Sub Menu
Links Menu
Online Users

In total there are 320 users online :: 3 registered, 0 hidden and 317 guests

Most users ever online was 1091 on Wed Aug 16, 2023 5:27 pm

Registered users: Bing [Bot], Google [Bot], Majestic-12 [Bot] based on users active over the past 60 minutes

CrackerTracker Exploit False Positives

Support for IntegraMOD 141

Moderator: Integra Moderator

CrackerTracker Exploit False Positives

PostAuthor: Teelk » Thu Jan 18, 2007 4:08 pm

Have you ever gotten this message while trying to do something you know you should be allowed to do?

[align=center]Image[/align]

There is a KB Article located here that will explain how to use the debug mode of CrackerTracker to detect the problem file and give you a solution.

This thread is for those that have already found their solution and want to share it with the rest of the community. So, feel free to share your CrackerTracker Debug Logs with everyone. All verified and validated False Positive fixes will be contained within this first post.

NOTE: Please do not post support questions in this thread, it is only for CT Debug info. If you are having a problem using the debug mod or have another CrackerTracker related question or problem, please start another thread or post in a thread with the same topic material.

Verified Fixes

Tell a Friend fix
OPEN tellafriend.php
FIND
Code: Select all
define('IN_PHPBB', true);
AFTER ADD
Code: Select all
define('CT_SECLEVEL', 'MEDIUM');


Occupation Fix (in profiles)
OPEN profile.php
FIND
Code: Select all
$ct_ignorepvar = array('helpbox','delete','deleteall','phpBBSecurity_question','user_interests');
REPLACE WITH
Code: Select all
$ct_ignorepvar = array('helpbox','delete','deleteall','phpBBSecurity_question','user_interests','user_occ');
Last edited by Teelk on Tue Jan 23, 2007 12:23 am, edited 1 time in total.
User avatar
Teelk
Dev Team
Dev Team
 
Posts: 1309
Likes: 0 post
Liked in: 0 post
Joined: Tue Mar 14, 2006 5:25 pm
Cash on hand: 0.00
Location: Canada

PostAuthor: ZacFields » Thu Jan 18, 2007 4:20 pm

When you click the "Tell a Friend" button, you'll get a CrackerTracker error. I have edited the instructions that CrackerTracker gave me to match what you'll actually have to do to fix this.


Open: tellafriend.php
FIND
Code: Select all
define('IN_PHPBB', true);

 
AFTER, ADD
Code: Select all
define('CT_SECLEVEL', 'MEDIUM');


Before it said to look for "define('IN_PHPBB', 1); but in IM 1.4.1 it is "define('IN_PHPBB', true);" so this code will fix the problem.

Zac
Last edited by ZacFields on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

ZacFields
Sr Integra Member
Sr Integra Member
 
Posts: 426
Likes: 0 post
Liked in: 0 post
Joined: Wed May 24, 2006 10:14 pm
Cash on hand: 0.00

PostAuthor: DDay629 » Thu Jan 25, 2007 11:54 pm

For anyone wanting an easy way to make these changes without using a single FTP program, just use the eXtreme Styles template editor. I have for instance created backups in both versions of ctracker/engines/ct_security.php

Hope this helps some of you guys.

DDay
Last edited by DDay629 on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

DDay629
Members
Members
 
Posts: 41
Likes: 0 post
Liked in: 0 post
Joined: Wed Jan 17, 2007 10:35 pm
Cash on hand: 0.00

PostAuthor: ZacFields » Fri Jan 26, 2007 10:09 am

One of my users was having trouble updating his information. Seems that the 'user_realname' parameter was causing the trouble. Here is the patch for it (I have altered it to work with the integramod code)
OPEN
/profile.php
##-----[ FIND ]------------------------------------------#
Code: Select all
$ct_ignorepvar = array('helpbox','delete','deleteall','phpBBSecurity_question','user_interests')

##-----[IN-LINE FIND]------------------------------------------#
Code: Select all
 'helpbox','delete','deleteall','phpBBSecurity_question','user_interests'

##-----[ IN-LINE, AFTER, ADD ]------------------------------------------#
Code: Select all
 ,'user_realname'

##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------##
EoM

The whole string of code will look like this after the patch:

$ct_ignorepvar = array
('helpbox','delete','deleteall','phpBBSecurity_question','user_interests','user_realname')

I think this is the right instructions that you'll need. Feel free to alter, it's just important to get the 'user_realname' parameter unblocked.

Zac
Last edited by ZacFields on Sat Jan 27, 2007 1:37 pm, edited 1 time in total.

ZacFields
Sr Integra Member
Sr Integra Member
 
Posts: 426
Likes: 0 post
Liked in: 0 post
Joined: Wed May 24, 2006 10:14 pm
Cash on hand: 0.00

PostAuthor: ZacFields » Fri Jan 26, 2007 2:02 pm

I couldn't edit anything in my ACP ==> Configuration area before adding this fix: (Altered to match integramod code)

OPEN
/admin/admin_board.php
-----[ FIND ]------------------------------------------
Code: Select all
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('cookie_name');

-----[ IN-LINE FIND]-----------------------------------------
Code: Select all
 'cookie_name'

-----[ IN-LINE AFTER, ADD]--------------------------------
Code: Select all
 ,'board_email_sig','board_disable_msg'

-----[ SAVE/CLOSE ALL FILES ]----------------------------
EoM


The whole string of code will look like this after the patch:

$ct_ignorepvar = array('cookie_name','board_email_sig','board_disable_msg');

Now as far as I can tell, I can change anything in the configuration section in the ACP.

Zac
Last edited by ZacFields on Sat Jan 27, 2007 1:36 pm, edited 1 time in total.

ZacFields
Sr Integra Member
Sr Integra Member
 
Posts: 426
Likes: 0 post
Liked in: 0 post
Joined: Wed May 24, 2006 10:14 pm
Cash on hand: 0.00

PostAuthor: ZacFields » Sat Jan 27, 2007 1:34 pm

To create a forum, there is one minor error that needs to be resolved. Very simple and SMALL problem but here is the patch for it (Altered to match IM code)

-----[ OPEN ]------------------------------------------
admin/admin_forums_extend.php
-----[ FIND ]------------------------------------------

Code: Select all
$ct_ignorepvar = array('create','delete','name','icon');

-----[ IN-LINE, FIND ]------------------------------------------

Code: Select all
'delete','name','icon'

-----[ IN-LINE AFTER, ADD ]------------------------------------------

Code: Select all
,'desc'

-----[ SAVE/CLOSE ALL FILES ]------------------------------------------


The string of code after the fix will look like this:

$ct_ignorepvar = array('create','delete','name','icon','desc');

Once this is fixed, you should be able to create forums just fine.

Zac

*EDIT* This fix seems to also work for creating categories as well.
Last edited by ZacFields on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

ZacFields
Sr Integra Member
Sr Integra Member
 
Posts: 426
Likes: 0 post
Liked in: 0 post
Joined: Wed May 24, 2006 10:14 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: MWE_001 » Tue Jan 30, 2007 12:07 am

Tried Adding a GNU license in downloads and cracker tracker went off. Letting you know so it can be patched when ever and I used ZacFields fixes and my board is alot more free now.
Last edited by MWE_001 on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
MWE_001
Sr Integra Member
Sr Integra Member
 
Posts: 1265
Likes: 0 post
Liked in: 0 post
Images: 12
Joined: Fri Apr 21, 2006 6:59 pm
Cash on hand: 0.00
Location: Illinois

PostAuthor: Dick Dynamite » Tue Jan 30, 2007 12:29 am

Biggest problem I am having right now is on one of my sites, I can't edit style.css sheets on the site itself. I have to download them, edit them on my machine, and submit the edited version. That wouldn't be an issue if I wasn't the kind to try something, and nick and pick at it til I liked it. <img>
Last edited by Dick Dynamite on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
www.dickdynamite.com

Dick Dynamite
Members
Members
 
Posts: 68
Likes: 0 post
Liked in: 0 post
Joined: Sun Dec 31, 2006 9:53 am
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: Leadfoot » Tue Jan 30, 2007 12:53 am

ctracker is blocking the cookieMod program. I found the easy go around was to rename ctracker to something else. Run cookieMod and then change the file name back to ctracker.
Last edited by Leadfoot on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

Leadfoot
Integra Member
Integra Member
 
Posts: 131
Likes: 0 post
Liked in: 0 post
Joined: Sun Oct 01, 2006 4:02 pm
Cash on hand: 0.00

PostAuthor: Dick Dynamite » Tue Jan 30, 2007 1:05 am

The CTracker folder?
Last edited by Dick Dynamite on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
www.dickdynamite.com

Dick Dynamite
Members
Members
 
Posts: 68
Likes: 0 post
Liked in: 0 post
Joined: Sun Dec 31, 2006 9:53 am
Cash on hand: 0.00

PostAuthor: Leadfoot » Tue Jan 30, 2007 10:21 am

If you look at the root of your forums you will see a folder called ctracker. It was in the files you uploaded for 141.
Last edited by Leadfoot on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

Leadfoot
Integra Member
Integra Member
 
Posts: 131
Likes: 0 post
Liked in: 0 post
Joined: Sun Oct 01, 2006 4:02 pm
Cash on hand: 0.00

PostAuthor: ZacFields » Tue Jan 30, 2007 10:59 am

I will take a look at the aforementioned problems and see if we can find a patch for it.

The Devs (and I, the newbie dev) are working on a real patch for crackertracker but we want to make sure we've got most of the major fixes on there before we release it.

I have uploaded a patch that you guys can use in the meantime that will help you be able to do some of the basic stuff like create forums, edit forums, etc.

Zac
Last edited by ZacFields on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

ZacFields
Sr Integra Member
Sr Integra Member
 
Posts: 426
Likes: 0 post
Liked in: 0 post
Joined: Wed May 24, 2006 10:14 pm
Cash on hand: 0.00

PostAuthor: Dick Dynamite » Tue Jan 30, 2007 12:18 pm

Sorry, Leadfoot, I was asking if you meant the folder itself, or the CTracker_security.php file.
Last edited by Dick Dynamite on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
www.dickdynamite.com

Dick Dynamite
Members
Members
 
Posts: 68
Likes: 0 post
Liked in: 0 post
Joined: Sun Dec 31, 2006 9:53 am
Cash on hand: 0.00

PostAuthor: Dick Dynamite » Tue Jan 30, 2007 12:38 pm

Also, now I can't even change those settings at all. [Avatar/Sig, ect.]. I'm tempted to just uninstall ctracker until something is made to work. <img>
Last edited by Dick Dynamite on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
www.dickdynamite.com

Dick Dynamite
Members
Members
 
Posts: 68
Likes: 0 post
Liked in: 0 post
Joined: Sun Dec 31, 2006 9:53 am
Cash on hand: 0.00

PostAuthor: ZacFields » Tue Jan 30, 2007 1:52 pm

Dick Dynamite,

Where are you having trouble changing avater/sig info? In your users profile or in your ACP? Be more specific so I can create a patch

Zac
Last edited by ZacFields on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

ZacFields
Sr Integra Member
Sr Integra Member
 
Posts: 426
Likes: 0 post
Liked in: 0 post
Joined: Wed May 24, 2006 10:14 pm
Cash on hand: 0.00

Next

Return to IntegraMOD 141

Who is online

Registered users: Bing [Bot], Google [Bot], Majestic-12 [Bot]