CTracker errors »  Show posts from    to     

Icy Phoenix


Old Bugs - CTracker errors



KugeLSichA [ Wed 10 Jan, 2007 12:36 ]
Post subject: CTracker errors
Hey people,

please post here where you get an CTracker Security Alert.

Explain on which site you get this error and what have you tried to do.

Thx


KugeLSichA [ Wed 10 Jan, 2007 12:37 ]
Post subject: Re: CTracker errors
Security Alert on "User personal Galleries" I tried to upload an pic after filling out the required fields and clicked submit, CT stops me


TheSteffen [ Wed 10 Jan, 2007 22:29 ]
Post subject: Re: CTracker errors
I got Security Alert every time when searching for many words like

"failed to open stream: No such file or directory in"


Mighty Gorgon [ Thu 11 Jan, 2007 01:56 ]
Post subject: Re: CTracker errors
KugeLSichA wrote: [View Post]
Security Alert on "User personal Galleries" I tried to upload an pic after filling out the required fields and clicked submit, CT stops me

Can you tell me what you are writing in the textboxes? I've uploaded several pictures in my Personal Gallery without errors.

TheSteffen wrote: [View Post]
I got Security Alert every time when searching for many words like

"failed to open stream: No such file or directory in"

I'll check this one too...


Mighty Gorgon [ Thu 11 Jan, 2007 01:59 ]
Post subject: Re: CTracker errors
I should have fixed the search issue... I still need to understand what the error is in the Personal Gallery...


KugeLSichA [ Thu 11 Jan, 2007 08:29 ]
Post subject: Re: CTracker errors
Mighty Gorgon wrote: [View Post]
I should have fixed the search issue... I still need to understand what the error is in the Personal Gallery...


now i tried again and now i dont get an error...

I tried with pic description and without but now i can upload pic without CT Security Alert... dont know what was causing this error first


Mighty Gorgon [ Fri 12 Jan, 2007 02:15 ]
Post subject: Re: CTracker errors
KugeLSichA wrote: [View Post]
Mighty Gorgon wrote: [View Post]
I should have fixed the search issue... I still need to understand what the error is in the Personal Gallery...


now i tried again and now i dont get an error...

I tried with pic description and without but now i can upload pic without CT Security Alert... dont know what was causing this error first

We have to keep this under control and understand which POST FIELD may cause the error.


TheSteffen [ Fri 12 Jan, 2007 08:39 ]
Post subject: Re: CTracker errors
I got a SECURITY ALERT by editing a post to an poll.

It came by the secound Poll option

This was the post Link


KugeLSichA [ Fri 12 Jan, 2007 09:47 ]
Post subject: Re: CTracker errors
hmm strange...

TheSteffen, I edited your post and i can create a poll with 3 answers and i got no CT error


TheSteffen [ Fri 12 Jan, 2007 10:00 ]
Post subject: Re: CTracker errors
KugeLSichA wrote: [View Post]
hmm strange...

TheSteffen, I edited your post and i can create a poll with 3 answers and i got no CT error


It's maybe because of numbers of word you choose

I dryed a third time and it's only work with short words (yes and no)

I also got the error by update an poll option.

Could you please try again KugelSichA


KugeLSichA [ Fri 12 Jan, 2007 10:19 ]
Post subject: Re: CTracker errors
Yes TheSteffen i can verify this... and my first test depends on thoose short words...

we have to wait for Luca, maybe he has an solution


KugeLSichA [ Fri 12 Jan, 2007 13:34 ]
Post subject: Re: CTracker errors
ok now I have the bug again and it depends defently on the pic name and pic description

now i got it uploaded only if i choose 3 charackter for pic name and 3 charackters for pic description otherwise i got an CT error...

P.S.: btw if the pic is bigger than the allow upload size i got an emtpy page without any message...

MD can you verify this?


KugeLSichA [ Fri 12 Jan, 2007 14:31 ]
Post subject: Re: CTracker errors
YES

maybe i found the solution for this... I played yet an little bit on my forum with these CT error while uploading an image and i found out:

If you use an pic_title with one more more spaces in there, you get the CT error. But only by pic_title, if you add spaces to pic_desc you dont get this error...

Maybe i have also the fix for this, but MG has to verify:

OPEN ctracker/engines/ct_security.php
FIND
Code: [Hide] [Select]
'submitavatar', 'del_attachment', 'update_attachment', 'edit_comment',

AFTER, ADD
Code: [Hide] [Select]
'pic_title', 'pic_desc',


this works by me and now users can add also spaces to the pic title.




Regarding TheSteffen`s problem with poll maybe we can fix this too by adding one or all of these value´s to ct_security.php
Code: [Hide] [Select]
poll_length
poll_option_text
edit_poll_option
del_poll_option


TheSteffen, can you please add the poll fields to your ct_security.php and try again with the poll on your forum, and tell us if the error is fixed?

thx


TheSteffen [ Sun 14 Jan, 2007 21:53 ]
Post subject: Re: CTracker errors
KugeLSichA wrote: [View Post]
TheSteffen, can you please add the poll fields to your ct_security.php and try again with the poll on your forum, and tell us if the error is fixed?


MG has updated it in release 1.0.6.6 so it's working now. Thanks


KugeLSichA [ Sun 14 Jan, 2007 22:33 ]
Post subject: Re: CTracker errors
TheSteffen wrote: [View Post]
KugeLSichA wrote: [View Post]
TheSteffen, can you please add the poll fields to your ct_security.php and try again with the poll on your forum, and tell us if the error is fixed?


MG has updated it in release 1.0.6.6 so it's working now. Thanks


Yes i know and not only this... he told me also how i can find out what input field causes that error...

OPEN ctracker/engines/ct_security.php
FIND arroung line 31
Code: [Hide] [Select]
define('CT_DEBUG_MODE', false);
//define('CT_DEBUG_MODE', true);

REPLACE WITH
Code: [Hide] [Select]
//define('CT_DEBUG_MODE', false);
define('CT_DEBUG_MODE', true);


Use it only when you have somewhere an CT error an you want to figure out where its comes from... then make the changes i´ve written above and try to replicate the error. After you got the error, went into ACP -> CrackerTracker -> Logmanager -> Debug entries

then you see an solution, you dont need to do it... its enough if you give us the field (which is told there) so we can check and fix it.

greetz


TheSteffen [ Mon 15 Jan, 2007 08:22 ]
Post subject: Re: CTracker errors
Thanks for the hint


Lordpeter [ Tue 16 Jan, 2007 15:55 ]
Post subject: Re: CTracker Errors
When adding a user to a group ( Users&groups fuction)it give a ctracker error, how to fix this


KugeLSichA [ Tue 16 Jan, 2007 18:51 ]
Post subject: Re: CTracker Errors
Lordpeter wrote: [View Post]
When adding a user to a group ( Users&groups fuction)it give a ctracker error, how to fix this


does anyone have this error too? Because i dont have an error when i add an user to one group.


KugeLSichA [ Tue 16 Jan, 2007 19:11 ]
Post subject: Re: CTracker errors
Quote:
also, when a user on my forum tries to use the delete all function in the PM inbox, it gives them a CTracker security alert page


m740 [ Wed 17 Jan, 2007 21:19 ]
Post subject: Re: CTracker Errors
KugeLSichA wrote: [View Post]
YES

maybe i found the solution for this... I played yet an little bit on my forum with these CT error while uploading an image and i found out:

If you use an pic_title with one more more spaces in there, you get the CT error. But only by pic_title, if you add spaces to pic_desc you dont get this error...

Maybe i have also the fix for this, but MG has to verify:

OPEN ctracker/engines/ct_security.php
FIND
Code: [Hide] [Select]
'submitavatar', 'del_attachment', 'update_attachment', 'edit_comment',

AFTER, ADD
Code: [Hide] [Select]
'pic_title', 'pic_desc',



thx


it is also necessary to add:


Code: [Hide] [Select]
'avatargenerator', 'signature'


For avatar generator.


Lord Karadura [ Sat 27 Jan, 2007 18:18 ]
Post subject: Re: CTracker Errors
Error when trying to "Tell a Friend" about an specific topic.

Quote:
SECURITY ALERT » » » »
CBACK CrackerTracker has detected a potential attack on this site with a worm or exploit script so the Security System stopped the script.


If you can see this page after including a new MOD into your board or after clicking on a link please contact the Board Administrator with this error message and a description what you have done before you could see this page, that the Admin has the possibility to fix the problem.


And the CTracker Log says this:

Quote:
/tellafriend.php?topic=Escribid%20EN%20ESTE%20POST%20todos%20vuestros%20comentarios&link=http://localhost/viewtopic.php?topic_id=8


It happens just in ONE topic.

Hail!

Running at IcePhoenix


Steno [ Sun 28 Jan, 2007 14:48 ]
Post subject: Re: CTracker Errors
Image error.
An image posted with www prefix gives a CT-error, without the www-prefix it works fine.
When thinking further this might have something to do with how the remote host configures the .htaccess??

testing it here now.
with the www -> no picture (CT-error)
banner
without www it;s just fine.
banner

And the link to the error. As you can see, it also goes wrong on icyphoenix.com.


difus [ Sun 28 Jan, 2007 15:42 ]
Post subject: Re: CTracker errors
try this

open ctracker/engines/ct_security.php

find
Code: [Hide]
  1. $ct_rules = array(  
  2. 'http_', '_server', 'delete%20', 'delete ', 'drop%20', 'drop ', 'create%20',  
  3. 'create ', 'update%20', 'update ', 'insert%20', 'insert ',  
  4. 'select%20', 'select ', 'bulk%20', 'bulk ', 'union%20', 'union ',  
  5. 'or%20', 'or ', 'and%20', 'and ', 'exec', '@@', '%22', '"', 'openquery',  
  6. 'openrowset', 'msdasql', 'sqloledb', 'sysobjects', 'syscolums',  
  7. 'syslogins', 'sysxlogins', 'char%20', 'char ', 'into%20', 'into ',  
  8. 'load%20', 'load ', 'msys', 'alert%20', 'alert ', 'eval%20', 'eval ',  
  9. 'onkeyup', 'x5cx', 'fromcharcode', 'javascript:', 'javascript.', 'vbscript:',  
  10. 'vbscript.', 'http-equiv', '->', 'expression%20', 'expression ',  
  11. 'url%20', 'url ', 'innerhtml', 'document.', 'dynsrc', 'jsessionid',  
  12. 'style%20', 'style ', 'phpsessid', '<applet', '<div', '<emded', '<iframe', '<img',  
  13. '<meta', '<object', '<script', '<textarea', 'onabort', 'onblur',  
  14. 'onchange', 'onclick', 'ondblclick', 'ondragdrop', 'onerror',  
  15. 'onfocus', 'onkeydown', 'onkeypress', 'onload', 'onmouse',  
  16. 'onmove', 'onreset', 'onresize', 'onselect', 'onsubmit',  
  17. 'onunload', 'onreadystatechange', 'xmlhttp', 'uname%20', 'uname ',  
  18. 'id%20', 'id ', 'ls%20', 'ls ', 'cat%20', 'cat ', 'rm%20', 'rm ',  
  19. 'kill%20', 'kill ', 'mail%20', 'mail ', 'wget%20', 'wget ', 'wget(',  
  20. 'pwd%20', 'pwd ', 'objectclass', 'objectcategory', '<!-%20', '<!- ',  
  21. 'total%20', 'total ', 'http%20request', 'http request', 'phpb8b4f2a0',  
  22. 'phpinfo', 'php:', 'globals', '%2527', '%27', ''', 'chr(',  
  23. 'chr=', 'chr%20', 'chr ', '%20chr', ' chr', 'cmd=', 'cmd%20', 'cmd',  
  24. '%20cmd', ' cmd', 'rush=', '%20rush', ' rush', 'rush%20', 'rush ',  
  25. 'union%20', 'union ', '%20union', ' union', 'union(', 'union=',  
  26. '%20echr', ' echr', 'esystem', 'cp%20', 'cp ', 'cp(', '%20cp', ' cp',  
  27. 'mdir%20', 'mdir ', '%20mdir', ' mdir', 'mdir(', 'mcd%20', 'mcd ',  
  28. 'mrd%20', 'mrd ', 'rm%20', 'rm ', '%20mcd', ' mcd', '%20mrd', ' mrd',  
  29. '%20rm', ' rm', 'mcd(', 'mrd(', 'rm(', 'mcd=', 'mrd=', 'mv%20', 'mv ',  
  30. 'rmdir%20', 'rmdir ', 'mv(', 'rmdir(', 'chmod(', 'chmod%20', 'chmod ',  
  31. 'cc%20', 'cc ', '%20chmod', ' chmod', 'chmod(', 'chmod=', 'chown%20', 'chown ',  
  32. 'chgrp%20', 'chgrp ', 'chown(', 'chgrp(', 'locate%20', 'locate ', 'grep%20', 'grep ',  
  33. 'locate(', 'grep(', 'diff%20', 'diff ', 'kill%20', 'kill ', 'kill(', 'killall',  
  34. 'passwd%20', 'passwd ', '%20passwd', ' passwd', 'passwd(', 'telnet%20', 'telnet ',  
  35. 'vi(', 'vi%20', 'vi ', 'nigga(', '%20nigga', ' nigga', 'nigga%20', 'nigga ',  
  36. 'fopen', 'fwrite', '%20like', ' like', 'like%20', 'like ', '$_',  
  37. '$get', '.system', 'http_php', '%20getenv', ' getenv', 'getenv%20', 'getenv ',  
  38. 'new_password', '/password', 'etc/', '/groups', '/gshadow',  
  39. 'http_user_agent', 'http_host', 'bin/', 'wget%20', 'wget ', 'uname%5c',  
  40. 'uname', 'usr', '/chgrp', '=chown', 'usr/bin', 'g%5c',  
  41. 'g', 'bin/python', 'bin/tclsh', 'bin/nasm', 'perl%20', 'perl ', '.pl',  
  42. 'traceroute%20', 'traceroute ', 'tracert%20', 'tracert ', 'ping%20', 'ping ',  
  43. '/usr/x11r6/bin/xterm', 'lsof%20', 'lsof ', '/mail', '.conf', 'motd%20', 'motd ',  
  44. 'http/1.', '.inc.php', 'config.php', 'cgi-', '.eml', 'file%5c://',  
  45. 'file:', 'file://', 'window.open', 'img src', 'img%20src', 'img src',  
  46. '.jsp', 'ftp.', 'xp_enumdsn', 'xp_availablemedia',  
  47. 'xp_filelist', 'nc.exe', '.htpasswd', 'servlet', '/etc/passwd', '/etc/shadow',  
  48. 'wwwacl', '~root', '~ftp', '.js', '.jsp', '.history',  
  49. 'bash_history', '~nobody', 'server-info', 'server-status',  
  50. '%20reboot', ' reboot', '%20halt', ' halt', '%20powerdown', ' powerdown',  
  51. '/home/ftp', '=reboot', 'www/', 'init%20', 'init ','=halt', '=powerdown',  
  52. 'ereg(', 'secure_site', 'chunked', 'org.apache', '/servlet/con',  
  53. '/robot', 'mod_gzip_status', '.inc', '.system', 'getenv',  
  54. 'http_', '_php', 'php_', 'phpinfo()', '<?php', '?>', '%3C%3Fphp',  
  55. '%3F>', 'sql=', '_global', 'global_', 'global[', '_server',  
  56. 'server_', 'server[', '/modules', 'modules/', 'phpadmin',  
  57. 'root_path', '_globals', 'globals_', 'globals[', 'iso-8859-1',  
  58. '?hl=', '%3fhl=', '.exe', '.sh', '%00', rawurldecode('%00'), '_env'  
  59. ); 


find www and cut
see results

if you have more problems - try to find ctracker stopping word


sonoangelo [ Sun 28 Jan, 2007 16:39 ]
Post subject: Re: CTracker Errors
i have this ctracker error when i want to delete an user from a group


Steno [ Sun 28 Jan, 2007 23:12 ]
Post subject: Re: CTracker Errors
difus wrote: [View Post]
try this

open ctracker/engines/ct_security.php

find www and cut
see results

if you have more problems - try to find ctracker stopping word


Hmm sorry, did not work, I have the same code as you stated and there's no plain www in it. 2 times wwwacl and www/, but both didn't do the trick.


difus [ Mon 29 Jan, 2007 00:23 ]
Post subject: Re: CTracker errors
it means that it isn't www

do test

replace all this code with


Code: [Hide]
  1. $ct_rules = array(  
  2. 'http_', rawurldecode('%00'), '_env'  
  3. ); 


let me know


Mighty Gorgon [ Wed 31 Jan, 2007 01:55 ]
Post subject: Re: CTracker errors
Steno wrote: [View Post]
Image error.
An image posted with www prefix gives a CT-error, without the www-prefix it works fine.
When thinking further this might have something to do with how the remote host configures the .htaccess??

testing it here now.
with the www -> no picture (CT-error)
banner
without www it;s just fine.
banner

And the link to the error. As you can see, it also goes wrong on icyphoenix.com.

Thanks for pointing this out... I'll try to have a look and figure out how to solve it without removing WWW in the CT check how difus is suggesting.

difus, your solution will work, but I have to check if there is a better way for doing it without removing all the security checks of CT. Thanks for pointing us to the solution.


hpl [ Sat 17 Feb, 2007 02:03 ]
Post subject: Re: CTracker Errors
sonoangelo wrote: [View Post]
i have this ctracker error when i want to delete an user from a group


me too!


ddv [ Sat 17 Feb, 2007 09:25 ]
Post subject: Re: CTracker Errors
I am having trouble with Cracker Tracker submitting an article to the Knowledge Base. The problem definitely appears to be in the Title. These triggered an alert:

Huntsville Lakes Council -- Who we are and what we do.
The Huntsville Lakes Council
The HLC

These did not:

Lets try a new title
This is yet another test.
Mission Statement

This is a fresh install -- 1.0.5.5 unzipped, then 1.0.6.6 files copied over, then install.php run -- on a fresh database. Logged in as Admin, no other users registered. I tried to disable Cracker Tracker through the ACP, turning off everything I could find in "Settings", but it still reports "Active" when "Maintenance and Tests" is viewed and obviously still reads the titles.


Mighty Gorgon [ Wed 21 Feb, 2007 01:58 ]
Post subject: Re: CTracker errors
Steno wrote: [View Post]
Image error.
An image posted with www prefix gives a CT-error, without the www-prefix it works fine.
When thinking further this might have something to do with how the remote host configures the .htaccess??

I have fixed this... and I'll check again KB, even if I should already have solved it.


tiziano [ Mon 12 Mar, 2007 00:30 ]
Post subject: Re: FIXED - CTracker Errors
how resolve this problem ?

CBACK CrackerTracker has detected a potential attack on this site with a worm or exploit script so the Security System stopped the script.


If you can see this page after including a new MOD into your board or after clicking on a link please contact the Board Administrator with this error message and a description what you have done before you could see this page, that the Admin has the possibility to fix the problem.


pse help me.


tiziano [ Mon 12 Mar, 2007 14:45 ]
Post subject: Re: CTracker Errors
Mighty Gorgon wrote: [View Post]
Steno wrote: [View Post]
Image error.
An image posted with www prefix gives a CT-error, without the www-prefix it works fine.
When thinking further this might have something to do with how the remote host configures the .htaccess??

I have fixed this... and I'll check again KB, even if I should already have solved it.



Hi Luca please Help me for solved this problem...
tnx


tiziano [ Wed 14 Mar, 2007 00:09 ]
Post subject: Re: CTracker Errors
PLEASE help me ....


Mighty Gorgon [ Wed 14 Mar, 2007 02:48 ]
Post subject: Re: FIXED - CTracker errors
Tiziano, stop bumping your own topic...

If you want to receive help you should report what the error is... and how to replicate it.

A link to the error is suited too...


tiziano [ Wed 14 Mar, 2007 08:15 ]
Post subject: Re: CTracker Errors
when remove a member from the group and add new KB I have these:


CBACK CrackerTracker has detected a potential attack on this site with a worm or exploit script so the Security System stopped the script.
If you can see this page after including a new MOD into your board or after clicking on a link please contact the Board Administrator with this error message and a description what you have done before you could see this page, that the Admin has the possibility to fix the problem.


pse help me.


tiziano [ Sat 17 Mar, 2007 16:17 ]
Post subject: Re: CTracker Errors
When remove member from a group appears this error:

immagine

http://www.fasanforum.com/groupcp.php?g=3



pse help me


Xusqui [ Wed 21 Mar, 2007 15:21 ]
Post subject: Re: FIXED - CTracker errors
Maybe it would be a good idea to post the log files when CTracker is in debug mode, or post the modified files that everyone made inside their own MX2 / IP files...


Mighty Gorgon [ Thu 22 Mar, 2007 02:35 ]
Post subject: Re: FIXED - CTracker errors
I've fixed the Group thing... but I can't understand the KB issue...

Try to do like Xusqui is suggesting.




Powered by Icy Phoenix