FIXED CTracker errors

The time now is Thu 09 Oct, 2025 00:33 • All times are UTC + 1 Hour [DST enabled]

FIXED CTracker errors

Page 2 of 3
Goto page Previous 1, 2, 3 Next

TheSteffen Joined: August 2006 Posts: 1625 Location: Magdeburg	Re: CTracker errors Thanks for the hint
#16 Mon 15 Jan, 2007 08:22

Sponsors	Icy Phoenix is an open source project, you can show your appreciation and support future development by donating to the project.

Lordpeter Joined: October 2006 Posts: 15	Re: CTracker Errors When adding a user to a group ( Users&groups fuction)it give a ctracker error, how to fix this
#17 Tue 16 Jan, 2007 15:55

KugeLSichA Joined: August 2006 Posts: 803 Location: Dresden	Re: CTracker Errors Lordpeter wrote: [View Post] When adding a user to a group ( Users&groups fuction)it give a ctracker error, how to fix this does anyone have this error too? Because i dont have an error when i add an user to one group. ____________ Play Games at GamesCampus!
#18 Tue 16 Jan, 2007 18:51

KugeLSichA Joined: August 2006 Posts: 803 Location: Dresden	Re: CTracker errors Quote: also, when a user on my forum tries to use the delete all function in the PM inbox, it gives them a CTracker security alert page ____________ Play Games at GamesCampus!
#19 Tue 16 Jan, 2007 19:11

m740

Joined: August 2006
Posts: 84
Location:

Mollet del Valles, Catalonia, Spain

Re: CTracker Errors

KugeLSichA wrote: [View Post]
YES

maybe i found the solution for this... I played yet an little bit on my forum with these CT error while uploading an image and i found out:

If you use an pic_title with one more more spaces in there, you get the CT error. But only by pic_title, if you add spaces to pic_desc you dont get this error...

Maybe i have also the fix for this, but MG has to verify:

OPEN ctracker/engines/ct_security.php
FIND

Code: [Download] [Hide] [Select]
Code: [Download] [Show]
    'submitavatar', 'del_attachment', 'update_attachment', 'edit_comment',

AFTER, ADD

Code: [Download] [Hide] [Select]
Code: [Download] [Show]
    'pic_title', 'pic_desc',

thx

it is also necessary to add:

Code: [Download] [Hide] [Select]

'avatargenerator', 'signature'

For avatar generator.

____________
www.todoPVR.com IP 2.0.0.86 DVB-T PVR's

#20 Wed 17 Jan, 2007 21:19

Lord Karadura

Joined: November 2006
Posts: 42
Location:

Re: CTracker Errors

Error when trying to "Tell a Friend" about an specific topic.

Quote:
SECURITY ALERT » » » »
CBACK CrackerTracker has detected a potential attack on this site with a worm or exploit script so the Security System stopped the script.

If you can see this page after including a new MOD into your board or after clicking on a link please contact the Board Administrator with this error message and a description what you have done before you could see this page, that the Admin has the possibility to fix the problem.

And the CTracker Log says this:

Quote:
/tellafriend.php?topic=Escribid%20EN%20ESTE%20POST%20todos%20vuestros%20comentarios&link=http://localhost/viewtopic.php?topic_id=8

It happens just in ONE topic.

Hail!

Running at IcePhoenix

#21 Sat 27 Jan, 2007 18:18

Steno Joined: December 2006 Posts: 2	Re: CTracker Errors Image error. An image posted with www prefix gives a CT-error, without the www-prefix it works fine. When thinking further this might have something to do with how the remote host configures the .htaccess?? testing it here now. with the www -> no picture (CT-error) without www it;s just fine. And the link to the error. As you can see, it also goes wrong on icyphoenix.com.
#22 Sun 28 Jan, 2007 14:48

difus

Joined: August 2006
Posts: 763
Location:

Re: CTracker errors

try this

open ctracker/engines/ct_security.php

find

Code: [Download] [Hide]

$ct_rules = array(
 
    'http_', '_server', 'delete%20', 'delete ', 'drop%20', 'drop ', 'create%20',
 
    'create ', 'update%20', 'update ', 'insert%20', 'insert ',
 
    'select%20', 'select ', 'bulk%20', 'bulk ', 'union%20', 'union ',
 
    'or%20', 'or ', 'and%20', 'and ', 'exec', '@@', '%22', '"', 'openquery',
 
    'openrowset', 'msdasql', 'sqloledb', 'sysobjects', 'syscolums',
 
    'syslogins', 'sysxlogins', 'char%20', 'char ', 'into%20', 'into ',
 
    'load%20', 'load ', 'msys', 'alert%20', 'alert ', 'eval%20', 'eval ',
 
    'onkeyup', 'x5cx', 'fromcharcode', 'javascript:', 'javascript.', 'vbscript:',
 
    'vbscript.', 'http-equiv', '->', 'expression%20', 'expression ',
 
    'url%20', 'url ', 'innerhtml', 'document.', 'dynsrc', 'jsessionid',
 
    'style%20', 'style ', 'phpsessid', '<applet', '<div', '<emded', '<iframe', '<img',
 
    '<meta', '<object', '<script', '<textarea', 'onabort', 'onblur',
 
    'onchange', 'onclick', 'ondblclick', 'ondragdrop', 'onerror',
 
    'onfocus', 'onkeydown', 'onkeypress', 'onload', 'onmouse',
 
    'onmove', 'onreset', 'onresize', 'onselect', 'onsubmit',
 
    'onunload', 'onreadystatechange', 'xmlhttp', 'uname%20', 'uname ',
 
    'id%20', 'id ', 'ls%20', 'ls ', 'cat%20', 'cat ', 'rm%20', 'rm ',
 
    'kill%20', 'kill ', 'mail%20', 'mail ', 'wget%20', 'wget ', 'wget(',
 
    'pwd%20', 'pwd ', 'objectclass', 'objectcategory', '<!-%20', '<!- ',
 
    'total%20', 'total ', 'http%20request', 'http request', 'phpb8b4f2a0',
 
    'phpinfo', 'php:', 'globals', '%2527', '%27', ''', 'chr(',
 
    'chr=', 'chr%20', 'chr ', '%20chr', ' chr', 'cmd=', 'cmd%20', 'cmd',
 
    '%20cmd', ' cmd', 'rush=', '%20rush', ' rush', 'rush%20', 'rush ',
 
    'union%20', 'union ', '%20union', ' union', 'union(', 'union=',
 
    '%20echr', ' echr', 'esystem', 'cp%20', 'cp ', 'cp(', '%20cp', ' cp',
 
    'mdir%20', 'mdir ', '%20mdir', ' mdir', 'mdir(', 'mcd%20', 'mcd ',
 
    'mrd%20', 'mrd ', 'rm%20', 'rm ', '%20mcd', ' mcd', '%20mrd', ' mrd',
 
    '%20rm', ' rm', 'mcd(', 'mrd(', 'rm(', 'mcd=', 'mrd=', 'mv%20', 'mv ',
 
    'rmdir%20', 'rmdir ', 'mv(', 'rmdir(', 'chmod(', 'chmod%20', 'chmod ',
 
    'cc%20', 'cc ', '%20chmod', ' chmod', 'chmod(', 'chmod=', 'chown%20', 'chown ',
 
    'chgrp%20', 'chgrp ', 'chown(', 'chgrp(', 'locate%20', 'locate ', 'grep%20', 'grep ',
 
    'locate(', 'grep(', 'diff%20', 'diff ', 'kill%20', 'kill ', 'kill(', 'killall',
 
    'passwd%20', 'passwd ', '%20passwd', ' passwd', 'passwd(', 'telnet%20', 'telnet ',
 
    'vi(', 'vi%20', 'vi ', 'nigga(', '%20nigga', ' nigga', 'nigga%20', 'nigga ',
 
    'fopen', 'fwrite', '%20like', ' like', 'like%20', 'like ', '$_',
 
    '$get', '.system', 'http_php', '%20getenv', ' getenv', 'getenv%20', 'getenv ',
 
    'new_password', '/password', 'etc/', '/groups', '/gshadow',
 
    'http_user_agent', 'http_host', 'bin/', 'wget%20', 'wget ', 'uname%5c',
 
    'uname', 'usr', '/chgrp', '=chown', 'usr/bin', 'g%5c',
 
    'g', 'bin/python', 'bin/tclsh', 'bin/nasm', 'perl%20', 'perl ', '.pl',
 
    'traceroute%20', 'traceroute ', 'tracert%20', 'tracert ', 'ping%20', 'ping ',
 
    '/usr/x11r6/bin/xterm', 'lsof%20', 'lsof ', '/mail', '.conf', 'motd%20', 'motd ',
 
    'http/1.', '.inc.php', 'config.php', 'cgi-', '.eml', 'file%5c://',
 
    'file:', 'file://', 'window.open', 'img src', 'img%20src', 'img src',
 
    '.jsp', 'ftp.', 'xp_enumdsn', 'xp_availablemedia',
 
    'xp_filelist', 'nc.exe', '.htpasswd', 'servlet', '/etc/passwd', '/etc/shadow',
 
    'wwwacl', '~root', '~ftp', '.js', '.jsp', '.history',
 
    'bash_history', '~nobody', 'server-info', 'server-status',
 
    '%20reboot', ' reboot', '%20halt', ' halt', '%20powerdown', ' powerdown',
 
    '/home/ftp', '=reboot', 'www/', 'init%20', 'init ','=halt', '=powerdown',
 
    'ereg(', 'secure_site', 'chunked', 'org.apache', '/servlet/con',
 
    '/robot', 'mod_gzip_status', '.inc', '.system', 'getenv',
 
    'http_', '_php', 'php_', 'phpinfo()', '<?php', '?>', '%3C%3Fphp',
 
    '%3F>', 'sql=', '_global', 'global_', 'global[', '_server',
 
    'server_', 'server[', '/modules', 'modules/', 'phpadmin',
 
    'root_path', '_globals', 'globals_', 'globals[', 'iso-8859-1',
 
    '?hl=', '%3fhl=', '.exe', '.sh', '%00', rawurldecode('%00'), '_env'
 
);

find www and cut
see results

if you have more problems - try to find ctracker stopping word

____________
*VOLVO CLUB*

#23 Sun 28 Jan, 2007 15:42

sonoangelo Joined: December 2006 Posts: 200 Location: Sicilia	Re: CTracker Errors i have this ctracker error when i want to delete an user from a group
#24 Sun 28 Jan, 2007 16:39

Steno Joined: December 2006 Posts: 2	Re: CTracker Errors difus wrote: [View Post] try this open ctracker/engines/ct_security.php find www and cut see results if you have more problems - try to find ctracker stopping word Hmm sorry, did not work, I have the same code as you stated and there's no plain www in it. 2 times wwwacl and www/, but both didn't do the trick.
#25 Sun 28 Jan, 2007 23:12

difus Joined: August 2006 Posts: 763 Location:	Re: CTracker errors it means that it isn't www do test replace all this code with Code: [Download] [Hide] Code: [Download] [Show] $ct_rules = array( 'http_', rawurldecode('%00'), '_env' ); let me know ____________ *VOLVO CLUB*
#26 Mon 29 Jan, 2007 00:23

Mighty Gorgon

Luca Libralato

Joined: August 2006
Posts: 7192
Location:

Borgo San Michele

Re: CTracker errors

Steno wrote: [View Post]
Image error.
An image posted with www prefix gives a CT-error, without the www-prefix it works fine.
When thinking further this might have something to do with how the remote host configures the .htaccess??

testing it here now.
with the www -> no picture (CT-error)

without www it;s just fine.

And the link to the error. As you can see, it also goes wrong on icyphoenix.com.

Thanks for pointing this out... I'll try to have a look and figure out how to solve it without removing WWW in the CT check how difus is suggesting.

difus, your solution will work, but I have to check if there is a better way for doing it without removing all the security checks of CT. Thanks for pointing us to the solution.

____________
Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON

#27 Wed 31 Jan, 2007 01:55

hpl Joined: August 2006 Posts: 302 Location: Trieste	Re: CTracker Errors sonoangelo wrote: [View Post] i have this ctracker error when i want to delete an user from a group me too!
#28 Sat 17 Feb, 2007 02:03

ddv

Joined: February 2007
Posts: 13

Re: CTracker Errors

I am having trouble with Cracker Tracker submitting an article to the Knowledge Base. The problem definitely appears to be in the Title. These triggered an alert:

Huntsville Lakes Council -- Who we are and what we do.
The Huntsville Lakes Council
The HLC

These did not:

Lets try a new title
This is yet another test.
Mission Statement

This is a fresh install -- 1.0.5.5 unzipped, then 1.0.6.6 files copied over, then install.php run -- on a fresh database. Logged in as Admin, no other users registered. I tried to disable Cracker Tracker through the ACP, turning off everything I could find in "Settings", but it still reports "Active" when "Maintenance and Tests" is viewed and obviously still reads the titles.

#29 Sat 17 Feb, 2007 09:25

Mighty Gorgon

Luca Libralato

Joined: August 2006
Posts: 7192
Location:

Borgo San Michele

Re: CTracker errors

Steno wrote: [View Post]
Image error.
An image posted with www prefix gives a CT-error, without the www-prefix it works fine.
When thinking further this might have something to do with how the remote host configures the .htaccess??

I have fixed this... and I'll check again KB, even if I should already have solved it.

____________
Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON

#30 Wed 21 Feb, 2007 01:58

Page 2 of 3
Goto page Previous 1, 2, 3 Next

Was this topic useful?

Link this topic
URL
BBCode
HTML

The time now is Thu 09 Oct, 2025 00:33 • All times are UTC + 1 Hour [DST enabled]

Permissions List

You cannot post new topics
You cannot reply to topics
You cannot edit your posts
You cannot delete your posts
You cannot vote in polls
You cannot attach files
You can download files
You cannot post calendar events