Re: CrackerTracker Exploit False Positives
Posted: Thu May 28, 2009 10:10 amerror
IntegraMOD
Home of phpBB Integrated Modifications
https://integramod.com/forum/
CrackerTracker Exploit False Positives
Page 12 of 12
Posted: Thu May 28, 2009 10:10 amRe: CrackerTracker Exploit False Positives
Posted: Thu Aug 19, 2010 4:36 amCan somebody remind me how to activate the debug mode.
Re: CrackerTracker Exploit False Positives
Posted: Thu Aug 19, 2010 4:44 amTry this KB post, if you still need help post back. <img>
[url=http]http://www.integramod.com/forum/knowledge/kb_show.php?id=12[/url]
[url=http]http://www.integramod.com/forum/knowledge/kb_show.php?id=12[/url]
Re: CrackerTracker Exploit False Positives
Posted: Wed Sep 15, 2010 8:50 pmcanot find said line in said file, CT error when trying to optmize DB
"include($phpbb_root_path . 'common.'.$phpEx);"
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /xxx/admin/admin_db_utilities.php
----------------
Attack-Time: 15.09.2010 23:47 pm
------------
Request-Method: POST
Matching rule: _server
In variable: selected_tbl
Matching rule: _server
In variable: selected_tbl
Possible solution:
------------------
#
#-----[ OPEN ]------------------------------------------
#
/xxx/admin/admin_db_utilities.php
#
#-----[ FIND ]------------------------------------------
#
include($phpbb_root_path . 'common.'.$phpEx);
#
#-----[ BEFORE, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('selected_tbl');
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
Typical fix works,
#-----[ FIND ]------------------------------------------
#
define('IN_PHPBB', 1);
#
#-----[ AFTER, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignoregvar = array('this_query');
#
#-----[ SAVE/CLOSE ALL FILES ]----------------------------------------- -
#
# EoM
"include($phpbb_root_path . 'common.'.$phpEx);"
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /xxx/admin/admin_db_utilities.php
----------------
Attack-Time: 15.09.2010 23:47 pm
------------
Request-Method: POST
Matching rule: _server
In variable: selected_tbl
Matching rule: _server
In variable: selected_tbl
Possible solution:
------------------
#
#-----[ OPEN ]------------------------------------------
#
/xxx/admin/admin_db_utilities.php
#
#-----[ FIND ]------------------------------------------
#
include($phpbb_root_path . 'common.'.$phpEx);
#
#-----[ BEFORE, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('selected_tbl');
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
Typical fix works,
#-----[ FIND ]------------------------------------------
#
define('IN_PHPBB', 1);
#
#-----[ AFTER, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignoregvar = array('this_query');
#
#-----[ SAVE/CLOSE ALL FILES ]----------------------------------------- -
#
# EoM
Re: CrackerTracker Exploit False Positives
Posted: Thu Sep 16, 2010 1:11 amFIND
AFTER, ADD
- Code: Select all
define('IN_PHPBB', 1);
AFTER, ADD
- Code: Select all
define('CT_SECLEVEL', 'LOW');$ct_ignorepvar = array('selected_tbl');
Re: CrackerTracker Exploit False Positives
Posted: Thu Sep 16, 2010 6:36 amYep the old goto code strikes again <img>
Any tips for random folks getting CT blocked doing the required profile updates, yet some are fine. Age of account seems to make no matter.
I had no problem.
Any tips for random folks getting CT blocked doing the required profile updates, yet some are fine. Age of account seems to make no matter.
I had no problem.
Re: CrackerTracker Exploit False Positives
Posted: Thu Sep 16, 2010 12:59 pmyou should be able to look through the CTracker logs to find the blocked functions.