Author |
Message |
Dauthus
Worker
Joined: Oct 07, 2003
Posts: 211
|
Posted:
Sun Jul 16, 2006 1:53 pm |
|
Clicking on the link to report suspected cheating bans the user. Here's the email:
Code:User Agent: MJ12bot/v1.0.8 (http://majestic12.co.uk/bot.php?+)
Query String: [ Only registered users can see links on this board! Get registered or login! ] Name&surl=http://www.website.com
Get String: [ Only registered users can see links on this board! Get registered or login! ] Name&surl=http://www.website.com
Post String: [ Only registered users can see links on this board! Get registered or login! ] Forwarded For: none
|
I checked this myself and it does ban the user. I know the problem is in the "&surl=http://" section of the code.
I guess what I am asking here is if I can keep adding modules to the XSS attack in the following manner:
Code:// Check for XSS attack
if( eregi("http\:\/\/", $name) OR eregi("http\:\/\/", $file) OR eregi("http\:\/\/", $libpath)
// Added protection for gallery2 module
//OR stristr($nsnst_const['query_string'], "http://")
OR ( stristr($nsnst_const['query_string'], "http://") AND !stristr($nsnst_const['query_string'], "modules.php?name=gallery2"))
// END gallery2 protection
// ADD MS Topsites protection
OR ( stristr($nsnst_const['query_string'], "http://") AND !stristr($nsnst_const['query_string'], "modules.php?name=MS_TopSites"))
// END MS Topsites protection
OR ( stristr($nsnst_const['query_string'], "cmd=") AND !stristr($nsnst_const['query_string'], "&cmd") )
OR ( stristr($nsnst_const['query_string'], "exec") AND !stristr($nsnst_const['query_string'], "execu") )
OR stristr($nsnst_const['query_string'],"concat") AND !stristr($nsnst_const['query_string'], "../") ) {
block_ip($blocker_row);
}
}
|
Is it OK to just keep adding modules as they are needed? |
_________________
Vivere disce, cogita mori |
|
|
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6432
|
Posted:
Sun Jul 16, 2006 6:17 pm |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
Posted:
Sun Jul 16, 2006 11:17 pm |
|
|
|
|
kguske
|
Posted:
Mon Jul 17, 2006 4:54 am |
|
To clarify, I think evaders99 means to change MS_Topsites. |
|
|
|
|
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
Posted:
Mon Jul 17, 2006 5:45 am |
|
lol....but [ Only registered users can see links on this board! Get registered or login! ] isnt a user..
thats a very annoying bot .
however the banning part does happen....last week a member got banned after rating a site... |
|
|
|
|
nagahosting
Regular
Joined: Nov 03, 2007
Posts: 52
Location: Nagalim
|
Posted:
Fri Dec 28, 2007 7:53 pm |
|
persona_non_grata wrote: | lol....but [ Only registered users can see links on this board! Get registered or login! ] isnt a user..
thats a very annoying bot .
however the banning part does happen....last week a member got banned after rating a site... |
LOL I don't know whether it is a good bot or a bad bot...but i guess NukeSentinel doesn't like it. Getting banned emails everyday.
[code]Date & Time: 2007-12-28 08:40:06 CST GMT -0600
Blocked IP: 125.232.93.24
User ID: Visitor (1)
Reason: Abuse-Script
--------------------
User Agent: MJ12bot/v1.0.8 (http://majestic12.co.uk/bot.php?+)
Query String:
[ Only registered users can see links on this board! Get registered or login! ]
Get String:
[ Only registered users can see links on this board! Get registered or login! ]
Post String: mywebsite.com/modules.php
Forwarded For: none
Client IP: none
Remote Address: 125.232.93.24
Remote Port: 3853
Request Method: GET
--------------------
Who-Is for IP
[code] |
_________________ Blessed Is He Who Comes In The Name Of The Lord |
|
|
|
evaders99
|
Posted:
Sat Dec 29, 2007 2:49 am |
|
That is because you are using parenthesis in the video name. Just remove those parenthesis.
This also happens on the Downloads module |
|
|
|
|
nagahosting
|
Posted:
Sun Dec 30, 2007 6:19 am |
|
Oh thank you so much evaders99 I will check that out:) |
|
|
|
|
|