to a PHANTOM site.
#Variant-1 May cause problems with CRON jobs set from cPanel.
RewriteCond %{HTTP_USER_AGENT} ^LWP [NC,OR]
#Variant-2 No reported problems.
RewriteCond %{REQUEST_URI} ^visualcoders [NC,OR]
#Variant-3 No reported problems.
RewriteCond %{QUERY_STRING} rush=([^&]+) [NC,OR]
#Variant-4 May cause problems with cPanel updates, et cetera.
RewriteCond %{QUERY_STRING} ^(.*)wget(.*) [NC]
#Redirect - Send worms packing, but NOT to a real web site!
RewriteRule ^.*$ [L] |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Thu Dec 30, 2004 5:42 pm |
|
| Code: | #Check for Santy Worms and redirect them to a fake page
RewriteCond %{HTTP_USER_AGENT} ^LWP [NC,OR]
RewriteCond %{REQUEST_URI} ^visualcoders [NC,OR]
RewriteCond %{QUERY_STRING} rush=([^&]+) [NC,OR]
RewriteCond %{REQUEST_URI} ^envidiosos [NC,OR]
RewriteCond %{REQUEST_URI} ^civa [NC,OR]
#variant-6 redirect all inner http:// request
RewriteCond %{QUERY_STRING} ^(.*)http://(.*) [NC,OR]
#variant-7 redirect all inner http request regardless if encoded
RewriteCond %{QUERY_STRING} ^(.*)http%3A%2F%2F(.*) [NC]
RewriteRule ^.*$ http://WHERE_EVER.com [R,L] |
The where_ever can be a preformatted page or fake. |
Last edited by Raven on Fri Dec 31, 2004 8:27 pm; edited 1 time in total |
|
|
|
|
skeen
Hangin' Around
Joined: Jul 17, 2003
Posts: 29
|
| Posted:
Thu Dec 30, 2004 5:51 pm |
|
Hehehe if is not one thing it is another, profiles are working fine now my site messenger has died.  |
|
|
|
|
|
skeen
Hangin' Around
Joined: Jul 17, 2003
Posts: 29
|
| Posted:
Thu Dec 30, 2004 6:20 pm |
|
dont know what the prob was but it fixed itself.
Hey thanks for your help Raven, and I wish you a great New Year, celebrate it well my friend and enjoy. |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Thu Dec 30, 2004 6:28 pm |
|
|
|
|
|
skeen
Hangin' Around
Joined: Jul 17, 2003
Posts: 29
|
| Posted:
Thu Dec 30, 2004 6:42 pm |
|
I will have a cupla cold Aussie Brews for Ya as well  |
|
|
|
|
|
manunkind
Client
Joined: Apr 26, 2004
Posts: 368
Location: Albuquerque, NM
|
| Posted:
Thu Dec 30, 2004 10:37 pm |
|
Does this fix the Reviews? |
|
|
|
|
|
manunkind
Client
Joined: Apr 26, 2004
Posts: 368
Location: Albuquerque, NM
|
| Posted:
Fri Dec 31, 2004 7:57 pm |
|
| Raven wrote: | | Code: | #Check for Santy Worms and redirect them to a fake page
RewriteCond %{HTTP_USER_AGENT} ^LWP [NC,OR]
RewriteCond %{REQUEST_URI} ^visualcoders [NC,OR]
RewriteCond %{QUERY_STRING} rush=([^&]+) [NC,OR]
RewriteCond %{REQUEST_URI} ^envidiosos [NC,OR]
RewriteCond %{REQUEST_URI} ^civa [NC,OR]
#variant-6 redirect all inner http:// request
RewriteCond %{QUERY_STRING} ^(.*)http://(.*) [NC,OR]
#variant-7 redirect all inner http request regardless if encoded
RewriteCond %{QUERY_STRING} ^(.*)http%3A%2F%2F(.*) [NC]
RewriteRule ^.*$ http://WHERE_EVER.com [R,L] |
The where_ever can be a preformatted page or fake. |
I just put this code in my .htaccess and it redirected me when I clicked on a link. What did I do wrong? |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Fri Dec 31, 2004 8:00 pm |
|
Redirected you where? That's the exact code that I'm running. |
|
|
|
|
|
manunkind
Client
Joined: Apr 26, 2004
Posts: 368
Location: Albuquerque, NM
|
| Posted:
Fri Dec 31, 2004 8:03 pm |
|
It redirected me to the URL on the last line. Not sure what I did wrong. I copied and pasted it right into my file and then just changed the URL on the last line. I went to refresh my page by clicking on a link, and boom....I was redirected. |
|
|
|
|
|
manunkind
Client
Joined: Apr 26, 2004
Posts: 368
Location: Albuquerque, NM
|
| Posted:
Fri Dec 31, 2004 8:08 pm |
|
I can email you my edited .htaccess file if you want to take a look, Raven. Maybe I have something else in there conflicting with it? |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Fri Dec 31, 2004 8:26 pm |
|
Try taking the last OR out. It should be [NC] |
|
|
|
|
|
|
|
|
|
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
