Beta Fortress(TM) 1.20 Released

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

Oh sorry, I was working on my Googletap news article and was in two different worlds. Wink

I don't know how your apache is set to run, but in general terms, so long as apache has READ and WRITE permissions to both the CSV and HTM files all will be well.

If apache even has the permission to create the files, then you have nothing to worry about. If not, then use the info at the end of the PHP file to create the two and adjust settings as stated above.

Corporal Joined: Jan 17, 2003 Posts: 58

I pulled Raven's admin hackalert and now I receive the email, info is added to the csv but not the htm file. I am of course blocked and see the Banned by C-Like.

Now all I have to do is straighten out the htm permissions.

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

OK, perfect. Which site is this for?

You can edit the csv manually and remove the line that has you listed.

Private Joined: Mar 25, 2003 Posts: 38

After applying latest union + fortress to nuke 7.0 it starting adding my god admin name to all new registered members names. After logging out of admin it was then impossible to log back in causing a sort of admin loop and access denied messages...

After 2 years of constant battling with nuke, from major bugs to constant server attacks, and many many reinstalls, this is the last straw.. Phpnuke has never been and IMHO never will be a commercial applicable solution for a site which has a significant amount of members and traffic no matter how much hacking you do.. I have had enough and I will be removing all traces of nuke as soon as humanly possible.

Good luck to the rest of you guys and gals playing around with nuke, I hope you have better luck than I have had.

Best of luck..

PS. Those of you professional programmers who provide support here or doing the security fixes i would suggest seriously getting together a rewriting somthing from scratch, just do yourselves a favor and don't make it opensource and sell copies for money. After all it is quite an excellent CMS just poorly constructed..

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

Not sure what happened but this clearly sounds like an improper installation or modification.

Private Joined: Mar 25, 2003 Posts: 38

I had a feeling you might say that lol It's not as if it's a tricky mod but anyway I don't really want to get into it..

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

No worries... at least you tried.

Posted: Tue May 25, 2004 3:15 pm

Installed fortress, clicked one link on my homepage....I'm instantly banned. Have removed the csv file and I'm STILL banned.

How do I remove the ban and stop this from banning folks for just clicking links?

Posted: Tue May 25, 2004 4:28 pm

Well, crisis adverted. Here's the link I clicked. It's in a center block I created for my site. I was banned because of bad tags

http://www.brainsmashr.com/modules.php?name=Top_Users

It also banned a buddy of mine for the same reason, but he says he really doesn't know what he clicked.

Any ideas how to resolve this issue?

Posted: Thu May 27, 2004 3:26 am

So what's the word on this?

Will the same errors happend when/if I put fortress into my CPGNuke this afternoon?

Posted: Thu May 27, 2004 4:03 am

Hello,

Let me see if I get this right, you are banned from your website because of a link you clicked. Now you are posting that same link for someone else to click and get banned.. am I correct? Laughing

What codes do you have in Top Users? Remember the following code was added to mainfile.php via fortress....

Code fortress added to mainfile.php.......

foreach ($HTTP_GET_VARS as $secvalue) { // Current code
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) || // Current code
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) || // Current code
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) || // Current code
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) || // Current code
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) || // Current code
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) || // Current code
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) || // Current code
(eregi("<[^>]*img*\"?[^>]*>", $secvalue)) || // Current code
(eregi("\"", $secvalue))) { // Current code
# die ("The html tags you attempted to use are not allowed"); // Current code but either delete or comment out
$method = "BAD-TAGS"; // Add this line
$matches[1] = "BAD-TAGS"; // Add this line
AlertMail($method); // Add this line
AlertLog($method); // Add this line
} // Current code
}

Therefore you will get banned. You can either comment this code out or remove the tags you have within your Top User module.

To unban yourself you must remove the information from fortress.csv & fortress.htm file.

Posted: Thu May 27, 2004 9:01 am

Well, this was just one of a few errors I encountered that made me decide to dump pnpNuke and go with CPGNuke.
As of right now, fortress isn't installed, nor is that link or module on my current site.

The question is, why is that link considered bad? Cuz I REALLY don't know another way to do that. I mean that's exactly how the link is in the modules block......and will I have the same problems if i use fortress with CPGNuke?

BTW, checked out your site one day......did you have to buy that dating module or is that offered on the net for free somewhere? Been hunting something like that for ages!!!!!

Posted: Fri May 28, 2004 5:49 pm

@BrainSmashR
The dating script is offered for free. I added a link to the script in the chit chat section with instruction on how to utilize it with phpnuke to keep users from registering twice.

The topic in the chit chat section is php match maker.

Corporal Joined: Jan 17, 2003 Posts: 58

Our friends from Brazil visited one of my high profile sites last night:

Timestamp: Monday 31st of May 2004 01:35:54 AM
Logtime: 1085985354
Attack: UNION
Query: name=Web_Links&l_op=viewlink&cid=2 UNION select counter, pwd, aid FROM nuke_authors
Raw Query: name=Web_Links&l_op=viewlink&cid=2%20UNION%20select%20counter,%20pwd,%20aid%20FROM%20nuke_authors%20
Method: http://www.mysite.com/modules.php?name=Web_Links&l_op=viewlink&cid=2 UNION select counter, pwd, aid FROM nuke_authors
Raw Method: http://www.mysite.com/modules.php?name=Web_Links&l_op=viewlink&cid=2%20UNION%20select%20counter,%20pwd,%20aid%20FROM%20nuke_authors%20
Suspect Host: SHASTA162220.ig.com.br
Suspect IP: 200.151.162.220
Remote Port: 3587
Suspect Agents: Microsoft URL Control - 6.00.8862

Stopped em dead in their tracks, I then blocked their whole IP range. Thanks to Fortress I'm not wasting my day off fixing my site.

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

For future reference, it might be best to use "http://example.com" since it is a reserved real domain name.