IntegraMOD

This morning I found a debug in the viewtopic.php

Attack-Time: 14.05.2008 8:49 am
------------

Request-Method: GET

Matching rule: php_
In variable: a

Possible solution:
------------------

#
#-----[ OPEN ]------------------------------------------
#
/viewtopic.php

#
#-----[ FIND ]------------------------------------------
#
include($phpbb_root_path . 'common.'.$phpEx);

#
#-----[ BEFORE, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignoregvar = array('a');

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM

Can someone provide me with a complete string for the viewtopic.php page.

Here is what I have so far.

define('CT_SECLEVEL', 'MEDIUM');
$ct_ignoregvar = array('highlight','a');

I think I saw a post that someone had a webpage with all their ctracker patches, but I forgot and didnt save the page. I think it was cannon who posted it. Can I get the list?

I'd like to but i don't have any in viewtopic.php, I've never had CT go off on that one either.

I have found that CT does not go off on the first second maybe even third time using a function. But once you hit 3-4 it can go off.

I will let everyone know, One day before I was messing around trying to setoff CTracker on purpose and I noticed everytime I used any word that contained the letters O and R in consecutive order, CTracker would go off.

For example the words

For
Or
word
hord

Catch my drift? <img> Look for that when giving downloads, KB Articles and forums any de.scription or title with those tow letters in it. It almost will allways certainly set off CTracker.

I just got this and I am not sure of it. Is this an actuall attack or should I correct this .script in the files??

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /index.php
----------------

Attack-Time: 15.05.2008 12:12 pm
------------

Request-Method: GET

Matching rule: cmd
In variable: phpbb

Possible solution:
------------------

#
#-----[ OPEN ]------------------------------------------
#
/index.php

#
#-----[ FIND ]------------------------------------------
#
include($phpbb_root_path . 'common.'.$phpEx);

#
#-----[ BEFORE, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignoregvar = array('phpbb');

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM

usualy its in the logs trough ACP > CrackerTracker > Logmanager > Worm & Exploit Protection > View.

IF you could match the time and date to the log entries, I think you should find something like when not in debug mode! "/phpBB2/index.php?phpbb=<real>/~beogor/news/cmd??"

If your leaving that on just looking for debugs, be real care full what you debug you could easily allow a .script. <img>

*EDIT*
Sorry worded it better!

This is why I have asked here. I do not have any log of attack in the ACP > CrackerTracker > Logmanager > Worm & Exploit Protection > View.

Just the debug entry. Yes I am still debugging and debug is on. I do not want to allow a .script attack by adding the ignore .script so I came here and asked if what this is...

Let me know please I am waiting to do anything until I know from you.

Don't add it. It's in the debug log and not the attack log when its in debug mode.

i have an error....but i cant fix it

Marquee up: [marq=up]++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /forum/admin/admin_forums_extend.php
----------------

Attack-Time: 26.07.2008 12:41 pm
------------

Request-Method: POST

Matching rule: ls
In variable: desc

Possible solution:
------------------

#
#-----[ OPEN ]------------------------------------------
#
/forum/admin/admin_forums_extend.php

#
#-----[ FIND ]------------------------------------------
#
include($phpbb_root_path . 'common.'.$phpEx);

#
#-----[ BEFORE, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('desc');

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /forum/admin/admin_forums_extend.php
----------------

Attack-Time: 26.07.2008 13:13 pm
------------

Request-Method: POST

Matching rule: ls
In variable: desc

Possible solution:
------------------

#
#-----[ OPEN ]------------------------------------------
#
/forum/admin/admin_forums_extend.php

#
#-----[ FIND ]------------------------------------------
#
include($phpbb_root_path . 'common.'.$phpEx);

#
#-----[ BEFORE, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('desc');

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM

/marq]



i cant find the line:include($phpbb_root_path . 'common.'.$phpEx);

i searched the whole thing...pls help fast

unknown25: I dont have quite the same problem, but it came up with similar results and could not find the line specified.

I decided to add the information just below require($phpbb_root_path . 'extension.inc'); and it worked just fine for me.

This is what my few lines look like:

Code: Select all

//// Load default header//$phpbb_root_path = "./../";require($phpbb_root_path . 'extension.inc');define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('desc','create','delete','name','icon');require('./pagestart.' . $phpEx);include($phpbb_root_path . 'includes/functions_admin.'.$phpEx);  include_once($phpbb_root_path . 'includes/lite.'.$phpEx);$options = array(     'cacheDir' => $phpbb_root_path . 'var_cache/',);  

"Dick Dynamite" wrote:Also, now I can't even change those settings at all. [Avatar/Sig, ect.]. I'm tempted to just uninstall ctracker until something is made to work. <img>

How do you uninstall this trash program anyway?? its really a sorry ass joke "ctracker"

Where is this Knowledge Base showing me how to fix these false messages. As far as I can tell, there are no KB on this site.. I can't add/edit Categories to the forum.

"AliasWeird" wrote:Where is this Knowledge Base showing me how to fix these false messages. As far as I can tell, there are no KB on this site.. I can't add/edit Categories to the forum.

Agreed. I'm trying to put my CTmod in debug mode. I've done it before, but I forgot how.. it's not in the KB

I am having a tough time with the search function also. Since the new portal it has not been the same. It seems to ignore the smaller word when I am searching for a specific statement. I get results for just the larger word it seems. I am sure the box "Search for all terms or use query as entered" is checked.

Is there a comprehensive patch pack for all known failings of the poorly tested cracker tracker integration. Even with sites that have been running for years now, honest site members are being visited by that dreaded message effectively calling them criminals. Why has there been no such upgrade to say 1.4.2 been released with all such fixes already installed?