Beta Fortress(TM) 1.20 Released

Posted: Sun May 23, 2004 11:31 am

Hello,

For those who are receiving an error message after adding the code to your mainfile.php

Find:
if (eregi("mainfile.php",$_SERVER['PHP_SELF'])) { // Current code
Header("Location: index.php"); // Current code

After, Add
}

**Notice** There is an open bracket, therefore all you need to do is add the close bracket and the error message disappear.

Posted: Sun May 23, 2004 12:34 pm

Here is my mainfile (www.nukecommunity.com/fortress.htm) but every time i attack my site i get back to index.php but nothing appears in my fortress.htm file?

Code:

/************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
/* Additional security checking code 2003 by chatserv */
/* http://www.nukefixes.com -- http://www.nukeresources.com */
/************************************************************************/
//Nav Tap
include("includes/navtap.php");
$phpver = phpversion();
if ($phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible')) {
if (extension_loaded('zlib')) {
ob_end_clean();
ob_start('ob_gzhandler');
}
} else if ($phpver > '4.0') {
if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if (extension_loaded('zlib')) {
 $do_gzip_compress = TRUE;
 ob_start();
 ob_implicit_flush(0);
 //header('Content-Encoding: gzip');
}
}
}

$phpver = explode(".", $phpver);
$phpver = "$phpver[0]$phpver[1]";
if ($phpver >= 41) {
$PHP_SELF = $_SERVER['PHP_SELF'];
}

if (!ini_get("register_globals")) {
import_request_variables('GPC');
}
// Union Tap Code Final // Add this line
// Copyright 2004 // Add this line
// Paul Laudanski // Add this line
// http://computercops.biz // Add this line
// http://fortress.cc // Add this line

define('ZERO', true); // Add this line
include('fortress.php'); // Add this line
Bards($addr); // Add this line
foreach ($_GET as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("$[^>]*\"?[^)]*$", $secvalue)) ||
(eregi("\"", $secvalue))) {
# die ("<center><img src=images/logo.gif> The html tags you attempted to use are not allowed [ <a href=\"javascript:history.go(-1)\">Go Back</a> ]");
$method = "BAD-TAGS"; // Add this line
$matches[1] = "BAD-TAGS"; // Add this line
AlertMail($method); // Add this line
AlertLog($method); // Add this line
}
}

foreach ($_POST as $secvalue) {
if ((eregi("<[^>]script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]style*\"?[^>]*>", $secvalue))) {
die ("<center><img src=images/logo.gif> The html tags you attempted to use are not allowed [ <a href=\"javascript:history.go(-1)\">Go Back</a> ]");
}
}
ccheck(); // Add this line
ucheck(); // Add this line
ReleaseVars(); // Add this line
if (eregi("mainfile.php",$_SERVER['PHP_SELF'])) {
Header("Location: index.php");
die();
}

if ($forum_admin == 1) {
require_once("../../../config.php");
require_once("../../../db/db.php");
} elseif ($inside_mod == 1) {
require_once("../../config.php");
require_once("../../db/db.php");
} else {
require_once("config.php");
require_once("db/db.php");
/* FOLLOWING TWO LINES ARE DEPRECATED BUT ARE HERE FOR OLD MODULES COMPATIBILITY */
/* PLEASE START USING THE NEW SQL ABSTRACTION LAYER. SEE MODULES DOC FOR DETAILS */
require_once("includes/sql_layer.php");
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
}

$mainfile = 1;
$result = $db->sql_query("SELECT * FROM ".$prefix."_config");
$row = $db->sql_fetchrow($result);
$sitename = $row['sitename'];
$nukeurl = $row['nukeurl'];
$site_logo = $row['site_logo'];
$slogan = $row['slogan'];
$startdate = $row['startdate'];
$adminmail = stripslashes($row['adminmail']);
$anonpost = $row['anonpost'];
$Default_Theme = $row['Default_Theme'];
$foot1 = $row['foot1'];
$foot2 = $row['foot2'];
$foot3 = $row['foot3'];
$commentlimit = intval($row['commentlimit']);
$anonymous = $row['anonymous'];
$minpass = intval($row['minpass']);
$pollcomm = intval($row['pollcomm']);
$articlecomm = intval($row['articlecomm']);
$broadcast_msg = intval($row['broadcast_msg']);
$my_headlines = intval($row['my_headlines']);
$top = intval($row['top']);
$storyhome = intval($row['storyhome']);
$user_news = intval($row['user_news']);
$oldnum = intval($row['oldnum']);
$ultramode = intval($row['ultramode']);
$banners = intval($row['banners']);
$backend_title = $row['backend_title'];
$backend_language = $row['backend_language'];
$language = $row['language'];
$locale = $row['locale'];
$multilingual = intval($row['multilingual']);
$useflags = intval($row['useflags']);
$notify = intval($row['notify']);
$notify_email = $row['notify_email'];
$notify_subject = $row['notify_subject'];
$notify_message = $row['notify_message'];
$notify_from = $row['notify_from'];
$moderate = intval($row['moderate']);
$admingraphic = intval($row['admingraphic']);
$httpref = intval($row['httpref']);
$httprefmax = intval($row['httprefmax']);
$CensorMode = intval($row['CensorMode']);
$CensorReplace = $row['CensorReplace'];
$copyright = $row['copyright'];
$Version_Num = $row['Version_Num'];
$domain = eregi_replace("http://", "", $nukeurl);
$tipath = "images/topics/";
$mtime = microtime();
$mtime = explode(" ",$mtime);
$mtime = $mtime[1] + $mtime[0];
$start_time = $mtime;

if ($forum_admin != 1) {
if (isset($newlang) AND !eregi("\.","$newlang")) {
if (file_exists("language/lang-".$newlang.".php")) {
 setcookie("lang",$newlang,time()+31536000);
 include("language/lang-".$newlang.".php");
 $currentlang = $newlang;
} else {
 setcookie("lang",$language,time()+31536000);
 include("language/lang-".$language.".php");
 $currentlang = $language;
}
} elseif (isset($lang)) {
include("language/lang-".$lang.".php");
$currentlang = $lang;
} else {
setcookie("lang",$language,time()+31536000);
include("language/lang-".$language.".php");
$currentlang = $language;
}
}

function get_lang($module) {
global $currentlang, $language;
if (file_exists("modules/$module/language/lang-".$currentlang.".php")) {
if ($module == admin) {
 include_once("admin/language/lang-".$currentlang.".php");
} else {
 include_once("modules/$module/language/lang-".$currentlang.".php");
}
} else {
if ($module == admin) {
 include_once("admin/language/lang-".$currentlang.".php");
} else {
 include_once("modules/$module/language/lang-".$language.".php");
}
}
}

function is_admin($admin) {
global $prefix, $db;
if(!is_array($admin)) {
$admin = addslashes($admin);
$admin = base64_decode($admin);
$admin = explode(":", $admin);
$aid = "$admin[0]";
$pwd = "$admin[1]";
} else {
$aid = "$admin[0]";
$pwd = "$admin[1]";
}
if ($aid != "" AND $pwd != "") {
$aid = substr("$aid", 0,25);
$result = $db->sql_query("SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'");
$row = $db->sql_fetchrow($result);
$pass = $row['pwd'];
if($pass == $pwd && $pass != "") {
 return 1;
}
}
return 0;
}

function is_user($user) {
global $prefix, $db, $user_prefix;
if(!is_array($user)) {
$user = addslashes($user);
$user = base64_decode($user);
$user = explode(":", $user);
$uid = "$user[0]";
$pwd = "$user[2]";
} else {
$uid = "$user[0]";
$pwd = "$user[2]";
}
$uid = addslashes($uid);
$uid = intval($uid);
if ($uid != "" AND $pwd != "") {
$result = $db->sql_query("SELECT user_password FROM ".$user_prefix."_users WHERE user_id='$uid'");
$row = $db->sql_fetchrow($result);
$pass = $row['user_password'];
if($pass == $pwd && $pass != "") {
 return 1;
}
}
return 0;
}

function is_group($user, $name) {
global $prefix, $db, $user_prefix;
if(!is_array($user)) {
$user = addslashes($user);
$user = base64_decode($user);
$user = explode(":", $user);
$uid = "$user[0]";
$pwd = "$user[2]";
} else {
$uid = "$user[0]";
$uid = intval($uid);
$pwd = "$user[2]";
}
if ($uid != "" AND $pwd != "") {
$result = $db->sql_query("SELECT user_password FROM ".$user_prefix."_users WHERE user_id='$uid'");
$row = $db->sql_fetchrow($result);
$pass = $row['user_password'];
if($pass == $pwd && $pass != "") {
$result2 = $db->sql_query("SELECT points FROM ".$user_prefix."_users WHERE user_id='$uid'");
 $row2 = $db->sql_fetchrow($result2);
 $points = $row2['points'];
$result3 = $db->sql_query("SELECT mod_group FROM ".$prefix."_modules WHERE title='$name'");
 $row3 = $db->sql_fetchrow($result3);
 $mod_group = $row3['mod_group'];
$result4 = $db->sql_query("SELECT points FROM ".$prefix."_groups WHERE id='$mod_group'");
 $row4 = $db->sql_fetchrow($result4);
 $grp = intval($row4['points']);
if (($points >= 0 AND $points >= $grp) OR $mod_group == 0) {
 return 1;
 }
}
}
return 0;
}

function update_points($id) {
global $user_prefix, $prefix, $db, $user;
if (is_user($user)) {
if(!is_array($user)) {
 $user = addslashes($user);
 $user1 = base64_decode($user);
 $user1 = explode(":", $user1);
 $username = "$user1[1]";
} else {
 $username = "$user1[1]";
}
if ($db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_groups")) > '0') {
 $id = intval($id);
$result = $db->sql_query("SELECT points FROM ".$prefix."_groups_points WHERE id='$id'");
 $row = $db->sql_fetchrow($result);
 $rpoints = intval($row['points']);
 $db->sql_query("UPDATE ".$user_prefix."_users SET points=points+" . $rpoints . " WHERE username='$username'");
}
}
}

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

Did you create the htm file or did you copy/paste it from the php file footer? Also, its not a good idea to include navtap in the beginning, you might want to move that down.

Posted: Sun May 23, 2004 12:39 pm

ok i removed the old unionTap files, but i still have the same problem, every time i do an union attack, nuke sends me back to index.php without performing the request, but the problem is there is also no entry in fortress.htm ? Every time i attack myself fortress doesn't ban me? Perhaps there is an error in fortress.htm, is it normal that there are no

Code:

</body> </html>

tags? My fortress file is here: www.nukecommunity.com/fortress.htm

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

Its ok that the end tags aren't there. They will never be because it'll be open to a continual append. However, read my reply in the news article to you.

Posted: Sun May 23, 2004 12:43 pm

Zhen-Xjell wrote:

Did you create the htm file or did you copy/paste it from the php file footer? Also, its not a good idea to include navtap in the beginning, you might want to move that down.

I did a copy from the footer, so here is my fortress.htm content:

Code:

<HTML><HEAD><TITLE>Fortress(TM) Alerts</TITLE></HEAD><style type="text/css">.ccops{ color : #FFFFFF; font-size : 10pt; font-family : Arial, Helvetica; }.fortress{ color : #000000; font-size : 10pt; font-family : Helvetica, Arial; }</STYLE><BODY><H2>Fortress(TM) Alerts by Computer Cops - Energized by BanOnDemand(SM)</H2><A HREF="http://computercops.biz">ComputerCops</a>: Global Security Solutions <A HREF="http://fortress.cc">Fortress(TM)</a>: PHP CMS Security </H2>Server: Spreadsheet: <A HREF="/fortress.csv">fortress.csv</A><TABLE cellpadding=1 cellspacing=1 bgcolor="navy" width=100%><TR><TD>TIMESTAMP</TD><TD>SUSPECT USERNAME</TD><TD>REMOTE IP ADDRESS</TD><TD>REMOTE PORT</TD><TD>REMOTE USER-AGENTS</TD><TD>REMOTE HOSTNAME</TD><TD>SUSPECT AUTHOR</TD><TD>REFERING SITE</TD><TD>METHOD OF ATTACK</TD><TD>URL USED FOR DELIVERY</TD></TR>

and here is the .csv code:

Code:

TIMESTAMP,SUSPECT USERNAME,REMOTE IP ADDRESS,REMOTE PORT,REMOTE USER-AGENTS,REMOTE HOSTNAME,SUSPECT AUTHOR,REFERING SITE,METHOD OF ATTACK,URL USED TO DELIVERY

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

Ok but you got the email alert right? Ensure your webserver can WRITE to the csv and htm files.

Posted: Sun May 23, 2004 12:44 pm

i also removed the navtap code, man i must be really stupid still nothing ...

Posted: Sun May 23, 2004 12:51 pm

Zhen-Xjell wrote:

Ok but you got the email alert right? Ensure your webserver can WRITE to the csv and htm files.

woohoo thx a lot, you are great, i had not made the file writable Wink

now everything works fine Very Happy

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

No need to remove navtap, just move it down down down in mainfile.php. Also, feel free to jump in and help me help others. I take it'll take a little time for everyone to come up to speed with the installation and use.

Nuke Soldier Joined: Aug 01, 2003 Posts: 17

So chmod the csv file to 666 ?

Thinks are looking ok my way. Thanks for the new release.

Nuke Soldier Joined: Aug 01, 2003 Posts: 17

Yep that did it.

It works, I banned myself. Razz

Nuke Cadet Joined: Dec 26, 2003 Posts: 7

So what do we do when its not sending email or baning? All it does is send me back to the index.

I have giving premission to the two fiels. Checked the config, there is an email address in there.

Nuke Soldier Joined: Aug 01, 2003 Posts: 17

Mine is banning but not sending an email.

Anyone else have same prob ?

Also regarding the fortress.htm just wondering how everyone is using that. Is there a way so I can be the only one to see it?

Posted: Sun May 23, 2004 2:35 pm

@fyrfight
You can add fortress.htm & fortress.csv to a directory and password protect the directory.

(ie) Fortress (folder name that's password protective), add the two files, then edit the following two lines in fortress.php....

$fortfile = "fortress.csv"; // Change this to the full path and filename you want alerts logged to.
$forthtml = "fortress.htm"; // Change this to the full path and filename you want alerts in HTML format.

to something like this.....
$fortfile = "Fortress/fortress.csv"; // Change this to the full path and filename you want alerts logged to.
$forthtml = "Fortress/fortress.htm"; // Change this to the full path and filename you want alerts in HTML format.

I'm still playing around with the script to see what's going on with the email.