Sub Menu
Links Menu
Online Users

In total there are 309 users online :: 3 registered, 0 hidden and 306 guests

Most users ever online was 1091 on Wed Aug 16, 2023 5:27 pm

Registered users: Bing [Bot], Google [Bot], Majestic-12 [Bot] based on users active over the past 60 minutes

[Solved] Ctracker Stops Me Deleting User Account

Feature requests for the next versions of IntegraMOD.

Moderator: Integra Moderator

[Solved] Ctracker Stops Me Deleting User Account

PostAuthor: spaniel » Sun Jan 13, 2008 11:45 pm

When i go to the admin section of a user profile and click "delete this user", i get the ever-ubiquitous:

Code: Select all
SECURITY ALERT ÂÂ » ÂÂ » ÂÂ » ÂÂ »CBACK CrackerTracker has detected a potential attack on this site with a worm or exploit .script so the Security System stopped the .script.    If you can see this page after including a new MOD into your board or after clicking on a link please contact the Board Administrator with this error message and a de.scription what you have done before you could see this page, that the Admin has the possibility to fix the problem.



Does anyone know what the .script is to fix this?


sorry - this thread has been placed in the wrong forum - i meant it to go in IM141 support.
Last edited by spaniel on Wed Jan 16, 2008 8:07 pm, edited 1 time in total.

spaniel
Sr Integra Member
Sr Integra Member
 
Posts: 220
Likes: 0 post
Liked in: 0 post
Joined: Wed Apr 26, 2006 3:29 pm
Cash on hand: 0.00

Re: Ctracker Stops Me Deleting User Account

PostAuthor: CaNNon » Mon Jan 14, 2008 7:47 am

Have you done the debug?
[url=http]http://www.integramod.com/forum/kb.php?mode=article&k=22[/url]

If you can post the debug for it, I'll give you anything I have on it.
Last edited by CaNNon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00

Re: Ctracker Stops Me Deleting User Account

PostAuthor: spaniel » Mon Jan 14, 2008 1:48 pm

It says i have 12 debugs:

Code: Select all
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename]------------------------------------------#/dh/cgi-system/php.cgi  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('field_style_0','field_style_1','field_style_2','field_style_3','field_style_4','field_style_5','field_style_6','field_style_7','field_style_8','field_style_9','field_style_10','field_style_11','field_style_13');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /dh/cgi-system/php.cgi----------------  Request-Method: POST  Matching rule: "In variable:   field_style_0In variable:   field_style_1In variable:   field_style_2In variable:   field_style_3In variable:   field_style_4In variable:   field_style_5In variable:   field_style_6In variable:   field_style_7In variable:   field_style_8In variable:   field_style_9In variable:   field_style_10In variable:   field_style_11In variable:   field_style_13  Matching rule: <divIn variable:   field_style_0In variable:   field_style_1In variable:   field_style_2In variable:   field_style_3In variable:   field_style_4In variable:   field_style_5In variable:   field_style_6In variable:   field_style_7In variable:   field_style_8In variable:   field_style_9In variable:   field_style_10In variable:   field_style_11In variable:   field_style_13  Possible solution:------------------  ##-----[ OPEN ]------------------------------------------#/dh/cgi-system/php.cgi  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('field_style_0','field_style_1','field_style_2','field_style_3','field_style_4','field_style_5','field_style_6','field_style_7','field_style_8','field_style_9','field_style_10','field_style_11','field_style_13');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /dh/cgi-system/php.cgi----------------  Request-Method: POST  Matching rule: "In variable:   field_style_0  Possible solution:------------------  ##-----[ OPEN ]------------------------------------------#/dh/cgi-system/php.cgi  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('field_style_0');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /dh/cgi-system/php.cgi----------------  Request-Method: POST  Matching rule: "In variable:   field_style_0  Possible solution:------------------  ##-----[ OPEN ]------------------------------------------#/dh/cgi-system/php.cgi  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('field_style_0');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /dh/cgi-system/php.cgi----------------  Request-Method: POST  Matching rule: "In variable:   field_style_0In variable:   field_style_1In variable:   field_style_2In variable:   field_style_3In variable:   field_style_4In variable:   field_style_5In variable:   field_style_6In variable:   field_style_7In variable:   field_style_8In variable:   field_style_9In variable:   field_style_10In variable:   field_style_11In variable:   field_style_13  Matching rule: <divIn variable:   field_style_0In variable:   field_style_1In variable:   field_style_2In variable:   field_style_3In variable:   field_style_4In variable:   field_style_5In variable:   field_style_6In variable:   field_style_7In variable:   field_style_8In variable:   field_style_9In variable:   field_style_10In variable:   field_style_11In variable:   field_style_13  Possible solution:------------------  ##-----[ OPEN ]------------------------------------------#/dh/cgi-system/php.cgi  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('field_style_0','field_style_1','field_style_2','field_style_3','field_style_4','field_style_5','field_style_6','field_style_7','field_style_8','field_style_9','field_style_10','field_style_11','field_style_13');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /dh/cgi-system/php.cgi----------------  Request-Method: POST  Matching rule: "In variable:   field_style_0  Possible solution:------------------  ##-----[ OPEN ]------------------------------------------#/dh/cgi-system/php.cgi  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('field_style_0');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /dh/cgi-system/php.cgi----------------  Request-Method: POST  Matching rule: "In variable:   field_style_5In variable:   field_style_12  Matching rule: <divIn variable:   field_style_12  Possible solution:------------------  ##-----[ OPEN ]------------------------------------------#/dh/cgi-system/php.cgi  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('field_style_5','field_style_12');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /dh/cgi-system/php.cgi----------------  Request-Method: POST  Matching rule: "In variable:   field_style_5In variable:   field_style_12  Matching rule: <divIn variable:   field_style_12  Possible solution:------------------  ##-----[ OPEN ]------------------------------------------#/dh/cgi-system/php.cgi  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('field_style_5','field_style_12');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /dh/cgi-system/php.cgi----------------  Request-Method: POST  Matching rule: "In variable:   field_style_0In variable:   field_style_1In variable:   field_style_2In variable:   field_style_3In variable:   field_style_4In variable:   field_style_5In variable:   field_style_6In variable:   field_style_7In variable:   field_style_8In variable:   field_style_9In variable:   field_style_10In variable:   field_style_11In variable:   field_style_13  Matching rule: <divIn variable:   field_style_0In variable:   field_style_1In variable:   field_style_2In variable:   field_style_3In variable:   field_style_4In variable:   field_style_5In variable:   field_style_6In variable:   field_style_7In variable:   field_style_8In variable:   field_style_9In variable:   field_style_10In variable:   field_style_11In variable:   field_style_13  Possible solution:------------------  ##-----[ OPEN ]------------------------------------------#/dh/cgi-system/php.cgi  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('field_style_0','field_style_1','field_style_2','field_style_3','field_style_4','field_style_5','field_style_6','field_style_7','field_style_8','field_style_9','field_style_10','field_style_11','field_style_13');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /dh/cgi-system/php.cgi----------------  Request-Method: POST  Matching rule: "In variable:   field_style_0  Possible solution:------------------  ##-----[ OPEN ]------------------------------------------#/dh/cgi-system/php.cgi  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('field_style_0');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /dh/cgi-system/php.cgi----------------  Request-Method: POST  Matching rule: delete In variable:   delete_user  Possible solution:------------------  ##-----[ OPEN ]------------------------------------------#/dh/cgi-system/php.cgi  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('delete_user');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /dh/cgi-system/php.cgi----------------  Request-Method: POST  Matching rule: delete In variable:   delete_user  Possible solution:------------------  ##-----[ OPEN ]------------------------------------------#/dh/cgi-system/php.cgi  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('delete_user');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM  



Do I just follow the instructions or are there more things I need?


My problem is I don't know where to find /dh/cgi-system/php.cgi - i dont think i hav a php.cgi file <img>

Many thanks.
Last edited by spaniel on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

spaniel
Sr Integra Member
Sr Integra Member
 
Posts: 220
Likes: 0 post
Liked in: 0 post
Joined: Wed Apr 26, 2006 3:29 pm
Cash on hand: 0.00

Re: Ctracker Stops Me Deleting User Account

PostAuthor: CaNNon » Mon Jan 14, 2008 2:49 pm

My problem is I don't know where to find /dh/cgi-system/php.cgi - i dont think i hav a php.cgi file Confused


I can understand your confusion.

Quick explain (I'll try anyway) <img>
You host is running php as cgi .script/module this means all the fixes I have done for my site may not work on yours. It also means you don't have access to the folders although they are on the server and running.

But you can try renaming your tracker folder, make your changes and then restore the folder name. A few people have used this and had it work and it should work in this case.
Last edited by CaNNon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00

PostAuthor: spaniel » Mon Jan 14, 2008 3:00 pm

Do you think if i send the debug report to my webhost (dreamhost), they'll give me access to the file or make the changes for me?

When I rename the ctracker folder, no-one can access the forum - shud I disable the forum first or redirect people to a page that says the site is currently down?
Last edited by spaniel on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

spaniel
Sr Integra Member
Sr Integra Member
 
Posts: 220
Likes: 0 post
Liked in: 0 post
Joined: Wed Apr 26, 2006 3:29 pm
Cash on hand: 0.00

Re: Ctracker Stops Me Deleting User Account

PostAuthor: CaNNon » Mon Jan 14, 2008 3:10 pm

I don't think you host will give you access as they would see it as a security risk to all there sites.

You don't have to close your forum while you do it you'll see a few lines of errors at the very top while it's renamed, but everything will keep working. Your visitors should see very little inconvenience while you work. <img>
Last edited by CaNNon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00

Re: Ctracker Stops Me Deleting User Account

PostAuthor: MWE_001 » Mon Jan 14, 2008 4:11 pm

I had Dreamhost for a very short while. And in fact, they most likely will not let you have access, thus the reason I rented my own server. I would scrap that idea faster then youthought of it. It would be a waste of time, and as has been suggested, it is security on their part. Most hosts will not compromise security for a user.
Last edited by MWE_001 on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
MWE_001
Sr Integra Member
Sr Integra Member
 
Posts: 1265
Likes: 0 post
Liked in: 0 post
Images: 12
Joined: Fri Apr 21, 2006 6:59 pm
Cash on hand: 0.00
Location: Illinois

PostAuthor: spaniel » Mon Jan 14, 2008 4:49 pm

Well i'm likely to need my own server too then - can i ask where you rent yours from?
Last edited by spaniel on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

spaniel
Sr Integra Member
Sr Integra Member
 
Posts: 220
Likes: 0 post
Liked in: 0 post
Joined: Wed Apr 26, 2006 3:29 pm
Cash on hand: 0.00

Re: Ctracker Stops Me Deleting User Account

PostAuthor: Helter » Mon Jan 14, 2008 7:38 pm

do some searches for your log adds in this post
http://www.integramod.com/forum/viewtopic.php?t=2689
I found your delete users add

Code: Select all
Request-Method]------------------------------------------#/home/profile.php  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('delete_user');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM


many users have posted thier logs

also, it is does not work for you, change

define('CT_SECLEVEL', 'MEDIUM');

to

define('CT_SECLEVEL', 'LOW');
Last edited by Helter on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Always use Protection
Image


Please do not PM for support
User avatar
Helter
Administrator
Administrator
 
Posts: 4167
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Sat Mar 11, 2006 3:46 pm
Cash on hand: 172.60
Location: Seattle Wa
IntegraMOD version: IM 3

PostAuthor: spaniel » Mon Jan 14, 2008 8:48 pm

Wow! What a good Administrator you are - i probably would never have found that. You could probably find a needle in a haystack, couldn't you <img>

my profile.php has this at the top:

Code: Select all
define('IN_PHPBB', true);define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('delete_user'); $ct_ignorepvar = array('helpbox','delete','deleteall','phpBBSecurity_question','user_interests');


so i added in

Code: Select all
$ct_ignorepvar = array('delete_user');


and set the level to LOW and now it works. Is it advisable to keep the security there low?


edit: not sure why the php is appearing with the hash key and 40...
Last edited by spaniel on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

spaniel
Sr Integra Member
Sr Integra Member
 
Posts: 220
Likes: 0 post
Liked in: 0 post
Joined: Wed Apr 26, 2006 3:29 pm
Cash on hand: 0.00

Re: Ctracker Stops Me Deleting User Account

PostAuthor: Helter » Mon Jan 14, 2008 9:39 pm

Im sure it is fine at low.
Last edited by Helter on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Always use Protection
Image


Please do not PM for support
User avatar
Helter
Administrator
Administrator
 
Posts: 4167
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Sat Mar 11, 2006 3:46 pm
Cash on hand: 172.60
Location: Seattle Wa
IntegraMOD version: IM 3

Re: Ctracker Stops Me Deleting User Account

PostAuthor: MWE_001 » Wed Jan 16, 2008 2:22 pm

I would have gladly told ya, but I didnt want to advertise/spam on this board. Sorry about that. I'm glad to hear Helterskelter got ya back on the good foot again. <img> Yeah Helter is a good admin and support. That I do agree with you on.
Last edited by MWE_001 on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
MWE_001
Sr Integra Member
Sr Integra Member
 
Posts: 1265
Likes: 0 post
Liked in: 0 post
Images: 12
Joined: Fri Apr 21, 2006 6:59 pm
Cash on hand: 0.00
Location: Illinois

PostAuthor: spaniel » Wed Jan 16, 2008 8:07 pm

Well if u could private me with that information it'd be a great help.

Maybe in the links section we should list the servers/hosts who best support/host IntegraMod.

If we have a wonderful webhost but they can't properly support our forums, what good are they when most of our sites are IM?
Last edited by spaniel on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

spaniel
Sr Integra Member
Sr Integra Member
 
Posts: 220
Likes: 0 post
Liked in: 0 post
Joined: Wed Apr 26, 2006 3:29 pm
Cash on hand: 0.00


Return to Design Your Site

Who is online

Registered users: Bing [Bot], Google [Bot], Majestic-12 [Bot]

cron