Sub Menu
Links Menu
Online Users

In total there are 302 users online :: 3 registered, 0 hidden and 299 guests

Most users ever online was 1091 on Wed Aug 16, 2023 5:27 pm

Registered users: Bing [Bot], Google [Bot], Helter based on users active over the past 60 minutes

CrackerTracker Exploit False Positives

Support for IntegraMOD 141

Moderator: Integra Moderator

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Fri May 09, 2008 12:25 pm

I don't think your understanding the why Allen, CT is not broken or in need of a fix in the way you see it. As you know the package includes over 100 mods and CT can help protect whatever you wish to add if your willing to teach it. This is what makes it so good and yea I agree this can really be a pain sometimes.
Last edited by CaNNon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: Allen » Fri May 09, 2008 12:41 pm

your right, i am missing the why.. I would think that CT would already understand that PM's are allowed.. I just got a report of PM having CT warning. Real name in reg has CT warning. Couldn't the bulk of known OK action be patched or OK'd by CT before release?
Last edited by Allen on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
User avatar
Allen
Integra Member
Integra Member
 
Posts: 100
Likes: 0 post
Liked in: 0 post
Joined: Tue Apr 22, 2008 9:08 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: Allen » Fri May 09, 2008 12:42 pm

really i am not trying to be difficult <img>
Last edited by Allen on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
User avatar
Allen
Integra Member
Integra Member
 
Posts: 100
Likes: 0 post
Liked in: 0 post
Joined: Tue Apr 22, 2008 9:08 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Fri May 09, 2008 7:51 pm

Do you have a debug for that? cause if you have the error I can compare it to my file and get you what I've done.

There are just to many files to guess, the package has like 10,000 small files when you include the bb2 and stuff I have on my site. If you don't have a debug turn it on and recreate what happened. We can help you but we do need a error so we know what were working on. <img>
Last edited by CaNNon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: Allen » Sat May 10, 2008 11:12 pm

So far I have added this to profile.php

define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('user_realname','helpbox','phpBBSecurity_question');
include($phpbb_root_path . 'common.'.$phpEx);


Seems to have taken care of realname, PM(helpbox) and SecurityQuestion.

I asume I will eventually have to add all the user fields required for login in the profile.php as Ok ..

First user reported trouble registering so I had to add 'user_realname' then they could register.
I just had to add the 'phpBBSecurity_question' for a second user that can't finish registering..

Stop the Insanity!
Last edited by Allen on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
User avatar
Allen
Integra Member
Integra Member
 
Posts: 100
Likes: 0 post
Liked in: 0 post
Joined: Tue Apr 22, 2008 9:08 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Sun May 11, 2008 7:06 am

define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('helpbox','delete','deleteall','phpBBSecurity_question','user_interests');


This is what I have for that file. I never needed 'user_realname' you had that returned in a debug?
Last edited by CaNNon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: Allen » Sun May 11, 2008 8:35 am

Yes I got real name in a Cracker Log when a friend was trying to register. Now today I get a report of an error on the profile page where you set occupation. I do not see that in your .script either. here is the debug file,,, Makes no cents.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /profile.php
----------------

Attack-Time: 11.05.2008 7:20 am
------------

Request-Method: POST

Possible solution:
------------------

#
#-----[ OPEN ]------------------------------------------
#
/profile.php

#
#-----[ FIND ]------------------------------------------
#
include($phpbb_root_path . 'common.'.$phpEx);

#
#-----[ BEFORE, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('');

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM

Last edited by Allen on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
User avatar
Allen
Integra Member
Integra Member
 
Posts: 100
Likes: 0 post
Liked in: 0 post
Joined: Tue Apr 22, 2008 9:08 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Sun May 11, 2008 11:46 am

I don't have that var, I would guess something like "user_occupation" but hang on a bit someone may know/have it.

I've tried to keep all the posted vars edits, so I would have a kind of help record for them. So thanks for the one you've added. <img>
Last edited by CaNNon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00

PostAuthor: BlahBlahCha » Sun May 11, 2008 8:36 pm

I found a way to bypass the error that appears when doing certain things, Making forums, editing them, and sometimes pm's

Go to ACP/Security/Special
Once there, look under this message:

Warning: Setting any of the below to 'Ignore' will allow anyone to use these tricks on your site. You have been warned

And switch these two options to "Ignore"

1. Action to take in an SQL Injection attempt?
2. Action to take in a Sanity Mix Worm attempt?

I Strongly recommend that you switch them back to "ban" once you are done with what you wanted to do.

Works like a breeze <img>
Last edited by BlahBlahCha on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

BlahBlahCha
Newbie
Newbie
 
Posts: 26
Likes: 0 post
Liked in: 0 post
Joined: Fri May 02, 2008 9:03 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Mon May 12, 2008 5:49 am

BlahBlahCha, Thats not CrackerTracker thats phpBB Security and is a separate system.

I have no idea how or even if, that could help you in any way with CT debugging.
Last edited by CaNNon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00

PostAuthor: BlahBlahCha » Mon May 12, 2008 9:14 am

I was surprised also, because i knew that it had nothing to do with Ctracker. unless it bypasses ctracker some how, they could be working together. It works everytime i turn those options off.
Last edited by BlahBlahCha on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

BlahBlahCha
Newbie
Newbie
 
Posts: 26
Likes: 0 post
Liked in: 0 post
Joined: Fri May 02, 2008 9:03 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Mon May 12, 2008 10:32 am

No bypass nor do they work together.
Maybe they matched a check both run at the same time on the same file?
In those cases debug should suggest the proper fix though.
Last edited by CaNNon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00

PostAuthor: BlahBlahCha » Mon May 12, 2008 11:59 am

I'm not sure if that's possible, but you never know.
If this works, i have no reason to debug <img>
Plus whenever i try to enter debug mode, it never works.
Last edited by BlahBlahCha on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

BlahBlahCha
Newbie
Newbie
 
Posts: 26
Likes: 0 post
Liked in: 0 post
Joined: Fri May 02, 2008 9:03 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: Allen » Mon May 12, 2008 9:44 pm

My apologies if this issue has already been covered in this forum.

I recently had an issue with the send function of Chatspot. When I view the debug log the line it asks me to look for is not there,,,

Here is the debug log.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /chatspot/message_interpreter.php
----------------

Attack-Time: 12.05.2008 20:54 pm
------------

Request-Method: POST

Matching rule: or
In variable: sent

Matching rule: and
In variable: sent

Possible solution:
------------------

#
#-----[ OPEN ]------------------------------------------
#
/chatspot/message_interpreter.php

#
#-----[ FIND ]------------------------------------------
#
include($phpbb_root_path . 'common.'.$phpEx);

#
#-----[ BEFORE, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('sent');

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM



After using the integramod search forums, I found this.

Omni-Lee
Offline
Joined: 31 Jan 2007
Total posts: 64
2469 Points
Donate

USA

PostPosted: 03 Feb 2007 11:09 pm Post subject: Re: Chatspot not functioning properly Reply with quoteBack to top
This is a problem with CrackTracker catching the 'sent'.

Look for:
PHP: à¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ º à¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ¹ Select à¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ºÃƒÆ’ ¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ¹ Expand à¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ º
define( 'IN_PHPBB', true );


Then insert below:
PHP: à¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ º à¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ¹ Select à¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ºÃƒÆ’ ¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ¹ Expand à¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ º
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('sent');


That should fix you up. But before you do so, turn on CrackTracker debug and hop into chat. Use chat for a few minutes even if it doesn't work. View the CrackTracker debug logfile, to verify the issue was with 'sent'. Sorry I can't show my log, but I clear that log for my own debugging purposes periodically.



Any ideas on why the cracker tracker is asking me to find what is not there? Is there a different way I should understand the tracker? Also, is Omni-lee's answer the best answer?
Last edited by Allen on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
User avatar
Allen
Integra Member
Integra Member
 
Posts: 100
Likes: 0 post
Liked in: 0 post
Joined: Tue Apr 22, 2008 9:08 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: MWE_001 » Mon May 12, 2008 11:52 pm

Well fellas, I would NOT turn those 2 items off in phpBB security. Further more, yes cracker tracker is a pain in the ass. We all know that.

BUT do we all remember someone reporting a hacked site two and 3 times a day when Integramod was 1.4.0 with ONLY phpBB security? And I dont think caughing up the $$$ for the "Other SCript" is going to solve anything at all. I find the support on those sites shady at best. Pay for this, pay for that, pay pay pay pay. And nothing in return when you have issues. Integramod has dam good support for being....FREE.

I have cussed and screamed and hollered at CTracker until I was blue in the face but none the less, None of the 1.4.1 sites I have put up yet have been hacked. PhpBB , VB, IVPB, all of them are php and subject to hacking. One isnt any better then the other.

In the end, doing the debug is well worth it. Never ever take a site live until you debug. As stated before, you just need to teach it right from wrong. Though I do side with you that certain things should be exempt right off the get go such as registration info and stuff like that. That being said, I cant even help out with that area. Out of the DOZENS of IM 1.4.1 sites that I have put together for myself and others, have I ever got any CTracker errors on registration. I truly wish I could help but that I am just lost on.

Keep plugging away at it and before long it will be good to go.
Last edited by MWE_001 on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
MWE_001
Sr Integra Member
Sr Integra Member
 
Posts: 1265
Likes: 0 post
Liked in: 0 post
Images: 12
Joined: Fri Apr 21, 2006 6:59 pm
Cash on hand: 0.00
Location: Illinois

PreviousNext

Return to IntegraMOD 141

Who is online

Registered users: Bing [Bot], Google [Bot], Helter