Sub Menu
Links Menu
Online Users

In total there are 316 users online :: 3 registered, 0 hidden and 313 guests

Most users ever online was 1091 on Wed Aug 16, 2023 5:27 pm

Registered users: Bing [Bot], Google [Bot], Majestic-12 [Bot] based on users active over the past 60 minutes

CrackerTracker Exploit False Positives

Support for IntegraMOD 141

Moderator: Integra Moderator

PostAuthor: varagon » Mon Dec 24, 2007 11:46 pm

When changing or adding banners I get this problem.

It's a new install, so I might have more problems.

Where is this "patch" for all the problems on cbtracker at?

Thanks!
Last edited by varagon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

varagon
Members
Members
 
Posts: 46
Likes: 0 post
Liked in: 0 post
Joined: Fri Aug 25, 2006 7:42 am
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Tue Dec 25, 2007 8:29 am

The latest down load has the patches included. On a new install you will need to debug. Follow the directions in the first post, then post the logged info if you need a hand.
Last edited by CaNNon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00

PostAuthor: varagon » Tue Dec 25, 2007 9:37 pm

Hi again. I changed the admin banner file as described in the logmanager debug entry, posted below, but still get the same pink debug window.

"debug log manager" wrote:++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /admin/admin_banner.php
----------------

Request-Method: POST

Matching rule: or
In variable: banner_de.scription
In variable: banner_comment

Possible solution:
------------------

#
#-----[ OPEN ]------------------------------------------
#
/admin/admin_banner.php

#
#-----[ FIND ]------------------------------------------
#
require('./pagestart.' . $phpEx);

#
#-----[ AFTER, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('banner_de.scription','banner_comment');

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM


Any more suggestsion?

I didn't quite understand the last page (3) of the linked post on debugging the files... quoted here:
http://www.integramod.com/forum/kb.php? ... =3&start=0

"Teelk Date 17 Jan 2007 10:45 am" wrote:After changing the relevant file, change the Debug Mode in the ctracker/engines/ct_security.php from "true" to "false", so that there's no message in the header anymore.

If a php file requires "define('CT_SECLEVEL','MEDIUM');" code to be inserted in a file that has already been edited with CrackerTracker code, then you may need to edit the insert as follows:

This is how NOT to do it: (this is only an example)

define('CT_SECLEVEL','MEDIUM');
$ct_ignorepvar = array('message')
define('CT_SECLEVEL','MEDIUM');
$ct_ignorepvar = array('welcome_text')

This code would be correct:

define('CT_SECLEVEL','MEDIUM');
$ct_ignorepvar = array('message','welcome_text')


Happy Christmas, eh? <img>

Thanks a lot, again!
Last edited by varagon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

varagon
Members
Members
 
Posts: 46
Likes: 0 post
Liked in: 0 post
Joined: Fri Aug 25, 2006 7:42 am
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Tue Dec 25, 2007 11:13 pm

Code: Select all
define('CT_SECLEVEL', 'LOW');$ct_ignorepvar = array('banner_de.scription','banner_comment');


You can try this but I've never had to us a fix on that file, give it a bit though some one may have a answer.

The part your not understanding is syntax examples of proper and improper formating of the command and some examples. It's handy to understand that when you have to apply more that one fix to the same file.
Last edited by CaNNon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: MWE_001 » Sat Jan 19, 2008 3:18 pm

So here is the million dollar question..... What do we do when we have done all the debugs that CTracker tells us too and no matter what we do, it STILL tells us to kiss it's A**?

Love having CTracker, but dam. lol Even it dont know all the answers but blocks them everything anyhow.

And I would say what it is doing it on, but there is so many things. Arcade, Classified ads, etc etc etc etc. Most of all Alerts that came up have been debugged but there are still some as I stated that no fix is to be had no matter what. This kind of shafts us out of creating a website to suit our needs if we have to do without and just go with a palin jane install. BORING!!!!! <img>

If anyone IS interested, it is as stated the activity mod on certain games And adding categories in classified ads mod.
Last edited by MWE_001 on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
MWE_001
Sr Integra Member
Sr Integra Member
 
Posts: 1265
Likes: 0 post
Liked in: 0 post
Images: 12
Joined: Fri Apr 21, 2006 6:59 pm
Cash on hand: 0.00
Location: Illinois

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Sat Jan 19, 2008 6:23 pm

I don't have stuff installed did you save the debug log?
Last edited by CaNNon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: MWE_001 » Sat Jan 19, 2008 6:44 pm

Yeah....as a matter of fact I do have.

This one worked for classified ads

Code: Select all
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename]------------------------------------------#/ads_create.php  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('submit','additional_info');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM


Now I can create ads

This debug did not work

Code: Select all
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename]------------------------------------------#/admin/admin_ads_categories.php  ##-----[ FIND ]------------------------------------------#require('./pagestart.' . $phpEx);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('submit','category');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM


So now I can create ads and I have got to create SOME categories and sub categories. But others I try to create, it just wont let me.

*Edit*
Ok just for sh*ts and giggles, The category I was Creating was Merchandise For Sale I couldnt help but notice in the debug, the word OR So I changed the word For to Fer and Ctracker did NOT go off and I was able to create the category. <img> BUT I created another category with the word memorials and Cracker Tracker was never set off. Now Im scratching my Chin
Last edited by MWE_001 on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
MWE_001
Sr Integra Member
Sr Integra Member
 
Posts: 1265
Likes: 0 post
Liked in: 0 post
Images: 12
Joined: Fri Apr 21, 2006 6:59 pm
Cash on hand: 0.00
Location: Illinois

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Sun Jan 20, 2008 9:22 am

Have to set it to LOW yet? That could help with stuff inside the fields.
Last edited by CaNNon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: MWE_001 » Sun Jan 20, 2008 11:49 am

Yep. I tried Low as well. I finally just ended up renaming the ctracker folder to -ctracker and set my ads up and adjusted some more stuff while I was at it.

Too bad i had to cheat the system, but had to get things in order. Im still playing with it though trying to find a fix.
Last edited by MWE_001 on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
MWE_001
Sr Integra Member
Sr Integra Member
 
Posts: 1265
Likes: 0 post
Liked in: 0 post
Images: 12
Joined: Fri Apr 21, 2006 6:59 pm
Cash on hand: 0.00
Location: Illinois

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Sun Jan 20, 2008 8:29 pm

Cheating the system no way, you just did a creative repair! <img>
Last edited by CaNNon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: MWE_001 » Sun Jan 20, 2008 11:09 pm

[quote=""CaNNon";p="30557""]Cheating the system no way, you just did a creative repair! :wink: For sure. I still have some more to go though that I cant do a "creative repair" on. Like some of the games going off in cracker tracker for activity mod.
Last edited by MWE_001 on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
MWE_001
Sr Integra Member
Sr Integra Member
 
Posts: 1265
Likes: 0 post
Liked in: 0 post
Images: 12
Joined: Fri Apr 21, 2006 6:59 pm
Cash on hand: 0.00
Location: Illinois

Re: CrackerTracker Exploit False Positives

PostAuthor: MWE_001 » Mon Jan 21, 2008 10:50 pm

And the following debug info worked for the Vault Mod

Code: Select all
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename]------------------------------------------#/admin/admin_qbar.php  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('explain');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /admin/admin_vault_exchange.php----------------  Request-Method: POST  Matching rule: 'In variable:   stock_desc  Possible solution:------------------  ##-----[ OPEN ]------------------------------------------#/admin/admin_vault_exchange.php  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('stock_desc');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM  
Last edited by MWE_001 on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
MWE_001
Sr Integra Member
Sr Integra Member
 
Posts: 1265
Likes: 0 post
Liked in: 0 post
Images: 12
Joined: Fri Apr 21, 2006 6:59 pm
Cash on hand: 0.00
Location: Illinois

Re: CrackerTracker Exploit False Positives

PostAuthor: spaniel » Tue Feb 05, 2008 10:50 pm

"atomhead";p="22144" wrote:
Code: Select all
##-----[ OPEN ]------------------------------------------#/forums/kb.php  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('article_desc','message');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM  


False positive.. applying this fix doesn't get rid of it. Error is when trying to add a KB article.



Can I ask, did you try setting the CT_SECLEVEL to 'LOW' instead of 'MEDIUM' and did it solve the problem?

Strange thing is, KB lets me post articles but one of my users said he got locked out by Ctracker when he tried.
Last edited by spaniel on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

spaniel
Sr Integra Member
Sr Integra Member
 
Posts: 220
Likes: 0 post
Liked in: 0 post
Joined: Wed Apr 26, 2006 3:29 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: meijin » Sun Feb 24, 2008 10:44 pm

In trying to add a new acronym to the list, I got a false positive....corrected with the following:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /im4/admin/admin_acronyms.php
----------------

Request-Method: POST

Matching rule: or
In variable: de.scription

Possible solution:
------------------

#
#-----[ OPEN ]------------------------------------------
#
/im4/admin/admin_acronyms.php

#
#-----[ FIND ]------------------------------------------
#
define('IN_PHPBB', 1);

#
#-----[ AFTER, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('de.scription');

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM


Followed the referenced KB article and it worked like a charm.

I hope I posted this correctly and that it helps someone out.

Michael
Last edited by meijin on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Michael
User avatar
meijin
Members
Members
 
Posts: 62
Likes: 0 post
Liked in: 0 post
Joined: Fri Feb 22, 2008 1:16 am
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: CaNNon » Sun Feb 24, 2008 11:25 pm

I think we have a new record! Whats it like 12 hours from almost giving up to his first bit of helping others.

NICE! <img>
Last edited by CaNNon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00

PreviousNext

Return to IntegraMOD 141

Who is online

Registered users: Bing [Bot], Google [Bot], Majestic-12 [Bot]

cron