Icy Phoenix

     
 


Post new topic  Reply to topic 
Page 1 of 1
 
 
Reply with quote Download Post 
Post Security Alert – CBack CrackerTracker. 
 
Hi, I getting a few reports of a "Security Alert – CBack CrackerTracker" on registration.
I have tried creating some test accounts to see if I can replicate the error they are getting but, I seem to register fine every time.
Ive disabled all the CBack CrackerTracker features now in ACP to see if that makes a difference  

Any ideas why some and not all would get this problem?
 



 
batmanSend private message  
Back to topPage bottom
Icy Phoenix is an open source project, you can show your appreciation and support future development by donating to the project.

Support us
 
Reply with quote Download Post 
Post Re: Security Alert – CBack CrackerTracker. 
 
question. have you created some costum profile fields, with radio buttons??
 




____________
Out of Order
 
spydieSend private messageVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Security Alert – CBack CrackerTracker. 
 
Hya spydie, I do have a couple of custom fields but only text field nothing ells mate.
 



 
batmanSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Security Alert – CBack CrackerTracker. 
 
anyway.

you might think about killing CrTracker in the script that gives the error.
 




____________
Out of Order
 
spydieSend private messageVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Security Alert – CBack CrackerTracker. 
 
spydie wrote: [View Post]
anyway.

you might think about killing CrTracker in the script that gives the error.


Not sure what you mean  
 



 
batmanSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Security Alert – CBack CrackerTracker. 
 
try to put this in profile.php

in the top part of the script

define('MG_KILL_CTRACK', true);

just after <?php

then check if the problem persists
 




____________
Out of Order
 
spydieSend private messageVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Security Alert – CBack CrackerTracker. 
 
Ok done that, see how it goes, cheers
 



 
batmanSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Security Alert – CBack CrackerTracker. 
 
batman wrote: [View Post]
Ok done that, see how it goes, cheers


Mate, Below the last post here there are 5 similar topics to the question of this thread - One or more of them has the answer to your question.

Most importantly, while I was never a lover of cBack's cracker tracker - it does serve a purpose.

To willy-nilly kill it defeats that purpose.

If you go to cTracker in the ACP and have a look at the cTracker log files - it will tell you what it is blocking, along with the file name.

Then you can decide how to handle it - Reduce the level - ignore arrays or even end up killing it - But at least you will know why you are killing it, even if it doesn't need to be.
 



 
mortSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Security Alert – CBack CrackerTracker. 
 
mort wrote: [View Post]
batman wrote: [View Post]
Ok done that, see how it goes, cheers


Mate, Below the last post here there are 5 similar topics to the question of this thread - One or more of them has the answer to your question.

Most importantly, while I was never a lover of cBack's cracker tracker - it does serve a purpose.

To willy-nilly kill it defeats that purpose.

If you go to cTracker in the ACP and have a look at the cTracker log files - it will tell you what it is blocking, along with the file name.

Then you can decide how to handle it - Reduce the level - ignore arrays or even end up killing it - But at least you will know why you are killing it, even if it doesn't need to be.


With all due respect Mr. Mort   the ones in the similar threads are old support topics, possibly for older versions etc. ?

Im still getting to grips with Icy as it works a lot different to Integra which I have been using for 7 years, the same features etc. I'm finding a lot of what I had sussed out with integra are in different file locations and even not necessarily within the same tpl or php file, even worded differently so having to go through a lot of new learning curves.
The thing is, I know exactly how I want my site to function, even small language changes to how things are worded can make a huge difference in making My members experience on my site a lot better

I'm not turning the features of willy nilly, Its just a process of elimination at the moment.
Under normal circumstances if I was experiencing false positives I would put in debug mode and replicate the problem so I can ad the fix, problem is I'm unable to replicate the error.

Trust me I do use the search prior to asking for pointers, plus Ive only been using for a week and have made a heck of a lot of alterations on my site, not so many style design changes as yet but in other areas, that's on top of some teething problems.
Not being a coder is a bit of a pain as you have to play around with things to have a basic understanding of how it effects the site if altered, this all takes time and only so many hours in a day but I'm getting there slowly but surely.  
 



 
batmanSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Security Alert – CBack CrackerTracker. 
 
No offence - My post was designed to point you in the right direction.

I was being subtle, because I didn't want to disappoint spydie that it the thread by the "Inactive User" MG states that the problem with check-boxes has been fixed.

If it hasn't and you say you didn't add check-boxes anyway, then the problem is something else. Other than that - Killing a whole file for the sake of avoiding a security problem is only going to maybe leave the file open to possible attacks.

It would be better if MG knows what Cracker Tracker is blocking - Then he could make allowances for it in CT, just like he did with adding check-boxes.

One day you may get hacked, and it doesn't help if you open up files by removing what MG is trying to protect.

On the other hand -  PHP v5* is much more secure than the previous versions in that things are done very differently. - Maybe MG needs to re-evaluate if cTracker has a useful purpose any more.  
 



 
mortSend private message  
Back to topPage bottom
Post new topic  Reply to topic  Page 1 of 1
 


Display posts from previous:    

HideWas this topic useful?

Link this topic
URL
BBCode
HTML




 
Permissions List
You cannot post new topics
You cannot reply to topics
You cannot edit your posts
You cannot delete your posts
You cannot vote in polls
You cannot attach files
You can download files
You cannot post calendar events


  

 

  cron