Page 1 of 1
[Solved] Ctracker Stops Me Deleting User Account
Posted:
Sun Jan 13, 2008 11:45 pmAuthor: spaniel
When i go to the admin section of a user profile and click "delete this user", i get the ever-ubiquitous:
- Code: Select all
SECURITY ALERT ÂÂ » ÂÂ » ÂÂ » ÂÂ »CBACK CrackerTracker has detected a potential attack on this site with a worm or exploit .script so the Security System stopped the .script. If you can see this page after including a new MOD into your board or after clicking on a link please contact the Board Administrator with this error message and a de.scription what you have done before you could see this page, that the Admin has the possibility to fix the problem.
Does anyone know what the .script is to fix this?
sorry - this thread has been placed in the wrong forum - i meant it to go in IM141 support.
Re: Ctracker Stops Me Deleting User Account
Posted:
Mon Jan 14, 2008 7:47 amAuthor: CaNNon
Have you done the debug?
[url=http]http://www.integramod.com/forum/kb.php?mode=article&k=22[/url]
If you can post the debug for it, I'll give you anything I have on it.
Re: Ctracker Stops Me Deleting User Account
Posted:
Mon Jan 14, 2008 1:48 pmAuthor: spaniel
It says i have 12 debugs:
- Code: Select all
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename]------------------------------------------#/dh/cgi-system/php.cgi ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1); ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('field_style_0','field_style_1','field_style_2','field_style_3','field_style_4','field_style_5','field_style_6','field_style_7','field_style_8','field_style_9','field_style_10','field_style_11','field_style_13'); ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /dh/cgi-system/php.cgi---------------- Request-Method: POST Matching rule: "In variable: field_style_0In variable: field_style_1In variable: field_style_2In variable: field_style_3In variable: field_style_4In variable: field_style_5In variable: field_style_6In variable: field_style_7In variable: field_style_8In variable: field_style_9In variable: field_style_10In variable: field_style_11In variable: field_style_13 Matching rule: <divIn variable: field_style_0In variable: field_style_1In variable: field_style_2In variable: field_style_3In variable: field_style_4In variable: field_style_5In variable: field_style_6In variable: field_style_7In variable: field_style_8In variable: field_style_9In variable: field_style_10In variable: field_style_11In variable: field_style_13 Possible solution:------------------ ##-----[ OPEN ]------------------------------------------#/dh/cgi-system/php.cgi ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1); ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('field_style_0','field_style_1','field_style_2','field_style_3','field_style_4','field_style_5','field_style_6','field_style_7','field_style_8','field_style_9','field_style_10','field_style_11','field_style_13'); ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /dh/cgi-system/php.cgi---------------- Request-Method: POST Matching rule: "In variable: field_style_0 Possible solution:------------------ ##-----[ OPEN ]------------------------------------------#/dh/cgi-system/php.cgi ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1); ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('field_style_0'); ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /dh/cgi-system/php.cgi---------------- Request-Method: POST Matching rule: "In variable: field_style_0 Possible solution:------------------ ##-----[ OPEN ]------------------------------------------#/dh/cgi-system/php.cgi ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1); ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('field_style_0'); ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /dh/cgi-system/php.cgi---------------- Request-Method: POST Matching rule: "In variable: field_style_0In variable: field_style_1In variable: field_style_2In variable: field_style_3In variable: field_style_4In variable: field_style_5In variable: field_style_6In variable: field_style_7In variable: field_style_8In variable: field_style_9In variable: field_style_10In variable: field_style_11In variable: field_style_13 Matching rule: <divIn variable: field_style_0In variable: field_style_1In variable: field_style_2In variable: field_style_3In variable: field_style_4In variable: field_style_5In variable: field_style_6In variable: field_style_7In variable: field_style_8In variable: field_style_9In variable: field_style_10In variable: field_style_11In variable: field_style_13 Possible solution:------------------ ##-----[ OPEN ]------------------------------------------#/dh/cgi-system/php.cgi ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1); ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('field_style_0','field_style_1','field_style_2','field_style_3','field_style_4','field_style_5','field_style_6','field_style_7','field_style_8','field_style_9','field_style_10','field_style_11','field_style_13'); ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /dh/cgi-system/php.cgi---------------- Request-Method: POST Matching rule: "In variable: field_style_0 Possible solution:------------------ ##-----[ OPEN ]------------------------------------------#/dh/cgi-system/php.cgi ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1); ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('field_style_0'); ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /dh/cgi-system/php.cgi---------------- Request-Method: POST Matching rule: "In variable: field_style_5In variable: field_style_12 Matching rule: <divIn variable: field_style_12 Possible solution:------------------ ##-----[ OPEN ]------------------------------------------#/dh/cgi-system/php.cgi ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1); ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('field_style_5','field_style_12'); ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /dh/cgi-system/php.cgi---------------- Request-Method: POST Matching rule: "In variable: field_style_5In variable: field_style_12 Matching rule: <divIn variable: field_style_12 Possible solution:------------------ ##-----[ OPEN ]------------------------------------------#/dh/cgi-system/php.cgi ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1); ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('field_style_5','field_style_12'); ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /dh/cgi-system/php.cgi---------------- Request-Method: POST Matching rule: "In variable: field_style_0In variable: field_style_1In variable: field_style_2In variable: field_style_3In variable: field_style_4In variable: field_style_5In variable: field_style_6In variable: field_style_7In variable: field_style_8In variable: field_style_9In variable: field_style_10In variable: field_style_11In variable: field_style_13 Matching rule: <divIn variable: field_style_0In variable: field_style_1In variable: field_style_2In variable: field_style_3In variable: field_style_4In variable: field_style_5In variable: field_style_6In variable: field_style_7In variable: field_style_8In variable: field_style_9In variable: field_style_10In variable: field_style_11In variable: field_style_13 Possible solution:------------------ ##-----[ OPEN ]------------------------------------------#/dh/cgi-system/php.cgi ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1); ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('field_style_0','field_style_1','field_style_2','field_style_3','field_style_4','field_style_5','field_style_6','field_style_7','field_style_8','field_style_9','field_style_10','field_style_11','field_style_13'); ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /dh/cgi-system/php.cgi---------------- Request-Method: POST Matching rule: "In variable: field_style_0 Possible solution:------------------ ##-----[ OPEN ]------------------------------------------#/dh/cgi-system/php.cgi ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1); ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('field_style_0'); ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /dh/cgi-system/php.cgi---------------- Request-Method: POST Matching rule: delete In variable: delete_user Possible solution:------------------ ##-----[ OPEN ]------------------------------------------#/dh/cgi-system/php.cgi ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1); ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('delete_user'); ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /dh/cgi-system/php.cgi---------------- Request-Method: POST Matching rule: delete In variable: delete_user Possible solution:------------------ ##-----[ OPEN ]------------------------------------------#/dh/cgi-system/php.cgi ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1); ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('delete_user'); ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM
Do I just follow the instructions or are there more things I need?
My problem is I don't know where to find
/dh/cgi-system/php.cgi - i dont think i hav a php.cgi file <img>
Many thanks.
Re: Ctracker Stops Me Deleting User Account
Posted:
Mon Jan 14, 2008 2:49 pmAuthor: CaNNon
My problem is I don't know where to find /dh/cgi-system/php.cgi - i dont think i hav a php.cgi file Confused
I can understand your confusion.
Quick explain (I'll try anyway) <img>
You host is running php as cgi .script/module this means all the fixes I have done for my site may not work on yours. It also means you don't have access to the folders although they are on the server and running.
But you can try renaming your tracker folder, make your changes and then restore the folder name. A few people have used this and had it work and it should work in this case.
Posted:
Mon Jan 14, 2008 3:00 pmAuthor: spaniel
Do you think if i send the debug report to my webhost (dreamhost), they'll give me access to the file or make the changes for me?
When I rename the ctracker folder, no-one can access the forum - shud I disable the forum first or redirect people to a page that says the site is currently down?
Re: Ctracker Stops Me Deleting User Account
Posted:
Mon Jan 14, 2008 3:10 pmAuthor: CaNNon
I don't think you host will give you access as they would see it as a security risk to all there sites.
You don't have to close your forum while you do it you'll see a few lines of errors at the very top while it's renamed, but everything will keep working. Your visitors should see very little inconvenience while you work. <img>
Re: Ctracker Stops Me Deleting User Account
Posted:
Mon Jan 14, 2008 4:11 pmAuthor: MWE_001
I had Dreamhost for a very short while. And in fact, they most likely will not let you have access, thus the reason I rented my own server. I would scrap that idea faster then youthought of it. It would be a waste of time, and as has been suggested, it is security on their part. Most hosts will not compromise security for a user.
Posted:
Mon Jan 14, 2008 4:49 pmAuthor: spaniel
Well i'm likely to need my own server too then - can i ask where you rent yours from?
Re: Ctracker Stops Me Deleting User Account
Posted:
Mon Jan 14, 2008 7:38 pmAuthor: Helter
do some searches for your log adds in this post
http://www.integramod.com/forum/viewtopic.php?t=2689I found your delete users add
- Code: Select all
Request-Method]------------------------------------------#/home/profile.php ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1); ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('delete_user'); ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM
many users have posted thier logs
also, it is does not work for you, change
define('CT_SECLEVEL', '
MEDIUM');
to
define('CT_SECLEVEL', '
LOW');
Posted:
Mon Jan 14, 2008 8:48 pmAuthor: spaniel
Wow! What a good Administrator you are - i probably would never have found that. You could probably find a needle in a haystack, couldn't you <img>
my profile.php has this at the top:
- Code: Select all
define('IN_PHPBB', true);define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('delete_user'); $ct_ignorepvar = array('helpbox','delete','deleteall','phpBBSecurity_question','user_interests');
so i added in
- Code: Select all
$ct_ignorepvar = array('delete_user');
and set the level to LOW and now it works. Is it advisable to keep the security there low?
edit: not sure why the php is appearing with the hash key and 40...
Re: Ctracker Stops Me Deleting User Account
Posted:
Mon Jan 14, 2008 9:39 pmAuthor: Helter
Im sure it is fine at low.
Re: Ctracker Stops Me Deleting User Account
Posted:
Wed Jan 16, 2008 2:22 pmAuthor: MWE_001
I would have gladly told ya, but I didnt want to advertise/spam on this board. Sorry about that. I'm glad to hear Helterskelter got ya back on the good foot again. <img> Yeah Helter is a good admin and support. That I do agree with you on.
Posted:
Wed Jan 16, 2008 8:07 pmAuthor: spaniel
Well if u could private me with that information it'd be a great help.
Maybe in the links section we should list the servers/hosts who best support/host IntegraMod.
If we have a wonderful webhost but they can't properly support our forums, what good are they when most of our sites are IM?