|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 159 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
|
 Fortress is a unique application that provides a multi-faceted approach to security
and alert notifications. Fortress is a live work in progress and will be updated
when milestones are met, and if any patches are released.
Fortress is the first in its class that doesn't interface with PHP-Nuke. Fortress
protects itself on sites using REGISTER_GLOBALS, and it takes on a truly intelligent
operation where users do not know of its existence. Silent operation ensures all
suspects continue leaving more proof and evidence that they are being malicious.
This information arms you in whatever path you take for action.
View Download
Thanks go to Allevon and Mister for proof of concepts in web and email alerts. Thanks to dsnail2000, IACOJ, and Sting for testing.
|
|
Posted on Wednesday, April 28 @ 17:47:00 CEST by Zhen-Xjell |
|
|
|
|
| |
|
Average Score: 2.53
Votes: 13
|
|
|
|
|
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: Fortress Debut (Beta 1) (Score: 1)
by speedx on Wednesday, April 28 @ 18:07:38 CEST
(User Info | Send a Message) | | Working great .. email works, nice protection .. |
]
Re: Fortress Debut (Beta 1) (Score: 1)
by oprime2001 on Wednesday, April 28 @ 22:21:32 CEST
(User Info | Send a Message) | Testing on my site, and I got the email alert, but in an unformatted message.
Fortress Alarm! --------------- An attack on WWW.MYDOMAINNAMEHERE.TLD has triggered Fortress to send a high-priority email to you. Other methods may be included in this attack, but it only takes one to trigger an Alert. It is that trigger which is reported below: Timestamp: Wednesday 28th of April 2004 10:57:58 PM Attack: A C-Like Comment Code Entry Query: foo=bar U/**/NION SELECT ALL FROM WHERE Raw Query: foo=bar%20U/**/NION%20SELECT%20ALL%20FROM%20WHERE Method: http://WWW.MYDOMAINNAMEHERE.TLD/index.php?foo=bar U/**/NION SELECT ALL FROM WHERE Raw Method: http://WWW.MYDOMAINNAMEHERE.TLD/index.php?foo=bar%20U/**/NION%20SELECT%20ALL%20FROM%20WHERE Suspect Host: Suspect IP: MY.IP.HERE Remote Port: 64707 Suspect Agents: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8 User Cookie: Admin Cookie: Referred: --- Fortress Beta 1 Brought to you exclusively by http://nukecops.com. Keep it secure!
Do I need to add/change something in fortress.php to get the message in a formatted/easier to read format? |
]
Re: Fortress Debut (Beta 1) (Score: 1)
by Zhen-Xjell on Wednesday, April 28 @ 22:31:03 CEST
(User Info | Send a Message) http://castlecops.com | If you are using a Mime 1.0 compliant email client, the email does come back formatted properly. It has been tested on the most popular client with success.
What is your client? |
]
Re: Fortress Debut (Beta 1) (Score: 1)
by oprime2001 on Thursday, April 29 @ 06:44:02 CEST
(User Info | Send a Message) | | outlook 2000 sp3 (9.0.0.6627) |
]
| | | | |
Re: Fortress Debut (Beta 1) (Score: 1)
by dsnail2000 on Wednesday, April 28 @ 20:39:51 CEST
(User Info | Send a Message) http://www.controlbooth.com | | Make sure you configure your subject line to make it compatible with email filters so that you can set your email client to flag the alert emails or set them aside. |
Re: Fortress Debut (Beta 1) (Score: 1)
by allevon on Wednesday, April 28 @ 21:13:57 CEST
(User Info | Send a Message) http://www.AlleVonTech.com | good point, my email is so filtered i get practically NO email and Chatserv can attest to that because of all these freaking spammers and pissed off Trojan launchers who are surprised by the HH page or my counter strikes. tee hee.
So make sure you create a customized way of filtering it so your filters wont trash it. |
]
| | | | |
Re: Fortress Debut (Beta 1) (Score: 1)
by allevon on Wednesday, April 28 @ 21:25:14 CEST
(User Info | Send a Message) http://www.AlleVonTech.com | Well, hopefully as time goes on, more things can be added, created and so forth to make the internet a REALLY small place for the undesired.
Its really a shame that we all have to spend so much freaking time on the net having to create tools like this to counter the gender confused impotent few. The loss of time and ideas that got forgotten because of having to stop everything else and counter these dorks, is unbelievable and really just hammering the entire development of the web into dust.
But on the pro side, its now a good foundation to build upon with ideas and tools, that if all the webmasters around the net implement counter tools like this, then the scumbags will have to waste even MORE time, trying to come up with new crap to annoy you with and make the net a smaller place for them.
But at least this step really hurts the socially challenged scumbags enough to hopefully give us all a break and get back to work for a change.
Remember people, its not virus of the year, month or week anymore, its new virus of the MINUTE/HOUR!!!! Depending upon the day of the week of course. lol |
| | | | |
Re: Fortress Debut (Beta 1) (Score: 1)
by zanis on Wednesday, April 28 @ 21:27:13 CEST
(User Info | Send a Message) | Hello!
Please note - the code for UNION TAP does not supply the $loc=rawurldecode($_SERVER["QUERY_STRING"]);
line.
Cheers
Zanis |
Re: Fortress Debut (Beta 1) (Score: 1)
by Zhen-Xjell on Wednesday, April 28 @ 21:55:32 CEST
(User Info | Send a Message) http://castlecops.com | | You need to install UTC Beta 4a that is included within Fortress Beta 1. Beta 4 and under is does not easily integrate with Fortress. |
]
| | | | |
Re: Fortress Debut (Beta 1) (Score: 1)
by Zhen-Xjell on Wednesday, April 28 @ 22:30:03 CEST
(User Info | Send a Message) http://castlecops.com | From the location its called it cannot be done this way. The nuke variables are not called til later in the php-nuke pre-processing.
In addition, Fortress works for ALL PHP sites, not just PHP-Nuke. Its highly portable. |
]
| | | | |
Re: Fortress Debut (Beta 1) (Score: 1)
by anthonyaykut on Thursday, April 29 @ 03:05:32 CEST
(User Info | Send a Message) http://www.frame4.com/ | Two questions:
1. If nuke/index.php is installed in:
http://www.domain.com/php/index.php
...then...
$domain = "http://www.domain.com/php";
Is this correct?
2. When trying to post news items, the news title I was trying to post became "Fortress Alarm @ site_name_removed". (i kid you not). And I couldnt change it - every time I edit the article with the proper title and click Save, the title was changed again to "Fortress Alarm @ site_name_removed". Haven't had time to check if this was the case with all stories (as I removed UT after the first occurrence), but it had problems with this post for some reason:
http://www.frame4.com/php/article2632.html
|
Re: Fortress Debut (Beta 1) (Score: 1)
by Adis on Thursday, April 29 @ 03:36:28 CEST
(User Info | Send a Message) | | same here...plus no javascript works in protector modul anymore. Im getting message: "Nuke Cops Slaps You Silly" |
]
Re: Fortress Debut (Beta 1) (Score: 1)
by Adis on Thursday, April 29 @ 03:42:51 CEST
(User Info | Send a Message) | | Javascript problem in protector seems to be related to Admin Tap XSS Version 3 Patch? |
]
]
Re: Fortress Debut (Beta 1) (Score: 1)
by Adis on Thursday, April 29 @ 11:24:50 CEST
(User Info | Send a Message) | | Thank you genoxide for your help. I think I understand know what is allowed to run and what is not. Thank you very much :) |
]
| | | | |
Re: Fortress Debut (Beta 1) (Score: 1)
by rasputin on Thursday, April 29 @ 07:04:19 CEST
(User Info | Send a Message) http://www.russianeast.com | OK, ZX
I think we have a valid error here with posting news ...
I have a site with english/russian content : http://www.russianeast.com.
I have noticed same problem as anthonyaykut mentioned. Only I have seen it when posting Autonews. Title becomes Fortress Alarm @ sitename. Only commenting out UnionTap in mainfile.php allowed me to change the title name .... FYI : title was in cyrilic alphabet, haven't had a chance to test with english ...
I think we need to start Forums thread to resolve this problem.
|
| | | | | |
