Sub Menu
Links Menu
Online Users

In total there are 305 users online :: 4 registered, 0 hidden and 301 guests

Most users ever online was 1091 on Wed Aug 16, 2023 5:27 pm

Registered users: Bing [Bot], Google [Bot], Helter, Majestic-12 [Bot] based on users active over the past 60 minutes

Cracker Tracker MANY Mods

General discussion of anything. Discuss a topic in and out of IntegraMOD

Moderator: Integra Moderator

Cracker Tracker MANY Mods

PostAuthor: MWE_001 » Tue Mar 04, 2008 12:17 pm

I have a test site set up and I just began working on another site for using ADR and all that goes with it.

Along my travels, and all of my Cracker Tracker debugging, I have learned 1 very important thing. In all of the mods that I have installed that allows a person to type in a de.scription, if one uses the words

or
id
AND

'

cracker tracker will go off even if the ignore is set to LOW. I have been on this since the wee hours of this morn and no matter how hard I try, I can not get past the words I have posted.

For example, the word for will set off ctracker because of the OR in the word. The word Said will set it off as well because it has the letters ID in order.

How in the hell can we get away with using every day words without getting whipped by cracker tracker? Im sure ctracker has key words or letters in its db to look for but dam, so far all of the adr stuff I have installed is junk. WIthout a de.scription of items and such, the mod is completely useless.

Now Im not one to go and disable security, so I'll leave it be with hours of work down the drain until this can get figured out.

and like I said, it is with MANY mods including

Classified ads
ADR
Most ADR addons
Complete banners
Pafiledb

etc etc etc

Her is my log files. And you will notice the matching rules got shorter as I removed and reworded things in the character de.scription.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /adr_character.php
----------------

Attack-Time: 04.03.2008 14:46 pm
------------

Request-Method: POST

Matching rule: or
In variable: bio

Matching rule: and
In variable: bio

Matching rule: id
In variable: bio

Matching rule: '
In variable: bio

Possible solution:
------------------

#
#-----[ OPEN ]------------------------------------------
#
/adr_character.php

#
#-----[ FIND ]------------------------------------------
#
include($phpbb_root_path . 'common.'.$phpEx);

#
#-----[ BEFORE, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('bio');

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /adr_character.php
----------------

Attack-Time: 04.03.2008 14:58 pm
------------

Request-Method: POST

Matching rule: or
In variable: bio

Matching rule: id
In variable: bio

Possible solution:
------------------

#
#-----[ OPEN ]------------------------------------------
#
/adr_character.php

#
#-----[ FIND ]------------------------------------------
#
include($phpbb_root_path . 'common.'.$phpEx);

#
#-----[ BEFORE, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('bio');

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM


Im sure it is necessary for ctracker to be so picky to protect us, but at the same time, If we have to post a topic telling users what words they can and can not use, the list woud be endless. If we use contaractions and have to put a ' in there, off it goes. Anything with the letters OR or ID get used, off it goes. There goes 75-80% of the words we use every single day. Is there a way to fight this situation head on?

ANd yes for the record, I changed MEDIUM to LOW and it worked for the reroll button but not for de.scription

Thanks in advance for reading this and answering.
Last edited by MWE_001 on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
MWE_001
Sr Integra Member
Sr Integra Member
 
Posts: 1265
Likes: 0 post
Liked in: 0 post
Images: 12
Joined: Fri Apr 21, 2006 6:59 pm
Cash on hand: 0.00
Location: Illinois

Re: Cracker Tracker MANY Mods

PostAuthor: CaNNon » Tue Mar 04, 2008 2:28 pm

Im sure it is necessary for ctracker to be so picky to protect us


I'm not, most of the fields are safe in those cases any way?

Example:
welcome pm has the issues you describe, but if you just send a pm with the same words no issues. Well a pm is a pm and i just don't see the need for 2 different levels of protection.

Don't get me wrong I'm a CT fan and my logs show me why I should be every day.
Last edited by CaNNon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00


Return to General Discussion

Who is online

Registered users: Bing [Bot], Google [Bot], Helter, Majestic-12 [Bot]