Translate
Sub Menu
Links Menu
Online Users

In total there are 39 users online :: 1 registered, 0 hidden and 38 guests

Most users ever online was 372 on Thu May 09, 2019 3:50 am

Registered users: Majestic-12 [Bot] based on users active over the past 60 minutes

Last Online
In order to view the online list you have to be registered and logged in.



We are a free and open
community, all are welcome.

Click here to Register

CrackerTracker Exploit False Positives

Support for IntegraMOD 141

Moderator: Integra Moderator

CrackerTracker Exploit False Positives

PostAuthor: Teelk » Thu Jan 18, 2007 5:08 pm

Have you ever gotten this message while trying to do something you know you should be allowed to do?

[align=center]Image[/align]

There is a KB Article located here that will explain how to use the debug mode of CrackerTracker to detect the problem file and give you a solution.

This thread is for those that have already found their solution and want to share it with the rest of the community. So, feel free to share your CrackerTracker Debug Logs with everyone. All verified and validated False Positive fixes will be contained within this first post.

NOTE: Please do not post support questions in this thread, it is only for CT Debug info. If you are having a problem using the debug mod or have another CrackerTracker related question or problem, please start another thread or post in a thread with the same topic material.

Verified Fixes

Tell a Friend fix
OPEN tellafriend.php
FIND
Code: Select all
define('IN_PHPBB', true);
AFTER ADD
Code: Select all
define('CT_SECLEVEL', 'MEDIUM');


Occupation Fix (in profiles)
OPEN profile.php
FIND
Code: Select all
$ct_ignorepvar = array('helpbox','delete','deleteall','phpBBSecurity_question','user_interests');
REPLACE WITH
Code: Select all
$ct_ignorepvar = array('helpbox','delete','deleteall','phpBBSecurity_question','user_interests','user_occ');
Last edited by Teelk on Tue Jan 23, 2007 1:23 am, edited 1 time in total.
User avatar
Teelk
Dev Team
Dev Team
 
Posts: 1309
Joined: Tue Mar 14, 2006 6:25 pm
Location: Canada

PostAuthor: ZacFields » Thu Jan 18, 2007 5:20 pm

When you click the "Tell a Friend" button, you'll get a CrackerTracker error. I have edited the instructions that CrackerTracker gave me to match what you'll actually have to do to fix this.


Open: tellafriend.php
FIND
Code: Select all
define('IN_PHPBB', true);

 
AFTER, ADD
Code: Select all
define('CT_SECLEVEL', 'MEDIUM');


Before it said to look for "define('IN_PHPBB', 1); but in IM 1.4.1 it is "define('IN_PHPBB', true);" so this code will fix the problem.

Zac
Last edited by ZacFields on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

ZacFields
Sr Integra Member
Sr Integra Member
 
Posts: 426
Joined: Wed May 24, 2006 11:14 pm

PostAuthor: DDay629 » Fri Jan 26, 2007 12:54 am

For anyone wanting an easy way to make these changes without using a single FTP program, just use the eXtreme Styles template editor. I have for instance created backups in both versions of ctracker/engines/ct_security.php

Hope this helps some of you guys.

DDay
Last edited by DDay629 on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

DDay629
Members
Members
 
Posts: 41
Joined: Wed Jan 17, 2007 11:35 pm

PostAuthor: ZacFields » Fri Jan 26, 2007 11:09 am

One of my users was having trouble updating his information. Seems that the 'user_realname' parameter was causing the trouble. Here is the patch for it (I have altered it to work with the integramod code)
OPEN
/profile.php
##-----[ FIND ]------------------------------------------#
Code: Select all
$ct_ignorepvar = array('helpbox','delete','deleteall','phpBBSecurity_question','user_interests')

##-----[IN-LINE FIND]------------------------------------------#
Code: Select all
 'helpbox','delete','deleteall','phpBBSecurity_question','user_interests'

##-----[ IN-LINE, AFTER, ADD ]------------------------------------------#
Code: Select all
 ,'user_realname'

##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------##
EoM

The whole string of code will look like this after the patch:

$ct_ignorepvar = array
('helpbox','delete','deleteall','phpBBSecurity_question','user_interests','user_realname')

I think this is the right instructions that you'll need. Feel free to alter, it's just important to get the 'user_realname' parameter unblocked.

Zac
Last edited by ZacFields on Sat Jan 27, 2007 2:37 pm, edited 1 time in total.

ZacFields
Sr Integra Member
Sr Integra Member
 
Posts: 426
Joined: Wed May 24, 2006 11:14 pm

PostAuthor: ZacFields » Fri Jan 26, 2007 3:02 pm

I couldn't edit anything in my ACP ==> Configuration area before adding this fix: (Altered to match integramod code)

OPEN
/admin/admin_board.php
-----[ FIND ]------------------------------------------
Code: Select all
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('cookie_name');

-----[ IN-LINE FIND]-----------------------------------------
Code: Select all
 'cookie_name'

-----[ IN-LINE AFTER, ADD]--------------------------------
Code: Select all
 ,'board_email_sig','board_disable_msg'

-----[ SAVE/CLOSE ALL FILES ]----------------------------
EoM


The whole string of code will look like this after the patch:

$ct_ignorepvar = array('cookie_name','board_email_sig','board_disable_msg');

Now as far as I can tell, I can change anything in the configuration section in the ACP.

Zac
Last edited by ZacFields on Sat Jan 27, 2007 2:36 pm, edited 1 time in total.

ZacFields
Sr Integra Member
Sr Integra Member
 
Posts: 426
Joined: Wed May 24, 2006 11:14 pm

PostAuthor: ZacFields » Sat Jan 27, 2007 2:34 pm

To create a forum, there is one minor error that needs to be resolved. Very simple and SMALL problem but here is the patch for it (Altered to match IM code)

-----[ OPEN ]------------------------------------------
admin/admin_forums_extend.php
-----[ FIND ]------------------------------------------

Code: Select all
$ct_ignorepvar = array('create','delete','name','icon');

-----[ IN-LINE, FIND ]------------------------------------------

Code: Select all
'delete','name','icon'

-----[ IN-LINE AFTER, ADD ]------------------------------------------

Code: Select all
,'desc'

-----[ SAVE/CLOSE ALL FILES ]------------------------------------------


The string of code after the fix will look like this:

$ct_ignorepvar = array('create','delete','name','icon','desc');

Once this is fixed, you should be able to create forums just fine.

Zac

*EDIT* This fix seems to also work for creating categories as well.
Last edited by ZacFields on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

ZacFields
Sr Integra Member
Sr Integra Member
 
Posts: 426
Joined: Wed May 24, 2006 11:14 pm

Re: CrackerTracker Exploit False Positives

PostAuthor: MWE_001 » Tue Jan 30, 2007 1:07 am

Tried Adding a GNU license in downloads and cracker tracker went off. Letting you know so it can be patched when ever and I used ZacFields fixes and my board is alot more free now.
Last edited by MWE_001 on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
MWE_001
Administrator
Administrator
 
Posts: 1249
Images: 12
Joined: Fri Apr 21, 2006 7:59 pm
Location: Illinois

PostAuthor: Dick Dynamite » Tue Jan 30, 2007 1:29 am

Biggest problem I am having right now is on one of my sites, I can't edit style.css sheets on the site itself. I have to download them, edit them on my machine, and submit the edited version. That wouldn't be an issue if I wasn't the kind to try something, and nick and pick at it til I liked it. <img>
Last edited by Dick Dynamite on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
www.dickdynamite.com

Dick Dynamite
Members
Members
 
Posts: 68
Joined: Sun Dec 31, 2006 10:53 am

Re: CrackerTracker Exploit False Positives

PostAuthor: Leadfoot » Tue Jan 30, 2007 1:53 am

ctracker is blocking the cookieMod program. I found the easy go around was to rename ctracker to something else. Run cookieMod and then change the file name back to ctracker.
Last edited by Leadfoot on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

Leadfoot
Integra Member
Integra Member
 
Posts: 131
Joined: Sun Oct 01, 2006 5:02 pm

PostAuthor: Dick Dynamite » Tue Jan 30, 2007 2:05 am

The CTracker folder?
Last edited by Dick Dynamite on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
www.dickdynamite.com

Dick Dynamite
Members
Members
 
Posts: 68
Joined: Sun Dec 31, 2006 10:53 am

PostAuthor: Leadfoot » Tue Jan 30, 2007 11:21 am

If you look at the root of your forums you will see a folder called ctracker. It was in the files you uploaded for 141.
Last edited by Leadfoot on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

Leadfoot
Integra Member
Integra Member
 
Posts: 131
Joined: Sun Oct 01, 2006 5:02 pm

PostAuthor: ZacFields » Tue Jan 30, 2007 11:59 am

I will take a look at the aforementioned problems and see if we can find a patch for it.

The Devs (and I, the newbie dev) are working on a real patch for crackertracker but we want to make sure we've got most of the major fixes on there before we release it.

I have uploaded a patch that you guys can use in the meantime that will help you be able to do some of the basic stuff like create forums, edit forums, etc.

Zac
Last edited by ZacFields on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

ZacFields
Sr Integra Member
Sr Integra Member
 
Posts: 426
Joined: Wed May 24, 2006 11:14 pm

PostAuthor: Dick Dynamite » Tue Jan 30, 2007 1:18 pm

Sorry, Leadfoot, I was asking if you meant the folder itself, or the CTracker_security.php file.
Last edited by Dick Dynamite on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
www.dickdynamite.com

Dick Dynamite
Members
Members
 
Posts: 68
Joined: Sun Dec 31, 2006 10:53 am

PostAuthor: Dick Dynamite » Tue Jan 30, 2007 1:38 pm

Also, now I can't even change those settings at all. [Avatar/Sig, ect.]. I'm tempted to just uninstall ctracker until something is made to work. <img>
Last edited by Dick Dynamite on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
www.dickdynamite.com

Dick Dynamite
Members
Members
 
Posts: 68
Joined: Sun Dec 31, 2006 10:53 am

PostAuthor: ZacFields » Tue Jan 30, 2007 2:52 pm

Dick Dynamite,

Where are you having trouble changing avater/sig info? In your users profile or in your ACP? Be more specific so I can create a patch

Zac
Last edited by ZacFields on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

ZacFields
Sr Integra Member
Sr Integra Member
 
Posts: 426
Joined: Wed May 24, 2006 11:14 pm

Next

Return to IntegraMOD 141

Who is online

Registered users: Majestic-12 [Bot]

cron