Satch
New Member
Joined: Mar 05, 2006
Posts: 16
|
 Posted:
Wed Mar 22, 2006 12:32 pm |
|
I'm using patched nuke 7.4 and tried to install sentinel and so far, so good. There's on problem though: in the instructions you're supposed to find and comment out:
Code:
$queryString = strtolower($_SERVER['QUERY_STRING']);
if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0')) {
header("Location: index.php");
die();
}
|
I couldn't find the exact replica in my mainfile.php. The closest I found is:
Code:
if(!file_exists('includes/nukesentinel.php')) {
if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
$queryString = $_SERVER['QUERY_STRING'];
if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
die('Illegal Operation');
}
}
}
|
or
Code:
$postString_64 = base64_decode($postString);
if (!is_admin($admin) && stripos_clone($postString,'%20union%20') OR stripos_clone($postString,'*/union/*') OR stripos_clone($postString,' union ') OR stripos_clone($postString_64,'%20union%20') OR stripos_clone($postString_64,'*/union/*') OR stripos_clone($postString_64,' union ') OR stripos_clone($postString_64,'+union+') OR stripos_clone($postString,'http-equiv') OR stripos_clone($postString_64,'http-equiv')) {
header("Location: index.php");
die();
}
|
Ditto for this in admin.php: find and comment out:
Code:
$checkurl = $_SERVER['REQUEST_URI'];
if((stripos_clone($_SERVER["QUERY_STRING"],'AddAuthor')) || (stripos_clone($_SERVER["QUERY_STRING"],'VXBkYXRlQXV0aG9y')) || (stripos_clone($_SERVER["QUERY_STRING"],'QWRkQXV0aG9y')) || (stripos_clone($_SERVER["QUERY_STRING"],'UpdateAuthor')) || (preg_match("/\?admin/", "$checkurl")) || (preg_match("/\&admin/", "$checkurl"))) {
die("Illegal Operation");
}
|
but I only have this:
Code:
$checkurl = $_SERVER['REQUEST_URI'];
if((stripos_clone($checkurl,'AddAuthor')) OR (stripos_clone($checkurl,'VXBkYXRlQXV0aG9y')) OR (stripos_clone($checkurl,'QWRkQXV0aG9y')) OR (stripos_clone($checkurl,'UpdateAuthor')) OR (stripos_clone($checkurl, "?admin")) OR (stripos_clone($checkurl, "&admin"))) {
die("Illegal Operation");
}
|
While none of these are carbon copies, they are the closest I can find. Should I comment one of those out or just leave this part be?
Thanks.
Satch |
| |
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6433
|
| Posted:
Wed Mar 22, 2006 4:32 pm |
|
On the first one, that was removed, I think, in later versions of the patch. You shouldn't comment out what you highlighted there.
I'm not sure about the second one. I would leave that in, too. The impact could be that it catches an attack before NukeSentinel, and the only problem would be that you wouldn't know it. |
_________________
I search, therefore I exist...
nukeSEO - nukeFEED - nukePIE - nukeSPAM - nukeWYSIWYG |
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Wed Mar 22, 2006 5:28 pm |
|
Yeah, thats right, the first one is already in good shape because it only does the original check if nukesentinel is not installed.
On the second, NukeSentinel handles this one as well. Personally, I'd rather have NS letting me know the hack attempts (and autobanning) rather than just "dying". |
_________________
Where Do YOU Stand?
HTML Newsletter::ShortLinks::Mailer::Downloads and more... |
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
