Home •  Forum •  FAQ •  Search •  Recent Topics •  Memberlist •  Register •  Log in 
Forum » Icy Phoenix Support » Older Versions Archive » Old Bugs

FIXED CTracker errors

Reply to topic

Goto page Previous  1, 2, 3  Next

TheSteffen
Quote
Posts: 1625 Location: Magdeburg
Mon 15 Jan, 2007 08:22
Subject: Re: CTracker errors
Thanks for the hint :mricy:

Profile PM  
Lordpeter
Quote
Posts: 15
Tue 16 Jan, 2007 15:55
Subject: Re: CTracker Errors
When adding a user to a group ( Users&groups fuction)it give a ctracker error, how to fix this

Profile PM  
KugeLSichA
Quote
Posts: 803 Location: Dresden
Tue 16 Jan, 2007 18:51
Subject: Re: CTracker Errors
Lordpeter wrote: [View Post]
When adding a user to a group ( Users&groups fuction)it give a ctracker error, how to fix this


does anyone have this error too? Because i dont have an error when i add an user to one group.

Profile PM   Website ICQ
KugeLSichA
Quote
Posts: 803 Location: Dresden
Tue 16 Jan, 2007 19:11
Subject: Re: CTracker errors
Quote:
also, when a user on my forum tries to use the delete all function in the PM inbox, it gives them a CTracker security alert page

Profile PM   Website ICQ
m740
Quote
Posts: 84 Location: Mollet del Valles, Catalonia, Spain
Wed 17 Jan, 2007 21:19
Subject: Re: CTracker Errors
KugeLSichA wrote: [View Post]
YES :mricy:

maybe i found the solution for this... I played yet an little bit on my forum with these CT error while uploading an image and i found out:

If you use an pic_title with one more more spaces in there, you get the CT error. But only by pic_title, if you add spaces to pic_desc you dont get this error...

Maybe i have also the fix for this, but MG has to verify:

OPEN ctracker/engines/ct_security.php
FIND
Code: [Download] [Hide] [Select]
'submitavatar', 'del_attachment', 'update_attachment', 'edit_comment',

AFTER, ADD
Code: [Download] [Hide] [Select]
'pic_title', 'pic_desc',



thx


it is also necessary to add:


Code: [Download] [Hide] [Select]
'avatargenerator', 'signature'


For avatar generator.
:mrgreen:

Profile PM   Website
Lord Karadura
Quote
Posts: 42
Sat 27 Jan, 2007 18:18
Subject: Re: CTracker Errors
Error when trying to "Tell a Friend" about an specific topic.

Quote:
SECURITY ALERT » » » »
CBACK CrackerTracker has detected a potential attack on this site with a worm or exploit script so the Security System stopped the script.


If you can see this page after including a new MOD into your board or after clicking on a link please contact the Board Administrator with this error message and a description what you have done before you could see this page, that the Admin has the possibility to fix the problem.


And the CTracker Log says this:

Quote:
/tellafriend.php?topic=Escribid%20EN%20ESTE%20POST%20todos%20vuestros%20comentarios&link=http://localhost/viewtopic.php?topic_id=8


It happens just in ONE topic.

Hail!

Running at IcePhoenix

Profile PM  
Steno
Quote
Posts: 2
Sun 28 Jan, 2007 14:48
Subject: Re: CTracker Errors
Image error.
An image posted with www prefix gives a CT-error, without the www-prefix it works fine.
When thinking further this might have something to do with how the remote host configures the .htaccess??

testing it here now.
with the www -> no picture (CT-error)

without www it;s just fine.


And the link to the error. As you can see, it also goes wrong on icyphoenix.com.

Profile PM
difus
Quote
Posts: 763
Sun 28 Jan, 2007 15:42
Subject: Re: CTracker errors
try this

open ctracker/engines/ct_security.php

find
Code: [Download] [Hide]
  1. $ct_rules = array(  
  2. 'http_', '_server', 'delete%20', 'delete ', 'drop%20', 'drop ', 'create%20',  
  3. 'create ', 'update%20', 'update ', 'insert%20', 'insert ',  
  4. 'select%20', 'select ', 'bulk%20', 'bulk ', 'union%20', 'union ',  
  5. 'or%20', 'or ', 'and%20', 'and ', 'exec', '@@', '%22', '"', 'openquery',  
  6. 'openrowset', 'msdasql', 'sqloledb', 'sysobjects', 'syscolums',  
  7. 'syslogins', 'sysxlogins', 'char%20', 'char ', 'into%20', 'into ',  
  8. 'load%20', 'load ', 'msys', 'alert%20', 'alert ', 'eval%20', 'eval ',  
  9. 'onkeyup', 'x5cx', 'fromcharcode', 'javascript:', 'javascript.', 'vbscript:',  
  10. 'vbscript.', 'http-equiv', '->', 'expression%20', 'expression ',  
  11. 'url%20', 'url ', 'innerhtml', 'document.', 'dynsrc', 'jsessionid',  
  12. 'style%20', 'style ', 'phpsessid', '<applet', '<div', '<emded', '<iframe', '<img',  
  13. '<meta', '<object', '<script', '<textarea', 'onabort', 'onblur',  
  14. 'onchange', 'onclick', 'ondblclick', 'ondragdrop', 'onerror',  
  15. 'onfocus', 'onkeydown', 'onkeypress', 'onload', 'onmouse',  
  16. 'onmove', 'onreset', 'onresize', 'onselect', 'onsubmit',  
  17. 'onunload', 'onreadystatechange', 'xmlhttp', 'uname%20', 'uname ',  
  18. 'id%20', 'id ', 'ls%20', 'ls ', 'cat%20', 'cat ', 'rm%20', 'rm ',  
  19. 'kill%20', 'kill ', 'mail%20', 'mail ', 'wget%20', 'wget ', 'wget(',  
  20. 'pwd%20', 'pwd ', 'objectclass', 'objectcategory', '<!-%20', '<!- ',  
  21. 'total%20', 'total ', 'http%20request', 'http request', 'phpb8b4f2a0',  
  22. 'phpinfo', 'php:', 'globals', '%2527', '%27', ''', 'chr(',  
  23. 'chr=', 'chr%20', 'chr ', '%20chr', ' chr', 'cmd=', 'cmd%20', 'cmd',  
  24. '%20cmd', ' cmd', 'rush=', '%20rush', ' rush', 'rush%20', 'rush ',  
  25. 'union%20', 'union ', '%20union', ' union', 'union(', 'union=',  
  26. '%20echr', ' echr', 'esystem', 'cp%20', 'cp ', 'cp(', '%20cp', ' cp',  
  27. 'mdir%20', 'mdir ', '%20mdir', ' mdir', 'mdir(', 'mcd%20', 'mcd ',  
  28. 'mrd%20', 'mrd ', 'rm%20', 'rm ', '%20mcd', ' mcd', '%20mrd', ' mrd',  
  29. '%20rm', ' rm', 'mcd(', 'mrd(', 'rm(', 'mcd=', 'mrd=', 'mv%20', 'mv ',  
  30. 'rmdir%20', 'rmdir ', 'mv(', 'rmdir(', 'chmod(', 'chmod%20', 'chmod ',  
  31. 'cc%20', 'cc ', '%20chmod', ' chmod', 'chmod(', 'chmod=', 'chown%20', 'chown ',  
  32. 'chgrp%20', 'chgrp ', 'chown(', 'chgrp(', 'locate%20', 'locate ', 'grep%20', 'grep ',  
  33. 'locate(', 'grep(', 'diff%20', 'diff ', 'kill%20', 'kill ', 'kill(', 'killall',  
  34. 'passwd%20', 'passwd ', '%20passwd', ' passwd', 'passwd(', 'telnet%20', 'telnet ',  
  35. 'vi(', 'vi%20', 'vi ', 'nigga(', '%20nigga', ' nigga', 'nigga%20', 'nigga ',  
  36. 'fopen', 'fwrite', '%20like', ' like', 'like%20', 'like ', '$_',  
  37. '$get', '.system', 'http_php', '%20getenv', ' getenv', 'getenv%20', 'getenv ',  
  38. 'new_password', '/password', 'etc/', '/groups', '/gshadow',  
  39. 'http_user_agent', 'http_host', 'bin/', 'wget%20', 'wget ', 'uname%5c',  
  40. 'uname', 'usr', '/chgrp', '=chown', 'usr/bin', 'g%5c',  
  41. 'g', 'bin/python', 'bin/tclsh', 'bin/nasm', 'perl%20', 'perl ', '.pl',  
  42. 'traceroute%20', 'traceroute ', 'tracert%20', 'tracert ', 'ping%20', 'ping ',  
  43. '/usr/x11r6/bin/xterm', 'lsof%20', 'lsof ', '/mail', '.conf', 'motd%20', 'motd ',  
  44. 'http/1.', '.inc.php', 'config.php', 'cgi-', '.eml', 'file%5c://',  
  45. 'file:', 'file://', 'window.open', 'img src', 'img%20src', 'img src',  
  46. '.jsp', 'ftp.', 'xp_enumdsn', 'xp_availablemedia',  
  47. 'xp_filelist', 'nc.exe', '.htpasswd', 'servlet', '/etc/passwd', '/etc/shadow',  
  48. 'wwwacl', '~root', '~ftp', '.js', '.jsp', '.history',  
  49. 'bash_history', '~nobody', 'server-info', 'server-status',  
  50. '%20reboot', ' reboot', '%20halt', ' halt', '%20powerdown', ' powerdown',  
  51. '/home/ftp', '=reboot', 'www/', 'init%20', 'init ','=halt', '=powerdown',  
  52. 'ereg(', 'secure_site', 'chunked', 'org.apache', '/servlet/con',  
  53. '/robot', 'mod_gzip_status', '.inc', '.system', 'getenv',  
  54. 'http_', '_php', 'php_', 'phpinfo()', '<?php', '?>', '%3C%3Fphp',  
  55. '%3F>', 'sql=', '_global', 'global_', 'global[', '_server',  
  56. 'server_', 'server[', '/modules', 'modules/', 'phpadmin',  
  57. 'root_path', '_globals', 'globals_', 'globals[', 'iso-8859-1',  
  58. '?hl=', '%3fhl=', '.exe', '.sh', '%00', rawurldecode('%00'), '_env'  
  59. ); 


find www and cut
see results

if you have more problems - try to find ctracker stopping word :wink:

Profile PM   Website
sonoangelo
Quote
Posts: 200 Location: Sicilia
Sun 28 Jan, 2007 16:39
Subject: Re: CTracker Errors
i have this ctracker error when i want to delete an user from a group :?

Profile PM   Website MSN Skype
Steno
Quote
Posts: 2
Sun 28 Jan, 2007 23:12
Subject: Re: CTracker Errors
difus wrote: [View Post]
try this

open ctracker/engines/ct_security.php

find www and cut
see results

if you have more problems - try to find ctracker stopping word :wink:


Hmm sorry, did not work, I have the same code as you stated and there's no plain www in it. 2 times wwwacl and www/, but both didn't do the trick.

Profile PM
difus
Quote
Posts: 763
Mon 29 Jan, 2007 00:23
Subject: Re: CTracker errors
it means that it isn't www

do test

replace all this code with


Code: [Download] [Hide]
  1. $ct_rules = array(  
  2. 'http_', rawurldecode('%00'), '_env'  
  3. ); 


let me know

Profile PM   Website
Mighty Gorgon
Quote
Posts: 7192 Location: Borgo San Michele
Wed 31 Jan, 2007 01:55
Subject: Re: CTracker errors
Steno wrote: [View Post]
Image error.
An image posted with www prefix gives a CT-error, without the www-prefix it works fine.
When thinking further this might have something to do with how the remote host configures the .htaccess??

testing it here now.
with the www -> no picture (CT-error)
banner
without www it;s just fine.
banner

And the link to the error. As you can see, it also goes wrong on icyphoenix.com.

Thanks for pointing this out... I'll try to have a look and figure out how to solve it without removing WWW in the CT check how difus is suggesting.

difus, your solution will work, but I have to check if there is a better way for doing it without removing all the security checks of CT. Thanks for pointing us to the solution. :wink:

Profile PM   Website
hpl
Quote
Posts: 302 Location: Trieste
Sat 17 Feb, 2007 02:03
Subject: Re: CTracker Errors
sonoangelo wrote: [View Post]
i have this ctracker error when i want to delete an user from a group :?


me too! :?

Profile PM   Website
ddv
Quote
Posts: 13
Sat 17 Feb, 2007 09:25
Subject: Re: CTracker Errors
I am having trouble with Cracker Tracker submitting an article to the Knowledge Base. The problem definitely appears to be in the Title. These triggered an alert:

Huntsville Lakes Council -- Who we are and what we do.
The Huntsville Lakes Council
The HLC

These did not:

Lets try a new title
This is yet another test.
Mission Statement

This is a fresh install -- 1.0.5.5 unzipped, then 1.0.6.6 files copied over, then install.php run -- on a fresh database. Logged in as Admin, no other users registered. I tried to disable Cracker Tracker through the ACP, turning off everything I could find in "Settings", but it still reports "Active" when "Maintenance and Tests" is viewed and obviously still reads the titles.

Profile PM  
Mighty Gorgon
Quote
Posts: 7192 Location: Borgo San Michele
Wed 21 Feb, 2007 01:58
Subject: Re: CTracker errors
Steno wrote: [View Post]
Image error.
An image posted with www prefix gives a CT-error, without the www-prefix it works fine.
When thinking further this might have something to do with how the remote host configures the .htaccess??

I have fixed this... and I'll check again KB, even if I should already have solved it.

Profile PM   Website
Reply to topic
Goto page Previous  1, 2, 3  Next

Page 2 of 3


  
You cannot post new topics
You cannot reply to topics
You cannot edit your posts
You cannot delete your posts
You cannot vote in polls
You cannot attach files
You can download files
You cannot post calendar events

   

This is a "Lo-Fi" version of our main content. To view the full version with more information, formatting and images, please click here.

Powered by Icy Phoenix based on phpBB
Generation Time: 0.3198s (PHP: 7% SQL: 93%)
SQL queries: 29 - Debug Off - GZIP Enabled