CrackerTracker Exploit False Positives

Support for IntegraMOD 141

Moderator: Integra Moderator

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Sat Nov 10, 2007 5:19 pm

try this one.

Code: Select all
define('CT_SECLEVEL', 'LOW');$ct_ignorepvar = array('style_username','style_user_online','style_user_avatar','style_user_from','style_user_regdate','style_user_gender','style_user_age','style_user_posts','style_user_cashpr','style_user_cashtp','style_user_holidays','style_user_country','style_user_warnings','style_user_sig','style_user_photo','style_user_birthday','style_user_pm','style_user_album','style_user_email','style_user_website','style_user_aim','style_user_yim','style_user_msnm','style_user_skype','style_user_icq','style_user_rank_title','style_user_session_time','style_user_session_page','style_user_my_friend','style_user_my_ignore','style_user_posts_stat');
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: ThePlague » Sun Nov 11, 2007 10:16 am

Thanks CaNNon

I Tried it but it's still refusing to let me change the display avatar option.

Think I might do what others have done.. Remove CT.
Not much point using it when all I have seen and read that it does is block out legitmate changes.

I am aware that its buggy, but for all the hasle it causes to admins it defeats the object of running it. Will wait for the bugs to be patched once and for all I think.

I have lots of CT messages appearing when I am trying to perform legal opporations within my ACP too many to sit and debug everytime lol.

Integramod itself works great, just what I needed for my clan site but CT is making setting it up a nightmare.

No offence to CT but its not for me yet.

Reminds me of the gaming anti cheat software punkbuster. We run it on our call of duty 2 multiplayer gaming server and all I have seen it remove is legitmate players including me lol
Last edited by ThePlague on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

ThePlague
Newbie
Newbie
 
Posts: 15
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Sat Nov 10, 2007 5:25 am
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Sun Nov 11, 2007 11:12 am

ROFLMFAO!
Yea good pick on that one, I know punkbuster all to well!
errrr.... do we know each other?

Try this first some others have used it to work around CT and well it worked for them. Rename the CT folder now your going to see a lot of errors at the top of each page but it's going to run make your fix's and then restore the folder name.

That ct progie is a lot of troubles to get running with all the things in this mod but trust me when your looking over the hack attempts in the log you'll be glad you have it. <img>
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: ThePlague » Sun Nov 11, 2007 11:24 am

Hehehehe..

Funny but your name does look familiar :)

1.4.1 has proved really usefull... I spent 2 hours when I first installed it looking for a package manager to install mods with, then I realised that was the SMF forum system with a package manager ROFL!

Cheers CaNNon!
Last edited by ThePlague on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

ThePlague
Newbie
Newbie
 
Posts: 15
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Sat Nov 10, 2007 5:25 am
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Sun Nov 11, 2007 11:29 am

Happy hunting m8!
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00

PostAuthor: varagon » Tue Dec 25, 2007 12:46 am

When changing or adding banners I get this problem.

It's a new install, so I might have more problems.

Where is this "patch" for all the problems on cbtracker at?

Thanks!
Last edited by varagon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

varagon
Members
Members
 
Posts: 46
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Fri Aug 25, 2006 8:42 am
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Tue Dec 25, 2007 9:29 am

The latest down load has the patches included. On a new install you will need to debug. Follow the directions in the first post, then post the logged info if you need a hand.
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00

PostAuthor: varagon » Tue Dec 25, 2007 10:37 pm

Hi again. I changed the admin banner file as described in the logmanager debug entry, posted below, but still get the same pink debug window.

"debug log manager" wrote:++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /admin/admin_banner.php
----------------

Request-Method: POST

Matching rule: or
In variable: banner_de.scription
In variable: banner_comment

Possible solution:
------------------

#
#-----[ OPEN ]------------------------------------------
#
/admin/admin_banner.php

#
#-----[ FIND ]------------------------------------------
#
require('./pagestart.' . $phpEx);

#
#-----[ AFTER, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('banner_de.scription','banner_comment');

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM


Any more suggestsion?

I didn't quite understand the last page (3) of the linked post on debugging the files... quoted here:
http://www.integramod.com/forum/kb.php? ... =3&start=0

"Teelk Date 17 Jan 2007 10:45 am" wrote:After changing the relevant file, change the Debug Mode in the ctracker/engines/ct_security.php from "true" to "false", so that there's no message in the header anymore.

If a php file requires "define('CT_SECLEVEL','MEDIUM');" code to be inserted in a file that has already been edited with CrackerTracker code, then you may need to edit the insert as follows:

This is how NOT to do it: (this is only an example)

define('CT_SECLEVEL','MEDIUM');
$ct_ignorepvar = array('message')
define('CT_SECLEVEL','MEDIUM');
$ct_ignorepvar = array('welcome_text')

This code would be correct:

define('CT_SECLEVEL','MEDIUM');
$ct_ignorepvar = array('message','welcome_text')


Happy Christmas, eh? <img>

Thanks a lot, again!
Last edited by varagon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

varagon
Members
Members
 
Posts: 46
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Fri Aug 25, 2006 8:42 am
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Wed Dec 26, 2007 12:13 am

Code: Select all
define('CT_SECLEVEL', 'LOW');$ct_ignorepvar = array('banner_de.scription','banner_comment');


You can try this but I've never had to us a fix on that file, give it a bit though some one may have a answer.

The part your not understanding is syntax examples of proper and improper formating of the command and some examples. It's handy to understand that when you have to apply more that one fix to the same file.
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: DjPorkchop » Sat Jan 19, 2008 4:18 pm

So here is the million dollar question..... What do we do when we have done all the debugs that CTracker tells us too and no matter what we do, it STILL tells us to kiss it's A**?

Love having CTracker, but dam. lol Even it dont know all the answers but blocks them everything anyhow.

And I would say what it is doing it on, but there is so many things. Arcade, Classified ads, etc etc etc etc. Most of all Alerts that came up have been debugged but there are still some as I stated that no fix is to be had no matter what. This kind of shafts us out of creating a website to suit our needs if we have to do without and just go with a palin jane install. BORING!!!!! <img>

If anyone IS interested, it is as stated the activity mod on certain games And adding categories in classified ads mod.
Last edited by DjPorkchop on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
DjPorkchop
Administrator
Administrator
 
Posts: 1591
Likes: 132 posts
Liked in: 26 posts
Images: 0
Joined: Fri Apr 21, 2006 7:59 pm
Cash on hand: 1,570.25
Location: Illinois
IntegraMOD version: phpBB2x

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Sat Jan 19, 2008 7:23 pm

I don't have stuff installed did you save the debug log?
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: DjPorkchop » Sat Jan 19, 2008 7:44 pm

Yeah....as a matter of fact I do have.

This one worked for classified ads

Code: Select all
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename]------------------------------------------#/ads_create.php  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('submit','additional_info');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM


Now I can create ads

This debug did not work

Code: Select all
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename]------------------------------------------#/admin/admin_ads_categories.php  ##-----[ FIND ]------------------------------------------#require('./pagestart.' . $phpEx);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('submit','category');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM


So now I can create ads and I have got to create SOME categories and sub categories. But others I try to create, it just wont let me.

*Edit*
Ok just for sh*ts and giggles, The category I was Creating was Merchandise For Sale I couldnt help but notice in the debug, the word OR So I changed the word For to Fer and Ctracker did NOT go off and I was able to create the category. <img> BUT I created another category with the word memorials and Cracker Tracker was never set off. Now Im scratching my Chin
Last edited by DjPorkchop on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
DjPorkchop
Administrator
Administrator
 
Posts: 1591
Likes: 132 posts
Liked in: 26 posts
Images: 0
Joined: Fri Apr 21, 2006 7:59 pm
Cash on hand: 1,570.25
Location: Illinois
IntegraMOD version: phpBB2x

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Sun Jan 20, 2008 10:22 am

Have to set it to LOW yet? That could help with stuff inside the fields.
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: DjPorkchop » Sun Jan 20, 2008 12:49 pm

Yep. I tried Low as well. I finally just ended up renaming the ctracker folder to -ctracker and set my ads up and adjusted some more stuff while I was at it.

Too bad i had to cheat the system, but had to get things in order. Im still playing with it though trying to find a fix.
Last edited by DjPorkchop on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
DjPorkchop
Administrator
Administrator
 
Posts: 1591
Likes: 132 posts
Liked in: 26 posts
Images: 0
Joined: Fri Apr 21, 2006 7:59 pm
Cash on hand: 1,570.25
Location: Illinois
IntegraMOD version: phpBB2x

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Sun Jan 20, 2008 9:29 pm

Cheating the system no way, you just did a creative repair! <img>
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: DjPorkchop » Mon Jan 21, 2008 12:09 am

[quote=""CaNNon";p="30557""]Cheating the system no way, you just did a creative repair! :wink: For sure. I still have some more to go though that I cant do a "creative repair" on. Like some of the games going off in cracker tracker for activity mod.
Last edited by DjPorkchop on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
DjPorkchop
Administrator
Administrator
 
Posts: 1591
Likes: 132 posts
Liked in: 26 posts
Images: 0
Joined: Fri Apr 21, 2006 7:59 pm
Cash on hand: 1,570.25
Location: Illinois
IntegraMOD version: phpBB2x

Re: CrackerTracker Exploit False Positives

PostAuthor: DjPorkchop » Mon Jan 21, 2008 11:50 pm

And the following debug info worked for the Vault Mod

Code: Select all
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename]------------------------------------------#/admin/admin_qbar.php  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('explain');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /admin/admin_vault_exchange.php----------------  Request-Method: POST  Matching rule: 'In variable:   stock_desc  Possible solution:------------------  ##-----[ OPEN ]------------------------------------------#/admin/admin_vault_exchange.php  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('stock_desc');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM  
Last edited by DjPorkchop on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
DjPorkchop
Administrator
Administrator
 
Posts: 1591
Likes: 132 posts
Liked in: 26 posts
Images: 0
Joined: Fri Apr 21, 2006 7:59 pm
Cash on hand: 1,570.25
Location: Illinois
IntegraMOD version: phpBB2x

Re: CrackerTracker Exploit False Positives

PostAuthor: spaniel » Tue Feb 05, 2008 11:50 pm

"atomhead";p="22144" wrote:
Code: Select all
##-----[ OPEN ]------------------------------------------#/forums/kb.php  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('article_desc','message');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM  


False positive.. applying this fix doesn't get rid of it. Error is when trying to add a KB article.



Can I ask, did you try setting the CT_SECLEVEL to 'LOW' instead of 'MEDIUM' and did it solve the problem?

Strange thing is, KB lets me post articles but one of my users said he got locked out by Ctracker when he tried.
Last edited by spaniel on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

spaniel
Sr Integra Member
Sr Integra Member
 
Posts: 220
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Wed Apr 26, 2006 4:29 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: meijin » Sun Feb 24, 2008 11:44 pm

In trying to add a new acronym to the list, I got a false positive....corrected with the following:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /im4/admin/admin_acronyms.php
----------------

Request-Method: POST

Matching rule: or
In variable: de.scription

Possible solution:
------------------

#
#-----[ OPEN ]------------------------------------------
#
/im4/admin/admin_acronyms.php

#
#-----[ FIND ]------------------------------------------
#
define('IN_PHPBB', 1);

#
#-----[ AFTER, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('de.scription');

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM


Followed the referenced KB article and it worked like a charm.

I hope I posted this correctly and that it helps someone out.

Michael
Last edited by meijin on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Michael
User avatar
meijin
Members
Members
 
Posts: 62
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Fri Feb 22, 2008 2:16 am
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Mon Feb 25, 2008 12:25 am

I think we have a new record! Whats it like 12 hours from almost giving up to his first bit of helping others.

NICE! <img>
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: meijin » Mon Feb 25, 2008 12:29 am

"CaNNon";p="31752" wrote:I think we have a new record! Whats it like 12 hours from almost giving up to his first bit of helping others.

NICE! <img>


LOL! With the great amount of help and support that I have gotten here, I just wanted to try and help out a little as well...that's what it is all about, right?

Thanks for the comments...
Last edited by meijin on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Michael
User avatar
meijin
Members
Members
 
Posts: 62
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Fri Feb 22, 2008 2:16 am
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Mon Feb 25, 2008 12:40 am

yep, was the same for me <img>
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00

PostAuthor: BlahBlahCha » Wed May 07, 2008 12:09 pm

Everytime i try to add a new Forum or category, that pops up and it says that it blocked a worm and so on, What's wrong? Hope you can help.
Last edited by BlahBlahCha on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

BlahBlahCha
Newbie
Newbie
 
Posts: 26
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Fri May 02, 2008 10:03 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Wed May 07, 2008 8:56 pm

Check the first post in this tread get debug running and make the edit it says. if you still have a issue post the debug info so people can compare it to what they have done.
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00

PostAuthor: BlahBlahCha » Wed May 07, 2008 10:33 pm

Well, i changed it from false to true, but when i went back to my forum, i wasn't in debug mode. So i guess nothing happened, this message only appears when i'm editing a forum or creating one, it's odd.
Last edited by BlahBlahCha on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

BlahBlahCha
Newbie
Newbie
 
Posts: 26
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Fri May 02, 2008 10:03 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Thu May 08, 2008 7:14 am

You should have seen a CT block warning that it was in debug mode?

Also you may have to ftp into the CT folder and download the log.
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00

PostAuthor: BlahBlahCha » Thu May 08, 2008 8:19 am

Well, i just opened my file manager and edited the code from false to true and saved it. Do i have to delete it and re-upload a new one? would that make a difference?
Last edited by BlahBlahCha on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

BlahBlahCha
Newbie
Newbie
 
Posts: 26
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Fri May 02, 2008 10:03 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Thu May 08, 2008 1:23 pm

Aaaaa ....
You know after you save it you have to ftp it to the proper folder on your site? <img>
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00

PostAuthor: BlahBlahCha » Thu May 08, 2008 7:59 pm

Well, i edited it with phpmyadmin or whatever, and i "saved changes" So i didn't move it anywhere.
Last edited by BlahBlahCha on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

BlahBlahCha
Newbie
Newbie
 
Posts: 26
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Fri May 02, 2008 10:03 pm
Cash on hand: 0.00

PostAuthor: Blue-Blood » Thu May 08, 2008 10:18 pm

How do you debug?

What is it, a .script that will tell you how to fix your error problems?
Last edited by Blue-Blood on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

Blue-Blood
Integra Member
Integra Member
 
Posts: 102
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue Jul 04, 2006 9:46 pm
Cash on hand: 0.00
Location: Louisville KY

PostAuthor: BlahBlahCha » Thu May 08, 2008 10:42 pm

just rename the "ctracker" folder to anything, even if you just change one letter, then edit it, and then change the name back to normal. Be sure to be in your boards administrative panel before you rename it, worked for me <img>
Last edited by BlahBlahCha on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

BlahBlahCha
Newbie
Newbie
 
Posts: 26
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Fri May 02, 2008 10:03 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Thu May 08, 2008 11:10 pm

It's better to do the edits as your kind of teaching it what you want it to do.

http://www.integramod.com/forum/kb.php? ... ticle&k=22
that will teach you how, one exception the newer versions of CT you have to get the log FTP from the folder.
Once you have a file name you just edit it and do the fix debug suggests.
If the debug doesn't work you come back to this tread and post the debug, it has enough info that
we can match it to ours and give you what edits we have done.
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: Allen » Fri May 09, 2008 1:02 am

Umm I just found version 1.4.1g updated yesterday may 8th??? I downloaded version f april 23rd 2 weeks ago. and 2 weeks I spent debuging...

I am using 1.4.1f

Then I find version g just now.

First question, how do I upgrade from ver f to ver g? My admin window says I am up to date. Do I have to do a fresh install to get the new version?? All I can find is the full version and from 1.4.0-1.4.1 I need the one for 1.4.1f - 1.4.1g
Last edited by Allen on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
User avatar
Allen
Integra Member
Integra Member
 
Posts: 100
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue Apr 22, 2008 10:08 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Fri May 09, 2008 8:29 am

I would do the new edits and not re install the full package. Helter posted the differences here: http://www.integramod.com/forum/integra ... t4940.html
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: Allen » Fri May 09, 2008 8:39 am

So, you are telling me there is still no fix? This CTracker has been flawed for 1 1/2 years.. at least that is when this topic began...

Is there ever going to be a fix?

I am getting frustrated and honestly I dont think I can bring myself to edit this anymore.

I am starting to actually consider spending $160.00 and starting over with the "other" program.
Last edited by Allen on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
User avatar
Allen
Integra Member
Integra Member
 
Posts: 100
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue Apr 22, 2008 10:08 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Fri May 09, 2008 1:25 pm

I don't think your understanding the why Allen, CT is not broken or in need of a fix in the way you see it. As you know the package includes over 100 mods and CT can help protect whatever you wish to add if your willing to teach it. This is what makes it so good and yea I agree this can really be a pain sometimes.
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: Allen » Fri May 09, 2008 1:41 pm

your right, i am missing the why.. I would think that CT would already understand that PM's are allowed.. I just got a report of PM having CT warning. Real name in reg has CT warning. Couldn't the bulk of known OK action be patched or OK'd by CT before release?
Last edited by Allen on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
User avatar
Allen
Integra Member
Integra Member
 
Posts: 100
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue Apr 22, 2008 10:08 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: Allen » Fri May 09, 2008 1:42 pm

really i am not trying to be difficult <img>
Last edited by Allen on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
User avatar
Allen
Integra Member
Integra Member
 
Posts: 100
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue Apr 22, 2008 10:08 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Fri May 09, 2008 8:51 pm

Do you have a debug for that? cause if you have the error I can compare it to my file and get you what I've done.

There are just to many files to guess, the package has like 10,000 small files when you include the bb2 and stuff I have on my site. If you don't have a debug turn it on and recreate what happened. We can help you but we do need a error so we know what were working on. <img>
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: Allen » Sun May 11, 2008 12:12 am

So far I have added this to profile.php

define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('user_realname','helpbox','phpBBSecurity_question');
include($phpbb_root_path . 'common.'.$phpEx);


Seems to have taken care of realname, PM(helpbox) and SecurityQuestion.

I asume I will eventually have to add all the user fields required for login in the profile.php as Ok ..

First user reported trouble registering so I had to add 'user_realname' then they could register.
I just had to add the 'phpBBSecurity_question' for a second user that can't finish registering..

Stop the Insanity!
Last edited by Allen on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
User avatar
Allen
Integra Member
Integra Member
 
Posts: 100
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue Apr 22, 2008 10:08 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Sun May 11, 2008 8:06 am

define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('helpbox','delete','deleteall','phpBBSecurity_question','user_interests');


This is what I have for that file. I never needed 'user_realname' you had that returned in a debug?
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: Allen » Sun May 11, 2008 9:35 am

Yes I got real name in a Cracker Log when a friend was trying to register. Now today I get a report of an error on the profile page where you set occupation. I do not see that in your .script either. here is the debug file,,, Makes no cents.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /profile.php
----------------

Attack-Time: 11.05.2008 7:20 am
------------

Request-Method: POST

Possible solution:
------------------

#
#-----[ OPEN ]------------------------------------------
#
/profile.php

#
#-----[ FIND ]------------------------------------------
#
include($phpbb_root_path . 'common.'.$phpEx);

#
#-----[ BEFORE, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('');

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM

Last edited by Allen on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
User avatar
Allen
Integra Member
Integra Member
 
Posts: 100
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue Apr 22, 2008 10:08 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Sun May 11, 2008 12:46 pm

I don't have that var, I would guess something like "user_occupation" but hang on a bit someone may know/have it.

I've tried to keep all the posted vars edits, so I would have a kind of help record for them. So thanks for the one you've added. <img>
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00

PostAuthor: BlahBlahCha » Sun May 11, 2008 9:36 pm

I found a way to bypass the error that appears when doing certain things, Making forums, editing them, and sometimes pm's

Go to ACP/Security/Special
Once there, look under this message:

Warning: Setting any of the below to 'Ignore' will allow anyone to use these tricks on your site. You have been warned

And switch these two options to "Ignore"

1. Action to take in an SQL Injection attempt?
2. Action to take in a Sanity Mix Worm attempt?

I Strongly recommend that you switch them back to "ban" once you are done with what you wanted to do.

Works like a breeze <img>
Last edited by BlahBlahCha on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

BlahBlahCha
Newbie
Newbie
 
Posts: 26
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Fri May 02, 2008 10:03 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Mon May 12, 2008 6:49 am

BlahBlahCha, Thats not CrackerTracker thats phpBB Security and is a separate system.

I have no idea how or even if, that could help you in any way with CT debugging.
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00

PostAuthor: BlahBlahCha » Mon May 12, 2008 10:14 am

I was surprised also, because i knew that it had nothing to do with Ctracker. unless it bypasses ctracker some how, they could be working together. It works everytime i turn those options off.
Last edited by BlahBlahCha on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

BlahBlahCha
Newbie
Newbie
 
Posts: 26
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Fri May 02, 2008 10:03 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Mon May 12, 2008 11:32 am

No bypass nor do they work together.
Maybe they matched a check both run at the same time on the same file?
In those cases debug should suggest the proper fix though.
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00

PostAuthor: BlahBlahCha » Mon May 12, 2008 12:59 pm

I'm not sure if that's possible, but you never know.
If this works, i have no reason to debug <img>
Plus whenever i try to enter debug mode, it never works.
Last edited by BlahBlahCha on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

BlahBlahCha
Newbie
Newbie
 
Posts: 26
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Fri May 02, 2008 10:03 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: Allen » Mon May 12, 2008 10:44 pm

My apologies if this issue has already been covered in this forum.

I recently had an issue with the send function of Chatspot. When I view the debug log the line it asks me to look for is not there,,,

Here is the debug log.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /chatspot/message_interpreter.php
----------------

Attack-Time: 12.05.2008 20:54 pm
------------

Request-Method: POST

Matching rule: or
In variable: sent

Matching rule: and
In variable: sent

Possible solution:
------------------

#
#-----[ OPEN ]------------------------------------------
#
/chatspot/message_interpreter.php

#
#-----[ FIND ]------------------------------------------
#
include($phpbb_root_path . 'common.'.$phpEx);

#
#-----[ BEFORE, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('sent');

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM



After using the integramod search forums, I found this.

Omni-Lee
Offline
Joined: 31 Jan 2007
Total posts: 64
2469 Points
Donate

USA

PostPosted: 03 Feb 2007 11:09 pm Post subject: Re: Chatspot not functioning properly Reply with quoteBack to top
This is a problem with CrackTracker catching the 'sent'.

Look for:
PHP: à¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ º à¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ¹ Select à¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ºÃƒÆ’ ¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ¹ Expand à¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ º
define( 'IN_PHPBB', true );


Then insert below:
PHP: à¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ º à¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ¹ Select à¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ºÃƒÆ’ ¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ¹ Expand à¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ º
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('sent');


That should fix you up. But before you do so, turn on CrackTracker debug and hop into chat. Use chat for a few minutes even if it doesn't work. View the CrackTracker debug logfile, to verify the issue was with 'sent'. Sorry I can't show my log, but I clear that log for my own debugging purposes periodically.



Any ideas on why the cracker tracker is asking me to find what is not there? Is there a different way I should understand the tracker? Also, is Omni-lee's answer the best answer?
Last edited by Allen on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
User avatar
Allen
Integra Member
Integra Member
 
Posts: 100
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue Apr 22, 2008 10:08 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: DjPorkchop » Tue May 13, 2008 12:52 am

Well fellas, I would NOT turn those 2 items off in phpBB security. Further more, yes cracker tracker is a pain in the ass. We all know that.

BUT do we all remember someone reporting a hacked site two and 3 times a day when Integramod was 1.4.0 with ONLY phpBB security? And I dont think caughing up the $$$ for the "Other SCript" is going to solve anything at all. I find the support on those sites shady at best. Pay for this, pay for that, pay pay pay pay. And nothing in return when you have issues. Integramod has dam good support for being....FREE.

I have cussed and screamed and hollered at CTracker until I was blue in the face but none the less, None of the 1.4.1 sites I have put up yet have been hacked. PhpBB , VB, IVPB, all of them are php and subject to hacking. One isnt any better then the other.

In the end, doing the debug is well worth it. Never ever take a site live until you debug. As stated before, you just need to teach it right from wrong. Though I do side with you that certain things should be exempt right off the get go such as registration info and stuff like that. That being said, I cant even help out with that area. Out of the DOZENS of IM 1.4.1 sites that I have put together for myself and others, have I ever got any CTracker errors on registration. I truly wish I could help but that I am just lost on.

Keep plugging away at it and before long it will be good to go.
Last edited by DjPorkchop on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
DjPorkchop
Administrator
Administrator
 
Posts: 1591
Likes: 132 posts
Liked in: 26 posts
Images: 0
Joined: Fri Apr 21, 2006 7:59 pm
Cash on hand: 1,570.25
Location: Illinois
IntegraMOD version: phpBB2x

Re: CrackerTracker Exploit False Positives

PostAuthor: Allen » Wed May 14, 2008 9:00 am

This morning I found a debug in the viewtopic.php
Attack-Time: 14.05.2008 8:49 am
------------

Request-Method: GET

Matching rule: php_
In variable: a

Possible solution:
------------------

#
#-----[ OPEN ]------------------------------------------
#
/viewtopic.php

#
#-----[ FIND ]------------------------------------------
#
include($phpbb_root_path . 'common.'.$phpEx);

#
#-----[ BEFORE, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignoregvar = array('a');

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM



Can someone provide me with a complete string for the viewtopic.php page.

Here is what I have so far.

define('CT_SECLEVEL', 'MEDIUM');
$ct_ignoregvar = array('highlight','a');


I think I saw a post that someone had a webpage with all their ctracker patches, but I forgot and didnt save the page. I think it was cannon who posted it. Can I get the list?
Last edited by Allen on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
User avatar
Allen
Integra Member
Integra Member
 
Posts: 100
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue Apr 22, 2008 10:08 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Wed May 14, 2008 11:56 am

I'd like to but i don't have any in viewtopic.php, I've never had CT go off on that one either.
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: Allen » Wed May 14, 2008 12:56 pm

I have found that CT does not go off on the first second maybe even third time using a function. But once you hit 3-4 it can go off.
Last edited by Allen on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
User avatar
Allen
Integra Member
Integra Member
 
Posts: 100
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue Apr 22, 2008 10:08 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: DjPorkchop » Thu May 15, 2008 5:47 pm

I will let everyone know, One day before I was messing around trying to setoff CTracker on purpose and I noticed everytime I used any word that contained the letters O and R in consecutive order, CTracker would go off.

For example the words

For
Or
word
hord

Catch my drift? <img> Look for that when giving downloads, KB Articles and forums any de.scription or title with those tow letters in it. It almost will allways certainly set off CTracker.
Last edited by DjPorkchop on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
DjPorkchop
Administrator
Administrator
 
Posts: 1591
Likes: 132 posts
Liked in: 26 posts
Images: 0
Joined: Fri Apr 21, 2006 7:59 pm
Cash on hand: 1,570.25
Location: Illinois
IntegraMOD version: phpBB2x

Re: CrackerTracker Exploit False Positives

PostAuthor: Allen » Thu May 15, 2008 11:02 pm

I just got this and I am not sure of it. Is this an actuall attack or should I correct this .script in the files??

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /index.php
----------------

Attack-Time: 15.05.2008 12:12 pm
------------

Request-Method: GET

Matching rule: cmd
In variable: phpbb

Possible solution:
------------------

#
#-----[ OPEN ]------------------------------------------
#
/index.php

#
#-----[ FIND ]------------------------------------------
#
include($phpbb_root_path . 'common.'.$phpEx);

#
#-----[ BEFORE, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignoregvar = array('phpbb');

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM

Last edited by Allen on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
User avatar
Allen
Integra Member
Integra Member
 
Posts: 100
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue Apr 22, 2008 10:08 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Fri May 16, 2008 9:41 am

usualy its in the logs trough ACP > CrackerTracker > Logmanager > Worm & Exploit Protection > View.

IF you could match the time and date to the log entries, I think you should find something like when not in debug mode! "/phpBB2/index.php?phpbb=<real>/~beogor/news/cmd??"

If your leaving that on just looking for debugs, be real care full what you debug you could easily allow a .script. <img>

*EDIT*
Sorry worded it better!
Last edited by CaNNon on Fri May 16, 2008 10:02 am, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: Allen » Fri May 16, 2008 9:55 am

This is why I have asked here. I do not have any log of attack in the ACP > CrackerTracker > Logmanager > Worm & Exploit Protection > View.

Just the debug entry. Yes I am still debugging and debug is on. I do not want to allow a .script attack by adding the ignore .script so I came here and asked if what this is...

Let me know please I am waiting to do anything until I know from you.
Last edited by Allen on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
User avatar
Allen
Integra Member
Integra Member
 
Posts: 100
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue Apr 22, 2008 10:08 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Fri May 16, 2008 9:57 am

Don't add it. It's in the debug log and not the attack log when its in debug mode.
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00

PostAuthor: unknown25 » Sat Jul 26, 2008 6:58 pm

i have an error....but i cant fix it

Marquee up: [marq=up]++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /forum/admin/admin_forums_extend.php
----------------

Attack-Time: 26.07.2008 12:41 pm
------------

Request-Method: POST

Matching rule: ls
In variable: desc

Possible solution:
------------------

#
#-----[ OPEN ]------------------------------------------
#
/forum/admin/admin_forums_extend.php

#
#-----[ FIND ]------------------------------------------
#
include($phpbb_root_path . 'common.'.$phpEx);

#
#-----[ BEFORE, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('desc');

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /forum/admin/admin_forums_extend.php
----------------

Attack-Time: 26.07.2008 13:13 pm
------------

Request-Method: POST

Matching rule: ls
In variable: desc

Possible solution:
------------------

#
#-----[ OPEN ]------------------------------------------
#
/forum/admin/admin_forums_extend.php

#
#-----[ FIND ]------------------------------------------
#
include($phpbb_root_path . 'common.'.$phpEx);

#
#-----[ BEFORE, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('desc');

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM

/marq]



i cant find the line:include($phpbb_root_path . 'common.'.$phpEx);

i searched the whole thing...pls help fast
Last edited by unknown25 on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

unknown25
Newbie
Newbie
 
Posts: 2
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Sat Jul 26, 2008 6:45 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: JohnYD » Sun Jul 27, 2008 10:24 am

unknown25: I dont have quite the same problem, but it came up with similar results and could not find the line specified.

I decided to add the information just below require($phpbb_root_path . 'extension.inc'); and it worked just fine for me.

This is what my few lines look like:
Code: Select all
//// Load default header//$phpbb_root_path = "./../";require($phpbb_root_path . 'extension.inc');define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('desc','create','delete','name','icon');require('./pagestart.' . $phpEx);include($phpbb_root_path . 'includes/functions_admin.'.$phpEx);  include_once($phpbb_root_path . 'includes/lite.'.$phpEx);$options = array(     'cacheDir' => $phpbb_root_path . 'var_cache/',);  
Last edited by JohnYD on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
User avatar
JohnYD
Newbie
Newbie
 
Posts: 1
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue Jan 01, 2008 9:50 pm
Cash on hand: 0.00
Location: cleveland

Re:

PostAuthor: zuerston » Fri Sep 19, 2008 8:49 am

"Dick Dynamite" wrote:Also, now I can't even change those settings at all. [Avatar/Sig, ect.]. I'm tempted to just uninstall ctracker until something is made to work. <img>



How do you uninstall this trash program anyway?? its really a sorry ass joke "ctracker"
User avatar
zuerston
Newbie
Newbie
 
Posts: 2
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Sat Sep 13, 2008 1:14 am
Cash on hand: 0.00
Location: Florida

Re: CrackerTracker Exploit False Positives

PostAuthor: AliasWeird » Thu Oct 09, 2008 2:00 pm

Where is this Knowledge Base showing me how to fix these false messages. As far as I can tell, there are no KB on this site.. I can't add/edit Categories to the forum.

AliasWeird
Newbie
Newbie
 
Posts: 1
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Mon Jan 22, 2007 7:02 am
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: xero419 » Thu Oct 09, 2008 2:58 pm

"AliasWeird" wrote:Where is this Knowledge Base showing me how to fix these false messages. As far as I can tell, there are no KB on this site.. I can't add/edit Categories to the forum.


Agreed. I'm trying to put my CTmod in debug mode. I've done it before, but I forgot how.. it's not in the KB

xero419
Newbie
Newbie
 
Posts: 1
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Sep 11, 2008 8:37 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: Allen » Sun Jan 18, 2009 11:10 pm

I am having a tough time with the search function also. Since the new portal it has not been the same. It seems to ignore the smaller word when I am searching for a specific statement. I get results for just the larger word it seems. I am sure the box "Search for all terms or use query as entered" is checked.
User avatar
Allen
Integra Member
Integra Member
 
Posts: 100
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue Apr 22, 2008 10:08 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: pangor » Tue Apr 21, 2009 11:10 am

Is there a comprehensive patch pack for all known failings of the poorly tested cracker tracker integration. Even with sites that have been running for years now, honest site members are being visited by that dreaded message effectively calling them criminals. Why has there been no such upgrade to say 1.4.2 been released with all such fixes already installed?

pangor
Newbie
Newbie
 
Posts: 2
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue Jan 30, 2007 7:00 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: viragotech » Thu May 28, 2009 11:10 am

error
Last edited by viragotech on Wed Sep 15, 2010 9:53 pm, edited 1 time in total.
User avatar
viragotech
Sr Integra Member
Sr Integra Member
 
Posts: 292
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Wed Jul 04, 2007 11:30 am
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: Karl-D » Thu Aug 19, 2010 5:36 am

Can somebody remind me how to activate the debug mode.
User avatar
Karl-D
Integra Supporter
Integra Supporter
 
Posts: 104
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Tue May 30, 2006 6:23 am
Cash on hand: 0.00
Location: Cornwall UK

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Thu Aug 19, 2010 5:44 am

Try this KB post, if you still need help post back. <img>
[url=http]http://www.integramod.com/forum/knowledge/kb_show.php?id=12[/url]
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: viragotech » Wed Sep 15, 2010 9:50 pm

canot find said line in said file, CT error when trying to optmize DB

"include($phpbb_root_path . 'common.'.$phpEx);"


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /xxx/admin/admin_db_utilities.php
----------------

Attack-Time: 15.09.2010 23:47 pm
------------

Request-Method: POST

Matching rule: _server
In variable: selected_tbl

Matching rule: _server
In variable: selected_tbl

Possible solution:
------------------

#
#-----[ OPEN ]------------------------------------------
#
/xxx/admin/admin_db_utilities.php

#
#-----[ FIND ]------------------------------------------
#
include($phpbb_root_path . 'common.'.$phpEx);

#
#-----[ BEFORE, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('selected_tbl');

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM


Typical fix works,

#-----[ FIND ]------------------------------------------
#
define('IN_PHPBB', 1);

#
#-----[ AFTER, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignoregvar = array('this_query');

#
#-----[ SAVE/CLOSE ALL FILES ]----------------------------------------- -
#
# EoM
User avatar
viragotech
Sr Integra Member
Sr Integra Member
 
Posts: 292
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Wed Jul 04, 2007 11:30 am
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: Helter » Thu Sep 16, 2010 2:11 am

FIND

Code: Select all
define('IN_PHPBB', 1);


AFTER, ADD

Code: Select all
define('CT_SECLEVEL', 'LOW');$ct_ignorepvar = array('selected_tbl');
"Success is getting what you want. Happiness is wanting what you get." - Dale Carnegie
User avatar
Helter
Administrator
Administrator
 
Posts: 4553
Likes: 40 posts
Liked in: 115 posts
Images: 0
Joined: Sat Mar 11, 2006 4:46 pm
Cash on hand: 1,954.10
Location: Seattle Wa
IntegraMOD version: phpBB2x

Re: CrackerTracker Exploit False Positives

PostAuthor: viragotech » Thu Sep 16, 2010 7:36 am

Yep the old goto code strikes again <img>

Any tips for random folks getting CT blocked doing the required profile updates, yet some are fine. Age of account seems to make no matter.

I had no problem.
User avatar
viragotech
Sr Integra Member
Sr Integra Member
 
Posts: 292
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Wed Jul 04, 2007 11:30 am
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: Helter » Thu Sep 16, 2010 1:59 pm

you should be able to look through the CTracker logs to find the blocked functions.
"Success is getting what you want. Happiness is wanting what you get." - Dale Carnegie
User avatar
Helter
Administrator
Administrator
 
Posts: 4553
Likes: 40 posts
Liked in: 115 posts
Images: 0
Joined: Sat Mar 11, 2006 4:46 pm
Cash on hand: 1,954.10
Location: Seattle Wa
IntegraMOD version: phpBB2x

Previous

Return to IntegraMOD 141

Who is online

Registered users: App360MonitorBot, Bing [Bot], Google [Bot]