>>
Site Map
>>
Forums
>>
Modules 7x
Forum module - topics in forum:
Modules 7x - Discussions regarding PHP-Nuke Modules. 7x
Gallery and sentinel not playing happy
hi guys;
Nuke 7.6
Chatserve patch 3.3
Dis Errors
Gallery 1.1.5 pl1
Sentinel 2.5.01
I've got the two running together, gallery shows as a module and works ok, etc. BUT when a user tries to rename an album (not sure if anything else) it bans the user.
I've just spotted there's a Sentinel update available, and I don't have any ideas on the error code (yet)
I've done searches on ravens site etc. but they use google for their searches (not good in my experience- you can't select which forum to searcg in, just the whole site)
I'm sure I've had something similar to this in the past... any ideas?
Hi Andyb
Must be the url string that the gallery uses that is getting caught by Sentinal, does sentinal give any information you could post about what the url was that it blocked or the reason it blocked it?
Damn. I edited my post last night- bet I went to preview and didn't click submit (I was tired)- I posted the details within a "code" bit so as not to set any security off on here....
I'll take a look again tonight when I'm on my PC with the emails on. I first thougt it may be the santy worm protection, so I edited the bit out of include/sentinel.php and already had the other bit of code in the .htaccess file to compensate so the site was still covered.
try again:
| Code: : |
Blocked IP: 217.208.xx.xxx
User: <removed by me>
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
Blocked on: 2007-02-09 13:17:18
Notes: Added by NukeSentinel(tm)
Reason: Abuse-Filter
Query String:
Get String:
Post String:
Forwarded For: none
Client IP: none
Remote Address: 217.208.xx.xxx
Remote Port: 1891
Request Method: GET
Query String: /modules.php?parentName=audioc&return=modules.php?op=modload&name=gallery&file=index&include=view_album.php&cmd=new-album&op=modload&name=gallery&file=index&include=do_command.php
Get String: /modules.php?parentName=audioc&return=/modules.php?op=modload&name=gallery&file=index&include=view_album.php&cmd=new-album&op=modload&name=gallery&file=index&include=do_command.php
Post String: /modules.php |
I've removed the website URL deliberately.....
He tries to create an album- blocks him. Admins (apart from God) can't change an album name- but it doesn't block them... God admin is ok...
As an aside, I did another search, and came up with a post on Raven's site. Long and sgort of it is I changed my includes/nukesentinel.php where the XSS attack bit is. I notice it was a bit different to the examples ath this link:
http://ravenphpscripts.com/postt10177.html presumably from the fixes instigated by Chatserv?
You'll see the bits I added, and the bits I rem'd out (??)
| Code: : |
// Check for XSS attack
if(!stristr($nsnst_const['query_string'], "index.php?url=") AND !is_admin($_COOKIE['admin'])) {
if( eregi("http\:\/\/", $name) OR eregi("http\:\/\/", $file) OR eregi("http\:\/\/", $libpath)
// Added protection for gallery2 module
//OR stristr($nsnst_const['query_string'], "http://")
OR ( stristr($nsnst_const['query_string'], "http://") AND !stristr($nsnst_const['query_string'], "modules.php?name=gallery"))
// END gallery protection
// OR stristr($nsnst_const['query_string'], "http://") rem by Andy
OR ( stristr($nsnst_const['query_string'], "cmd=") AND !stristr($nsnst_const['query_string'], "&cmd") )
OR ( stristr($nsnst_const['query_string'], "exec") AND !stristr($nsnst_const['query_string'], "execu") )
OR stristr($nsnst_const['query_string'],"concat") AND !stristr($nsnst_const['query_string'], "../") ) {
block_ip($blocker_row); |
didn't work tohugh- still banned the user....
oh, and it was a fix for Gallery2- I changed it to see if it would work with gallery....
