Page 5 of 12
Re: CrackerTracker Exploit False Positives
Posted:
Mon Mar 19, 2007 10:02 am
Author: eivind
Hello.......
I also think about to reupload my 1.4.0 version. I am going mad of all this fake warnings, debug and so on. I realy like integramod so i hope the folks here at integrmod find a solution of this problem soon.... I also know that security is very important and it is a lot of people that like to destroy other's work.......
eivind
Posted:
Tue Mar 20, 2007 12:28 am
Author: odius
there's an easy way mentioned on this site somewhere that says how to quick and easily disable ctracker, quit bitchin lol, these guys put a lotta work in, appreciate what they've tried to do at least which is to offer the best they could
http://www.integramod.com/forum/viewtop ... ctrack+fix
Re: CrackerTracker Exploit False Positives
Posted:
Tue Mar 20, 2007 12:36 am
Author: eivind
We appreciate the work very mutch, but we also have be alowed to say what we meen about things.
<img>
Re: CrackerTracker Exploit False Positives
Posted:
Tue Mar 20, 2007 12:45 am
Author: odius
I think this forum is just for debug, no offense or anythin, first post says
"NOTE: Please do not post support questions in this thread, it is only for CT Debug info."
[hr:178dld48]
when editing a photo album catagory from admin panel, (album > catagory > edit) the 'view level' and 'parent catagory'
error and this debug fix which does NOT work.
turned the setting to LOW as a work aroundScript-Filename: /admin/admin_album_cat.php
----------------
Request-Method: POST
Possible solution:
------------------
#
#-----[ OPEN ]------------------------------------------
#
/admin/admin_album_cat.php
#
#-----[ FIND ]------------------------------------------
#
require('./pagestart.' . $phpEx);
#
#-----[ AFTER, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('');
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
[hr:178dld48]
Making a new album folder in user's personal album returns the red flag,
had to turn this to LOW aswellScript-Filename: /album_personal_cat_admin.php
----------------
Request-Method: POST
Matching rule: create
In variable: addcategory
Possible solution:
------------------
#
#-----[ OPEN ]------------------------------------------
#
/album_personal_cat_admin.php
#
#-----[ FIND ]------------------------------------------
#
define('IN_PHPBB', 1);
#
#-----[ AFTER, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('addcategory');
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
Re: CrackerTracker Exploit False Positives
Posted:
Wed Mar 21, 2007 1:48 pm
Author: .QUACK.Major.Pain
I have found also that the debug doesn't fix the problem.
You may have to do like I have for many of the debugs I had and change the security from MEDIUM to LOW.
This has fixed it for me and allowed me to edit my forum as needed. You can then later go back when your done editting and change the security back to MEDIUM.
If problem still continues like I had with uploading photos to the album, I left security at LOW and haven't had a problem since.
Re: CrackerTracker Exploit False Positives
Posted:
Fri Mar 23, 2007 7:46 am
Author: JohnnyTheOne
and the following
Script-Filename: /home/portal.php
----------------
Request-Method: GET
Possible solution:
------------------
#
#-----[ OPEN ]------------------------------------------
#
/home/portal.php
#
#-----[ FIND ]------------------------------------------
#
define('IN_PHPBB', 1);
#
#-----[ AFTER, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignoregvar = array('');
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
Re: CrackerTracker Exploit False Positives
Posted:
Sun Mar 25, 2007 7:20 am
Author: melamkish
Trying to add KB category.
Script-Filename: admin/admin_kb_cat.php
----------------
Request-Method: POST
Matching rule: and
In variable: submit
Possible solution:
------------------
#
#-----[ OPEN ]------------------------------------------
#
/admin/admin_kb_cat.php
#
#-----[ FIND ]------------------------------------------
#
define('IN_PHPBB', 1);
#
#-----[ AFTER, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('submit');
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
And another one
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /admin/admin_kb_cat.php
----------------
Request-Method: POST
Matching rule: and
In variable: catdesc
Possible solution:
------------------
#
#-----[ OPEN ]------------------------------------------
#
/admin/admin_kb_cat.php
#
#-----[ FIND ]------------------------------------------
#
define('IN_PHPBB', 1);
#
#-----[ AFTER, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('catdesc');
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
Re: CrackerTracker Exploit False Positives
Posted:
Sun Mar 25, 2007 10:47 am
Author: Jerkie
This is all just too rediculous, I haven't seen any mention of Downloads yet, this is my biggest problem, I can't add downloads or change categories or ANYTHING, I too think I will be deleting the whole 1.4.1 and going back to 1.4.0 this 1.4.1, just shouldn't have been released yet.. I get the dreaded Pink box with EVERYTHING I DO, I have added about ALL the fixes / patches found here and it still sucks... down with cTracker..... for now. <img>
Re: CrackerTracker Exploit False Positives
Posted:
Sun Mar 25, 2007 2:11 pm
Author: .QUACK.Major.Pain
Holy crap!!! That's a crappy attitude. How much you pay for 141??? You should be appreciative that it's offered at no charge. Your taking the wrong road with this. You have to consider us all as Beta testers. If we didn't report the problems, they would never get fixed. Maybe you should go back to 140 and come back and download 141 when they release 142. I have to say that this group guys (and gals if any) do a hell of a job assistting everyone with their problems. They are quick to respond and generally help you fix things within days. I've never come across people who assist you 24/7 as quick as they do.
Disappointing to see you bite of the hand that gives you a hand out. These things are a work in progress. Theirs a time when it's felt all the bugs have been worked out and a product is good to go for release. At times errors do come up. Sometimes few, sometimes many.
Stick around and be part of a team working together to perfect a great thiing.
Re: CrackerTracker Exploit False Positives
Posted:
Sun Mar 25, 2007 6:37 pm
Author: melamkish
I agree. I waited patiently for this version which runs on PHP5 so I could use it. Though I only know the basics of PHP I have dug in to help. Love this version, and my hats off to the team for all the hard work. <img>
Setting up my photo album here is what I have so far.
Album Categories fix
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /admin/admin_album_cat.php
----------------
Request-Method: POST
Matching rule: create
In variable: submit
Matching rule: or
In variable: cat_desc
Matching rule: and
In variable: cat_title
Possible solution:
------------------
#
#-----[ OPEN ]------------------------------------------
#
/admin/admin_album_cat.php
#
#-----[ FIND ]------------------------------------------
#
define('IN_PHPBB', 1);
#
#-----[ AFTER, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('submit','cat_desc','cat_title');
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
Album upload
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /album_upload.php
----------------
Request-Method: POST
Matching rule: or
In variable: pic_desc
Matching rule: and
In variable: pic_desc
Matching rule: "
In variable: pic_desc
Matching rule: ls
In variable: pic_desc
Matching rule: '
In variable: pic_title
Possible solution:
------------------
#
#-----[ OPEN ]------------------------------------------
#
/album_upload.php
#
#-----[ FIND ]------------------------------------------
#
define('IN_PHPBB', 1);
#
#-----[ AFTER, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('pic_desc','pic_title');
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
Album edit
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /album_edit.php
(sorry, didn't copy the matching rule part)
----------------
Possible solution:
------------------
#
#-----[ OPEN ]------------------------------------------
#
/album_edit.php
#
#-----[ FIND ]------------------------------------------
#
define('IN_PHPBB', 1);
#
#-----[ AFTER, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('pic_desc');
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
Re: CrackerTracker Exploit False Positives
Posted:
Mon Mar 26, 2007 10:13 am
Author: melamkish
Download fixes
There are a couple of fixes I did before I started copying each CT suggested fix. A couple may not have the failure mode, but the fix is included.
Setting the database name
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /admin/admin_pa_file.php
----------------
Request-Method: POST
Matching rule: or
In variable: short_desc
Matching rule: and
In variable: long_desc
/admin/admin_pa_settings.php
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('settings_dbname');
Possible solution:
------------------
#
#-----[ OPEN ]------------------------------------------
#
/admin/admin_pa_file.php
#
#-----[ FIND ]------------------------------------------
#
define('IN_PHPBB', 1);
#
#-----[ AFTER, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('short_desc','long_desc');
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
Add Categories
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /admin/admin_pa_category.php
----------------
Possible solution:
------------------
#
#-----[ OPEN ]------------------------------------------
#
/admin/admin_pa_category.php
#
#-----[ FIND ]------------------------------------------
#
define('IN_PHPBB', 1);
#
#-----[ AFTER, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('addcategory');
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
Download de.scriptions
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /LOTL/admin/admin_pa_file.php
----------------
Request-Method: POST
Matching rule: or
In variable: short_desc
Matching rule: and
In variable: long_desc
/admin/admin_pa_settings.php
Possible solution:
------------------
#
#-----[ OPEN ]------------------------------------------
#
/LOTL/admin/admin_pa_file.php
#
#-----[ FIND ]------------------------------------------
#
define('IN_PHPBB', 1);
#
#-----[ AFTER, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('short_desc','long_desc');
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
Add download license
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /LOTL/admin/admin_pa_license.php
----------------
Request-Method: POST
Matching rule: create
In variable: form
Matching rule: or
In variable: form
Matching rule: and
In variable: form
Matching rule: load
In variable: form
Possible solution:
------------------
#
#-----[ OPEN ]------------------------------------------
#
/LOTL/admin/admin_pa_license.php
#
#-----[ FIND ]------------------------------------------
#
define('IN_PHPBB', 1);
#
#-----[ AFTER, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('form');
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
This is getting to be addictive <img>
Re: CrackerTracker Exploit False Positives
Posted:
Fri Mar 30, 2007 9:46 am
Author: mRvMan
So Ctracker is a little "paranoid" and gives you a few delays in getting things working just the way you want them...
As with ANY process, plan, software, idea, concept, etc, that involves the protection, prevention and anticipation of some sort of attack, violation, hack...the idea is to start with maximum security, as it were and set those things you wish to allow.
In essence you can consider yourself to be "teaching" CTracker how best to serve your board.
How long did it take you to learn to configure a board? It took some amount of time and effort - and there were mistakes made along the way.
Still, you learned from that, gained wisdom.
So now, you impart that onto CTracker.
And as was already stated here: IMod is a work in progress, ever evolving and improving with the help of us, its users.
If you feel you just "cannot wait.." then consider paying for a "finished product".
But when you do, remember, even they are consistently updating their product. Only now you will have paid money, on top of your time and effort.
Of all the different manifestations and "flavors" of php-based boards and forums, IMod is hands down by far the best one, with little "extra fat" - all of its mods have purpose and utility.
Though this is just my opinion, it is based on my humble experience of installing boards and forums since 1996.
Lastly, the more we all contribute to its improvement, bug-fixes, etc, the sooner we will all enjoy of one hell of a board <img>
Re: CrackerTracker Exploit False Positives
Posted:
Fri Mar 30, 2007 1:55 pm
Author: odius
outta no where (that i know of) ctrack is now stoppin me from adding a new portal page, which i did fine before. all i can think of is that maybe cuz there's more than one user on my site now (a guest).. dont know what else could be different
this is weird cuz im addin a portal page, not a photo album.. also it says set to medium but it's already set to low, and I just got past the block by adding the page with only one word name "lipid" cuz anything else like "lipid peroxidation" with or without being followed by " - free radical" is blocked
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /album_personal_cat_admin.php
----------------
Request-Method: POST
Matching rule: create
In variable: addcategory
Possible solution:
------------------
#
#-----[ OPEN ]------------------------------------------
#
/album_personal_cat_admin.php
#
#-----[ FIND ]------------------------------------------
#
define('IN_PHPBB', 1);
#
#-----[ AFTER, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('addcategory');
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
Re: CrackerTracker Exploit False Positives
Posted:
Thu Apr 12, 2007 2:42 pm
Author: JohnnyTheOne
and the following
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /home/calendar_scheduler.php
----------------
Request-Method: GET
Possible solution:
------------------
#
#-----[ OPEN ]------------------------------------------
#
/home/calendar_scheduler.php
#
#-----[ FIND ]------------------------------------------
#
define('IN_PHPBB', 1);
#
#-----[ AFTER, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignoregvar = array('');
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
Re: CrackerTracker Exploit False Positives
Posted:
Tue Apr 17, 2007 12:35 am
Author: geoff1
One for deleting download categories
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /forums/admin/admin_pa_category.php
----------------
Request-Method: POST
Matching rule: delete
In variable: submit
Possible solution:
------------------
#
#-----[ OPEN ]------------------------------------------
#
/forums/admin/admin_pa_category.php
#
#-----[ FIND ]------------------------------------------
#
define('IN_PHPBB', 1);
#
#-----[ AFTER, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('submit');
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
Be warned tho, although it does work properly it gives this error after you've deleted the category:
Warning: Invalid argument supplied for foreach() in /home/sfiregi/public_html/forums/pafiledb/includes/functions_pafiledb.php on line 1365
I'll ask about this in a new topic <img> The link to it is:
http://www.integramod.com/forum/viewtop ... 4114#24114