IntegraMOD

Home of phpBB Integrated Modifications

Skip to content

It is currently Sat Apr 20, 2024 7:08 am

CrackerTracker Debug HowTo

Stop Getting Blocked by CrackerTracker



Page 1
Page 2
Page 3

Image
Important Security Info:


I would like to stress that when you have debug mode turned on, false positives and genuine attacks are logged and "fixes" are provided for both. As a result, please only turn on debug mode for short periods of time and make sure you check whether you have a true error or a genuine block when applying the "ignore" variables.
 
 
If there's a Security Warning while running CTracker v5.0.3 (eg. when adding a download, adding a forum, sending a post), you have to do this:

Download the ctracker/engines/ct_security.php, open it and search for the following line:

define('CT_DEBUG_MODE', false);

and replace it with:

define('CT_DEBUG_MODE', true);

Upload the file to your webspace.

All admins now get a message in the header which says that the Debug Mode is active.

Now do exactly the same as before, until it comes to the security warning.
Then go to your ACP->CrackerTracker->Logmanager and read the "Debug-Entries".

There you'll find instructions about how to fix the warning.
 
 


Page 1
Page 2
Page 3

These instructions read like MOD installation instructions. Therefore, every admin should understand them easily.

Image

The example above outlines what the debug information will look like when viewed through the ACP.

The image below shows an example of what the instructions look like. In this case, the file admin/cash_config.php was being blocked. The fields cash_post_message and cash_disable_spam_message were being blocked by CTracker because their input matched certain characters or phrases that may be used by a hacker.
Image
 
 


Page 1
Page 2
Page 3


After changing the relevant file, change the Debug Mode in the ctracker/engines/ct_security.php from "true" to "false", so that there's no message in the header anymore.

If a php file requires "define('CT_SECLEVEL','MEDIUM');" code to be inserted in a file that has already been edited with CrackerTracker code, then you may need to edit the insert as follows:

This is how NOT to do it: (this is only an example)

define('CT_SECLEVEL','MEDIUM');
$ct_ignorepvar = array('message')
define('CT_SECLEVEL','MEDIUM');
$ct_ignorepvar = array('welcome_text')

This code would be correct:

define('CT_SECLEVEL','MEDIUM');
$ct_ignorepvar = array('message','welcome_text')
 
 
 
##### WARNING #####
While the Debug Mode is active, you will probably notice your board runs slower then normal.
This is because the Debug Mode analyzes input and any triggered block rules very carefully.

Please also note that the logging system only logs debug entries and not exploit-entries while the Debug Mode is active.
##### WARNING #####
 
 
Released on: Tue Feb 25, 2014 5:09 pm
from: IntegraMOD
Article type: Tutorial
Viewed: 576
Rating: 0/5 (0 Ratings)

[ View topic ]

Return to Troubleshooting


Powered by phpBB® Forum Software © phpBB Group
Portal: Kiss Portal Engine © 2013 Michael O'Toole

Knowledge Base by Tobi Schaefer
Support Ukraine
support Ukraine
cron