CTracker errors »  Show posts from    to     

Icy Phoenix


Old Bugs - CTracker errors



TheSteffen [ Mon 15 Jan, 2007 08:22 ]
Post subject: Re: CTracker errors
Thanks for the hint


Lordpeter [ Tue 16 Jan, 2007 15:55 ]
Post subject: Re: CTracker Errors
When adding a user to a group ( Users&groups fuction)it give a ctracker error, how to fix this


KugeLSichA [ Tue 16 Jan, 2007 18:51 ]
Post subject: Re: CTracker Errors
Lordpeter wrote: [View Post]
When adding a user to a group ( Users&groups fuction)it give a ctracker error, how to fix this


does anyone have this error too? Because i dont have an error when i add an user to one group.


KugeLSichA [ Tue 16 Jan, 2007 19:11 ]
Post subject: Re: CTracker errors
Quote:
also, when a user on my forum tries to use the delete all function in the PM inbox, it gives them a CTracker security alert page


m740 [ Wed 17 Jan, 2007 21:19 ]
Post subject: Re: CTracker Errors
KugeLSichA wrote: [View Post]
YES

maybe i found the solution for this... I played yet an little bit on my forum with these CT error while uploading an image and i found out:

If you use an pic_title with one more more spaces in there, you get the CT error. But only by pic_title, if you add spaces to pic_desc you dont get this error...

Maybe i have also the fix for this, but MG has to verify:

OPEN ctracker/engines/ct_security.php
FIND
Code: [Hide] [Select]
'submitavatar', 'del_attachment', 'update_attachment', 'edit_comment',

AFTER, ADD
Code: [Hide] [Select]
'pic_title', 'pic_desc',



thx


it is also necessary to add:


Code: [Hide] [Select]
'avatargenerator', 'signature'


For avatar generator.


Lord Karadura [ Sat 27 Jan, 2007 18:18 ]
Post subject: Re: CTracker Errors
Error when trying to "Tell a Friend" about an specific topic.

Quote:
SECURITY ALERT » » » »
CBACK CrackerTracker has detected a potential attack on this site with a worm or exploit script so the Security System stopped the script.


If you can see this page after including a new MOD into your board or after clicking on a link please contact the Board Administrator with this error message and a description what you have done before you could see this page, that the Admin has the possibility to fix the problem.


And the CTracker Log says this:

Quote:
/tellafriend.php?topic=Escribid%20EN%20ESTE%20POST%20todos%20vuestros%20comentarios&link=http://localhost/viewtopic.php?topic_id=8


It happens just in ONE topic.

Hail!

Running at IcePhoenix


Steno [ Sun 28 Jan, 2007 14:48 ]
Post subject: Re: CTracker Errors
Image error.
An image posted with www prefix gives a CT-error, without the www-prefix it works fine.
When thinking further this might have something to do with how the remote host configures the .htaccess??

testing it here now.
with the www -> no picture (CT-error)
banner
without www it;s just fine.
banner

And the link to the error. As you can see, it also goes wrong on icyphoenix.com.


difus [ Sun 28 Jan, 2007 15:42 ]
Post subject: Re: CTracker errors
try this

open ctracker/engines/ct_security.php

find
Code: [Hide]
  1. $ct_rules = array(  
  2. 'http_', '_server', 'delete%20', 'delete ', 'drop%20', 'drop ', 'create%20',  
  3. 'create ', 'update%20', 'update ', 'insert%20', 'insert ',  
  4. 'select%20', 'select ', 'bulk%20', 'bulk ', 'union%20', 'union ',  
  5. 'or%20', 'or ', 'and%20', 'and ', 'exec', '@@', '%22', '"', 'openquery',  
  6. 'openrowset', 'msdasql', 'sqloledb', 'sysobjects', 'syscolums',  
  7. 'syslogins', 'sysxlogins', 'char%20', 'char ', 'into%20', 'into ',  
  8. 'load%20', 'load ', 'msys', 'alert%20', 'alert ', 'eval%20', 'eval ',  
  9. 'onkeyup', 'x5cx', 'fromcharcode', 'javascript:', 'javascript.', 'vbscript:',  
  10. 'vbscript.', 'http-equiv', '->', 'expression%20', 'expression ',  
  11. 'url%20', 'url ', 'innerhtml', 'document.', 'dynsrc', 'jsessionid',  
  12. 'style%20', 'style ', 'phpsessid', '<applet', '<div', '<emded', '<iframe', '<img',  
  13. '<meta', '<object', '<script', '<textarea', 'onabort', 'onblur',  
  14. 'onchange', 'onclick', 'ondblclick', 'ondragdrop', 'onerror',  
  15. 'onfocus', 'onkeydown', 'onkeypress', 'onload', 'onmouse',  
  16. 'onmove', 'onreset', 'onresize', 'onselect', 'onsubmit',  
  17. 'onunload', 'onreadystatechange', 'xmlhttp', 'uname%20', 'uname ',  
  18. 'id%20', 'id ', 'ls%20', 'ls ', 'cat%20', 'cat ', 'rm%20', 'rm ',  
  19. 'kill%20', 'kill ', 'mail%20', 'mail ', 'wget%20', 'wget ', 'wget(',  
  20. 'pwd%20', 'pwd ', 'objectclass', 'objectcategory', '<!-%20', '<!- ',  
  21. 'total%20', 'total ', 'http%20request', 'http request', 'phpb8b4f2a0',  
  22. 'phpinfo', 'php:', 'globals', '%2527', '%27', ''', 'chr(',  
  23. 'chr=', 'chr%20', 'chr ', '%20chr', ' chr', 'cmd=', 'cmd%20', 'cmd',  
  24. '%20cmd', ' cmd', 'rush=', '%20rush', ' rush', 'rush%20', 'rush ',  
  25. 'union%20', 'union ', '%20union', ' union', 'union(', 'union=',  
  26. '%20echr', ' echr', 'esystem', 'cp%20', 'cp ', 'cp(', '%20cp', ' cp',  
  27. 'mdir%20', 'mdir ', '%20mdir', ' mdir', 'mdir(', 'mcd%20', 'mcd ',  
  28. 'mrd%20', 'mrd ', 'rm%20', 'rm ', '%20mcd', ' mcd', '%20mrd', ' mrd',  
  29. '%20rm', ' rm', 'mcd(', 'mrd(', 'rm(', 'mcd=', 'mrd=', 'mv%20', 'mv ',  
  30. 'rmdir%20', 'rmdir ', 'mv(', 'rmdir(', 'chmod(', 'chmod%20', 'chmod ',  
  31. 'cc%20', 'cc ', '%20chmod', ' chmod', 'chmod(', 'chmod=', 'chown%20', 'chown ',  
  32. 'chgrp%20', 'chgrp ', 'chown(', 'chgrp(', 'locate%20', 'locate ', 'grep%20', 'grep ',  
  33. 'locate(', 'grep(', 'diff%20', 'diff ', 'kill%20', 'kill ', 'kill(', 'killall',  
  34. 'passwd%20', 'passwd ', '%20passwd', ' passwd', 'passwd(', 'telnet%20', 'telnet ',  
  35. 'vi(', 'vi%20', 'vi ', 'nigga(', '%20nigga', ' nigga', 'nigga%20', 'nigga ',  
  36. 'fopen', 'fwrite', '%20like', ' like', 'like%20', 'like ', '$_',  
  37. '$get', '.system', 'http_php', '%20getenv', ' getenv', 'getenv%20', 'getenv ',  
  38. 'new_password', '/password', 'etc/', '/groups', '/gshadow',  
  39. 'http_user_agent', 'http_host', 'bin/', 'wget%20', 'wget ', 'uname%5c',  
  40. 'uname', 'usr', '/chgrp', '=chown', 'usr/bin', 'g%5c',  
  41. 'g', 'bin/python', 'bin/tclsh', 'bin/nasm', 'perl%20', 'perl ', '.pl',  
  42. 'traceroute%20', 'traceroute ', 'tracert%20', 'tracert ', 'ping%20', 'ping ',  
  43. '/usr/x11r6/bin/xterm', 'lsof%20', 'lsof ', '/mail', '.conf', 'motd%20', 'motd ',  
  44. 'http/1.', '.inc.php', 'config.php', 'cgi-', '.eml', 'file%5c://',  
  45. 'file:', 'file://', 'window.open', 'img src', 'img%20src', 'img src',  
  46. '.jsp', 'ftp.', 'xp_enumdsn', 'xp_availablemedia',  
  47. 'xp_filelist', 'nc.exe', '.htpasswd', 'servlet', '/etc/passwd', '/etc/shadow',  
  48. 'wwwacl', '~root', '~ftp', '.js', '.jsp', '.history',  
  49. 'bash_history', '~nobody', 'server-info', 'server-status',  
  50. '%20reboot', ' reboot', '%20halt', ' halt', '%20powerdown', ' powerdown',  
  51. '/home/ftp', '=reboot', 'www/', 'init%20', 'init ','=halt', '=powerdown',  
  52. 'ereg(', 'secure_site', 'chunked', 'org.apache', '/servlet/con',  
  53. '/robot', 'mod_gzip_status', '.inc', '.system', 'getenv',  
  54. 'http_', '_php', 'php_', 'phpinfo()', '<?php', '?>', '%3C%3Fphp',  
  55. '%3F>', 'sql=', '_global', 'global_', 'global[', '_server',  
  56. 'server_', 'server[', '/modules', 'modules/', 'phpadmin',  
  57. 'root_path', '_globals', 'globals_', 'globals[', 'iso-8859-1',  
  58. '?hl=', '%3fhl=', '.exe', '.sh', '%00', rawurldecode('%00'), '_env'  
  59. ); 


find www and cut
see results

if you have more problems - try to find ctracker stopping word


sonoangelo [ Sun 28 Jan, 2007 16:39 ]
Post subject: Re: CTracker Errors
i have this ctracker error when i want to delete an user from a group


Steno [ Sun 28 Jan, 2007 23:12 ]
Post subject: Re: CTracker Errors
difus wrote: [View Post]
try this

open ctracker/engines/ct_security.php

find www and cut
see results

if you have more problems - try to find ctracker stopping word


Hmm sorry, did not work, I have the same code as you stated and there's no plain www in it. 2 times wwwacl and www/, but both didn't do the trick.


difus [ Mon 29 Jan, 2007 00:23 ]
Post subject: Re: CTracker errors
it means that it isn't www

do test

replace all this code with


Code: [Hide]
  1. $ct_rules = array(  
  2. 'http_', rawurldecode('%00'), '_env'  
  3. ); 


let me know


Mighty Gorgon [ Wed 31 Jan, 2007 01:55 ]
Post subject: Re: CTracker errors
Steno wrote: [View Post]
Image error.
An image posted with www prefix gives a CT-error, without the www-prefix it works fine.
When thinking further this might have something to do with how the remote host configures the .htaccess??

testing it here now.
with the www -> no picture (CT-error)
banner
without www it;s just fine.
banner

And the link to the error. As you can see, it also goes wrong on icyphoenix.com.

Thanks for pointing this out... I'll try to have a look and figure out how to solve it without removing WWW in the CT check how difus is suggesting.

difus, your solution will work, but I have to check if there is a better way for doing it without removing all the security checks of CT. Thanks for pointing us to the solution.


hpl [ Sat 17 Feb, 2007 02:03 ]
Post subject: Re: CTracker Errors
sonoangelo wrote: [View Post]
i have this ctracker error when i want to delete an user from a group


me too!


ddv [ Sat 17 Feb, 2007 09:25 ]
Post subject: Re: CTracker Errors
I am having trouble with Cracker Tracker submitting an article to the Knowledge Base. The problem definitely appears to be in the Title. These triggered an alert:

Huntsville Lakes Council -- Who we are and what we do.
The Huntsville Lakes Council
The HLC

These did not:

Lets try a new title
This is yet another test.
Mission Statement

This is a fresh install -- 1.0.5.5 unzipped, then 1.0.6.6 files copied over, then install.php run -- on a fresh database. Logged in as Admin, no other users registered. I tried to disable Cracker Tracker through the ACP, turning off everything I could find in "Settings", but it still reports "Active" when "Maintenance and Tests" is viewed and obviously still reads the titles.


Mighty Gorgon [ Wed 21 Feb, 2007 01:58 ]
Post subject: Re: CTracker errors
Steno wrote: [View Post]
Image error.
An image posted with www prefix gives a CT-error, without the www-prefix it works fine.
When thinking further this might have something to do with how the remote host configures the .htaccess??

I have fixed this... and I'll check again KB, even if I should already have solved it.


tiziano [ Mon 12 Mar, 2007 00:30 ]
Post subject: Re: FIXED - CTracker Errors
how resolve this problem ?

CBACK CrackerTracker has detected a potential attack on this site with a worm or exploit script so the Security System stopped the script.


If you can see this page after including a new MOD into your board or after clicking on a link please contact the Board Administrator with this error message and a description what you have done before you could see this page, that the Admin has the possibility to fix the problem.


pse help me.


tiziano [ Mon 12 Mar, 2007 14:45 ]
Post subject: Re: CTracker Errors
Mighty Gorgon wrote: [View Post]
Steno wrote: [View Post]
Image error.
An image posted with www prefix gives a CT-error, without the www-prefix it works fine.
When thinking further this might have something to do with how the remote host configures the .htaccess??

I have fixed this... and I'll check again KB, even if I should already have solved it.



Hi Luca please Help me for solved this problem...
tnx


tiziano [ Wed 14 Mar, 2007 00:09 ]
Post subject: Re: CTracker Errors
PLEASE help me ....


Mighty Gorgon [ Wed 14 Mar, 2007 02:48 ]
Post subject: Re: FIXED - CTracker errors
Tiziano, stop bumping your own topic...

If you want to receive help you should report what the error is... and how to replicate it.

A link to the error is suited too...


tiziano [ Wed 14 Mar, 2007 08:15 ]
Post subject: Re: CTracker Errors
when remove a member from the group and add new KB I have these:


CBACK CrackerTracker has detected a potential attack on this site with a worm or exploit script so the Security System stopped the script.
If you can see this page after including a new MOD into your board or after clicking on a link please contact the Board Administrator with this error message and a description what you have done before you could see this page, that the Admin has the possibility to fix the problem.


pse help me.


tiziano [ Sat 17 Mar, 2007 16:17 ]
Post subject: Re: CTracker Errors
When remove member from a group appears this error:

immagine

http://www.fasanforum.com/groupcp.php?g=3



pse help me


Xusqui [ Wed 21 Mar, 2007 15:21 ]
Post subject: Re: FIXED - CTracker errors
Maybe it would be a good idea to post the log files when CTracker is in debug mode, or post the modified files that everyone made inside their own MX2 / IP files...


Mighty Gorgon [ Thu 22 Mar, 2007 02:35 ]
Post subject: Re: FIXED - CTracker errors
I've fixed the Group thing... but I can't understand the KB issue...

Try to do like Xusqui is suggesting.




Powered by Icy Phoenix