|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 364 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
Beta Fortress(TM) 1.20 Released |
|
 You've asked for it, so here it is. It will be the masthead for a new generation of security tools to safeguard your websites. All instructions and donation credits are already included within the application. Future versions will rely on your support thru donations. This release protects your sites against all forms of HTTP GET injections:
bad html tags
union injections
C comment codes
Fortress(tm) filters them thru plaintext, base64, and even HEX.
|
|
Posted on Sunday, May 23 @ 10:45:39 CEST by Zhen-Xjell |
|
|
|
|
| |
|
Average Score: 3.22
Votes: 9
|
|
|
|
|
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by valkster on Sunday, May 23 @ 11:19:37 CEST
(User Info | Send a Message) http://zamboozle.com | Pasting current code to mainfile.php gets me this . .
Parse error: parse error in /home/............./public_html/1/mainfile.php on line 1241
Fatal error: Call to a member function on a non-object in /home/.............../public_html/1/index.php on line 18
Things look good. I created the fortress.htm and csv files manually. |
| | | | |
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Tank863 on Sunday, May 23 @ 11:28:49 CEST
(User Info | Send a Message) http://tankweb.net | I also when cutting and pasting to the mainfile received the exact same errors.
|
| | | | |
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by genoxide on Sunday, May 23 @ 11:36:24 CEST
(User Info | Send a Message) http://www.projectxero.org | im getting those errors Warning: Variable passed to each() is not an array or object in /home/xerogen/public_html/fortress.php on line 42
|
| | | | |
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Zhen-Xjell on Sunday, May 23 @ 11:42:52 CEST
(User Info | Send a Message) http://castlecops.com | Hi folks, please do not copy/paste the new mainfile.php code as each version is going to be different I didn't include it for that purpose. You'll have to manually modify your mainfile.php to be similar to the one I have in fortress.php. Specifically, you are looking for where the "Add new lines" are supposed to go. Within fortress.php, the UTC Final code resembles what the NC mainfile.php looks like. You can copy/paste your mainfile.php if you need our special attention.
Just paste the top part, not mainfile in its entirety. |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Tank863 on Sunday, May 23 @ 11:55:03 CEST
(User Info | Send a Message) http://tankweb.net | That is what I was talking about. I manullay modified my mainfile.php with UTC code that is included in the fortress.php file.
I removed all previous versions of the UTC & other security measures and placed in the UTC from the Fortress.php... and I get the above error.
I will work on it some more... |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by valkster on Sunday, May 23 @ 11:59:09 CEST
(User Info | Send a Message) http://zamboozle.com | It works by pasting ALL the new UTC code except these two lines . . .
if (eregi("mainfile.php",$_SERVER['PHP_SELF'])) { // Current code
Header("Location: index.php"); // Current code
I hope these are not required somewhere down the line?? |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by valkster on Sunday, May 23 @ 11:59:50 CEST
(User Info | Send a Message) http://zamboozle.com | It works by pasting ALL the new UTC code except these two lines . . .
if (eregi("mainfile.php",$_SERVER['PHP_SELF'])) { // Current code
Header("Location: index.php"); // Current code
I hope these are not required somewhere down the line?? |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by valkster on Sunday, May 23 @ 12:49:08 CEST
(User Info | Send a Message) http://zamboozle.com | Sorry bout the double post. I did not want to post even one of those messages, but NukeCops went into overload mode.
The install is clear to me now. Just did a search for current code in mainfile.php and if they were there I just changed what was not and added the code from fortress.php. Running Nuke7.2, I did find a conflict of code from fortress.php and mainfile.php. I opted to use the fortress.php code with no ill effects on the site, that I can see anyways. Excited about the future of the product! |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Zhen-Xjell on Sunday, May 23 @ 15:18:22 CEST
(User Info | Send a Message) http://castlecops.com | Thanks valkster we got your Knight donation and you'll be included for the next release.
|
]
| | | | |
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by nuke-lux on Sunday, May 23 @ 13:03:39 CEST
(User Info | Send a Message) http://www.nukecommunity.com | I use patched php-nuke 7.3 by chatserv and i had no problems to install the fortress file, but then i wanted to test it so i visited security focus to get the latest bug and i found this one: http://www.securityfocus.com/bid/10365 but when i tried it, it worked, so is this a bug fortress doesn't cover or did i do something wrong when i installed fortress?
I also tried this code http://www.nukecommunity.com/modules.php?name=Downloads&d_op=viewsdownload&sid=-1/**/UNION/**/SELECT/**/0,0,aid,pwd,0,0,0,0,0,0,0,0/**/FROM/**/nuke_authors/**/WHERE/**/radminsuper=1/**/LIMIT/**/1/* , but nothing happened, i got not banned i only had to go back to index.php ...? |
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Zhen-Xjell on Sunday, May 23 @ 15:10:18 CEST
(User Info | Send a Message) http://castlecops.com | Check our htm files:
nukecops [nukecops.com]
computercops [computercops.biz]
You'll see Fortress(tm) is indeed catching these, and in fact, the same one you quote above too.
I'll have to see the top side of your mainfile. |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by nuke-lux on Sunday, May 23 @ 15:12:14 CEST
(User Info | Send a Message) http://www.nukecommunity.com | Here it is:
/************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
/* Additional security checking code 2003 by chatserv */
/* http://www.nukefixes.com -- http://www.nukeresources.com */
/************************************************************************/
//Nav Tap
include("includes/navtap.php");
//Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 3 Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER["QUERY_STRING"]), $matches)) {
die("YOU ARE SLAPPED BY NUKECOPS [nukecops.com] BY USING '$matches[1]' INSIDE '$loc'.");
}
$queryString = strtolower($_SERVER['QUERY_STRING']);
if (strstr($queryString,'%20union%20') OR strstr($queryString,'/*')) {
header("Location: index.php");
die();
}
$phpver = phpversion();
if ($phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible')) {
if (extension_loaded('zlib')) {
ob_end_clean();
ob_start('ob_gzhandler');
}
} else if ($phpver > '4.0') {
if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if (extension_loaded('zlib')) {
$do_gzip_compress = TRUE;
ob_start();
ob_implicit_flush(0);
//header('Content-Encoding: gzip');
}
}
}
$phpver = explode(".", $phpver);
$phpver = "$phpver[0]$phpver[1]";
if ($phpver >= 41) {
$PHP_SELF = $_SERVER['PHP_SELF'];
}
if (!ini_get("register_globals")) {
import_request_variables('GPC');
}
// Union Tap Code Final // Add this line
// Copyright 2004 // Add this line
// Paul Laudanski // Add this line
// http://computercops.biz // Add this line
// http://fortress.cc // Add this line
define('ZERO', true); // Add this line
include('fortress.php'); // Add this line
Bards($addr); // Add this line
foreach ($_GET as $secvalue) {
if ((eregi("]*script*"?[^>]*>", $secvalue)) ||
(eregi("]*object*"?[^>]*>", $secvalue)) ||
(eregi("]*iframe*"?[^>]*>", $secvalue)) ||
(eregi("]*applet*"?[^>]*>", $secvalue)) ||
(eregi("]*meta*"?[^>]*>", $secvalue)) ||
(eregi("]*style*"?[^>]*>", $secvalue)) ||
(eregi("]*form*"?[^>]*>", $secvalue)) ||
(eregi("([^>]*"?[^)]*)", $secvalue)) ||
(eregi(""", $secvalue))) {
# die ("
The html tags you attempted to use are not allowed
[ Go Back ]");
$method = "BAD-TAGS"; // Add this line
$matches[1] = "BAD-TAGS"; // Add this line
AlertMail($method); // Add this line
AlertLog($method); // Add this line
}
}
foreach ($_POST as $secvalue) {
if ((eregi("]script*"?[^>]*>", $secvalue)) || (eregi("]style*"?[^>]*>", $secvalue))) {
die ("
Th
Read the rest of this comment... |
]
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Zhen-Xjell on Sunday, May 23 @ 15:16:12 CEST
(User Info | Send a Message) http://castlecops.com | | Ok I see what may be the problem... you are using the old UTC code from the very top. Remove the whole code block and only use the new highly slimmed down UTC as per the new fortress.php file. |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by nuke-lux on Sunday, May 23 @ 15:39:29 CEST
(User Info | Send a Message) http://www.nukecommunity.com | ok i did but i still have the same problem, every time i do an union attack, nuke sends me back to index.php without performing the request, but the problem is there is also no entry in fortress.htm ?
I posted the code here:
http://www.nukecops.com/postp126566.html#126566 |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Zhen-Xjell on Sunday, May 23 @ 15:43:55 CEST
(User Info | Send a Message) http://castlecops.com | | Question is did you create the htm file via copy/paste or did fortress(tm) create it? I ask because it didn't have the "Server" address listed, which indicates a possible copy/paste. Thus, does your web server have the correct WRITE permissions to the file? |
]
| | | | |
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by speedx on Sunday, May 23 @ 14:33:41 CEST
(User Info | Send a Message) | Seems it is all working, can login as admin but if I try to login as a user I get this error
"Sorry, such file doesn't exist..." |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by speedx on Sunday, May 23 @ 15:17:43 CEST
(User Info | Send a Message) | ]*script*"?[^>]*>", $secvalue)) || // Current code
(eregi("]*iframe*"?[^>]*>", $secvalue)) || // Current code
(eregi("]*object*"?[^>]*>", $secvalue)) || // Current code
(eregi("]*applet*"?[^>]*>", $secvalue)) || // Current code
(eregi("]*meta*"?[^>]*>", $secvalue)) || // Current code
(eregi("]*style*"?[^>]*>", $secvalue)) || // Current code
(eregi("]*form*"?[^>]*>", $secvalue)) || // Current code
(eregi("]*img*"?[^>]*>", $secvalue)) || // Current code
(eregi(""", $secvalue))) { // Current code
# die ("The html tags you attempted to use are not allowed"); // Current code but either delete or comment out
$method = "BAD-TAGS"; // Add this line
$matches[1] = "BAD-TAGS"; // Add this line
AlertMail($method); // Add this line
AlertLog($method); // Add this line
} // Current code
} // Current code
ccheck(); // Add this line
ucheck(); // Add this line
ReleaseVars(); // Add this line
if (eregi("mainfile.php",$_SERVER['PHP_SELF'])) { // Current code
Header("Location: index.php"); // Current code
}
|
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Zhen-Xjell on Sunday, May 23 @ 15:23:20 CEST
(User Info | Send a Message) http://castlecops.com | Ensure you have this:
define('ZERO', true);
include('fortress.php');
Bards($addr);
Before the:
foreach ($HTTP_GET_VARS as $secvalue) {
or
foreach ($_GET as $secvalue) { |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by speedx on Sunday, May 23 @ 15:41:11 CEST
(User Info | Send a Message) | | Zhen-Xjell I send you a pm |
]
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by speedx on Sunday, May 23 @ 16:02:08 CEST
(User Info | Send a Message) | | sent you an email |
]
| | | | |
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by nix on Sunday, May 23 @ 15:17:40 CEST
(User Info | Send a Message) | Can someone help me with the changes to mainfile.php
Here is my mainfile.php It seems diffrent then the example in the fortress.php I am using nuke 7.0
************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
$phpver = phpversion();
if ($phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible')) {
if (extension_loaded('zlib')) {
ob_end_clean();
ob_start('ob_gzhandler');
}
} else if ($phpver > '4.0') {
if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if (extension_loaded('zlib')) {
$do_gzip_compress = TRUE;
ob_start();
ob_implicit_flush(0);
//header('Content-Encoding: gzip');
}
}
}
$phpver = explode(".", $phpver);
$phpver = "$phpver[0]$phpver[1]";
if ($phpver >= 41) {
$PHP_SELF = $_SERVER['PHP_SELF'];
}
if (!ini_get("register_globals")) {
import_request_variables('GPC');
}
foreach ($_GET as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
(eregi("\"", $secvalue))) {
# die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
foreach ($_POST as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*style*\"?[^>]*>", $secvalue))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
if (eregi("mainfile.php",$PHP_SELF)) {
Header("Location: index.php");
die();
}
if ($forum_admin == 1) {
require_once("../../../config.php");
require_once("../../../db/db.php");
} elseif ($inside_mod == 1) {
require_once("../../config.php");
require_once("../../db/db.php");
} else {
require_once("config.php");
require_once("db/db.php");
/* FOLL
Read the rest of this comment... |
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Zhen-Xjell on Sunday, May 23 @ 15:21:53 CEST
(User Info | Send a Message) http://castlecops.com | Try replacing this:
foreach ($_GET as $secvalue) {
if ((eregi("]*script*"?[^>]*>", $secvalue)) ||
(eregi("]*object*"?[^>]*>", $secvalue)) ||
(eregi("]*iframe*"?[^>]*>", $secvalue)) ||
(eregi("]*applet*"?[^>]*>", $secvalue)) ||
(eregi("]*meta*"?[^>]*>", $secvalue)) ||
(eregi("]*style*"?[^>]*>", $secvalue)) ||
(eregi("]*form*"?[^>]*>", $secvalue)) ||
(eregi("([^>]*"?[^)]*)", $secvalue)) ||
(eregi(""", $secvalue))) {
# die ("*lt;br>
The html tags you attempted to use are not allowed
[ Go Back ]");
}
}
With this:
define('ZERO', true);
include('fortress.php');
Bards($addr);
foreach ($_GET as $secvalue) {
if ((eregi("]*script*"?[^>]*>", $secvalue)) ||
(eregi("]*object*"?[^>]*>", $secvalue)) ||
(eregi("]*iframe*"?[^>]*>", $secvalue)) ||
(eregi("]*applet*"?[^>]*>", $secvalue)) ||
(eregi("]*meta*"?[^>]*>", $secvalue)) ||
(eregi("]*style*"?[^>]*>", $secvalue)) ||
(eregi("]*form*"?[^>]*>", $secvalue)) ||
(eregi("([^>]*"?[^)]*)", $secvalue)) ||
(eregi(""", $secvalue))) {
$method = "BAD-TAGS";
$matches[1] = "BAD-TAGS";
AlertMail($method);
AlertLog($method);
}
}
ccheck();
ucheck();
ReleaseVars();
|
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by nix on Sunday, May 23 @ 15:42:17 CEST
(User Info | Send a Message) | | Worked great. Thanks! |
]
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by nix on Sunday, May 23 @ 16:02:24 CEST
(User Info | Send a Message) | | Well, I got it installed with no errors. But I cannot get it to ban or email. Just kicks back to the index page. |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Zhen-Xjell on Sunday, May 23 @ 16:04:52 CEST
(User Info | Send a Message) http://castlecops.com | Check your config settings in the php file and ensure your email is listed. Also check if the htm and csv files are created.
Read the bottom of the php file, it goes into this in more detail. |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by nix on Sunday, May 23 @ 16:18:51 CEST
(User Info | Send a Message) | | Email is set up right. Created the two files. Still no ban or email sent out. |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Zhen-Xjell on Sunday, May 23 @ 16:20:05 CEST
(User Info | Send a Message) http://castlecops.com | | Do your files have proper WRITE permissions to allow the webserver to append it them? |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by nix on Sunday, May 23 @ 16:21:36 CEST
(User Info | Send a Message) | | THey have premission to WRITE with owner and group right now. |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by nuke-lux on Sunday, May 23 @ 17:27:07 CEST
(User Info | Send a Message) http://www.nukecommunity.com | | could you look at the code in this post http://www.nukecops.com/postp126600.html#126600 and tell us if your code in fortress.htm fortress.csv and mainfile.php are the same? |
]
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by nix on Sunday, May 23 @ 19:03:21 CEST
(User Info | Send a Message) | The other two files are the same. The email is working. Forgot to check the Junk email folder.
Here is my mainfile.php
$phpver = phpversion();
if ($phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible')) {
if (extension_loaded('zlib')) {
ob_end_clean();
ob_start('ob_gzhandler');
}
} else if ($phpver > '4.0') {
if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if (extension_loaded('zlib')) {
$do_gzip_compress = TRUE;
ob_start();
ob_implicit_flush(0);
//header('Content-Encoding: gzip');
}
}
}
$phpver = explode(".", $phpver);
$phpver = "$phpver[0]$phpver[1]";
if ($phpver >= 41) {
$PHP_SELF = $_SERVER['PHP_SELF'];
}
if (!ini_get("register_globals")) {
import_request_variables('GPC');
}
define('ZERO', true); // Add this line
include('fortress.php'); // Add this line
Bards($addr); // Add this line
foreach ($_GET as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
(eregi("\"", $secvalue))) {
$method = "BAD-TAGS"; // Add this line
$matches[1] = "BAD-TAGS"; // Add this line
AlertMail($method); // Add this line
AlertLog($method); // Add this line
} // Current code
} // Current code
ccheck(); // Add this line
ucheck(); // Add this line
ReleaseVars(); // Add this line
foreach ($_POST as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*style*\"?[^>]*>", $secvalue))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
if (eregi("mainfile.php",$PHP_SELF)) {
Header("Location: index.php");
die();
}
if ($forum_admin == 1) {
require_once("../../../config.php");
require_once("../../../db/db.php");
} elseif ($inside_mod == 1) {
require_once("../../config.php");
require_once("../../db/db.php");
} else {
require_once("config.php");
require_once("db/db.php");
/* FOLLOWING TWO LINES ARE DEPRECATED BUT ARE HERE FOR OLD MODULES COMPATIBILITY */
/* PLEASE START USING THE NEW SQL ABSTRACTION LAYER. SEE MODULES DOC FOR DETAILS */
require_once("includes/sql_layer.php");
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
} |
]
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by nix on Sunday, May 23 @ 19:20:42 CEST
(User Info | Send a Message) | | I have it sending emails and it will ban for a C-Like attack but not a UNION. It does log both though. |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by nix on Sunday, May 23 @ 19:23:22 CEST
(User Info | Send a Message) | | Never mind. Its working fine now. Think I just needed a break. Thanks for the help. |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Zhen-Xjell on Sunday, May 23 @ 21:09:00 CEST
(User Info | Send a Message) http://castlecops.com | | Yah in all my tests it works the way I stated to install it. ensure you removed the old UTC code. |
]
| | | | |
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Mouldy_punk on Sunday, May 23 @ 15:36:12 CEST
(User Info | Send a Message) http://www.mouldypunk.com | | I have installed it and I havn't recieved any errors, which was nice. But I don't have a fortress.csv file or a fortress.htm file. Where do they come from? |
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Zhen-Xjell on Sunday, May 23 @ 15:37:57 CEST
(User Info | Send a Message) http://castlecops.com | | They get created (so long as your web server has access to create them) when you first log an alert. |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Mouldy_punk on Sunday, May 23 @ 15:38:53 CEST
(User Info | Send a Message) http://www.mouldypunk.com | | Ok, thanks for the fast reply. Is there a way I can make sure its working, as far as I know nothing about my site has changed |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Zhen-Xjell on Sunday, May 23 @ 15:42:09 CEST
(User Info | Send a Message) http://castlecops.com | You can try one of the exploits as found here:
nukecops.com/fortress.htm
computercops.biz/fortress.htm
If you excluded yourself then you won't be banned in the csv file. But if not, then just remove the row in the csv file where your IP is. |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Mouldy_punk on Sunday, May 23 @ 15:44:50 CEST
(User Info | Send a Message) http://www.mouldypunk.com | | I tried this one"http://nukecops.com/modules.php?name=Downloads&d_op=viewsdownload&sid=-1/**/UNION/**/SELECT/**/0,0,aid,pwd,0,0,0,0,0,0,0,0/**/FROM/**/nuke_authors/**/WHERE/**/radminsuper=1/**/LIMIT/**/1/*" but with my site name of course, and it just took me back to index.php? I am not banned and the fortress.htm and fortress.csv files were not made. What went wrong? |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Zhen-Xjell on Sunday, May 23 @ 15:46:17 CEST
(User Info | Send a Message) http://castlecops.com | Did you get the email alert?
Your web server might not have the WRITE permission to create the files... look to the end of the php file and copy/paste the info as stated. Then ensure the files have WRITE persmission enabled for the web server. |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by nix on Sunday, May 23 @ 15:50:42 CEST
(User Info | Send a Message) | | I getting the same thing. Just back to the index and no email or blocking. |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Mouldy_punk on Sunday, May 23 @ 15:53:10 CEST
(User Info | Send a Message) http://www.mouldypunk.com | | I got an e-mail each time I've tried. But I am still not blocked. I have CHMOD'ed the fortess.htm and fortress.cvs files to enable writing for owner, group and all users and I still can't ban myself |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Zhen-Xjell on Sunday, May 23 @ 15:57:03 CEST
(User Info | Send a Message) http://castlecops.com | Your htm looks great, but your csv does not:
http://www.gtaisland.gta-shack.com/fortress.csv [www.gtaisland.gta-shack.com]
The problem is when you create the csv file manually, you didn't create a new line after that. Your ban information is on the same line as the field names.
Edit your csv file and move that to the second line and you should be alright from there. |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Mouldy_punk on Sunday, May 23 @ 15:57:21 CEST
(User Info | Send a Message) http://www.mouldypunk.com | | I CHMOD'ed it so that it had full permissions, It banned me, but didn't add me to the fortress.htm and fortress.cvs files, so I can't un-ban myself lol |
]
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Zhen-Xjell on Sunday, May 23 @ 15:58:50 CEST
(User Info | Send a Message) http://castlecops.com | | As to the adds, it is there... I see you in the htm file twice. Why? Because your csv file was not correctly made manually. |
]
]
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Zhen-Xjell on Sunday, May 23 @ 16:03:55 CEST
(User Info | Send a Message) http://castlecops.com | Actually you can edit the CSV file in Excel you'll see the problem right away in the first row. Then save it as a CSV file and reupload it.
You might want to clera your cache, because your files are showing up perfectly updated for me:
http://gtaisland.gta-shack.com/fortress.htm [gtaisland.gta-shack.com] |
]
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Mouldy_punk on Sunday, May 23 @ 16:02:04 CEST
(User Info | Send a Message) http://www.mouldypunk.com | http://gtaisland.gta-shack.com/fortress.htm
and
http://gtaisland.gta-shack.com/fortress.csv |
]
]
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Mouldy_punk on Sunday, May 23 @ 16:07:42 CEST
(User Info | Send a Message) http://www.mouldypunk.com | | I don't :S, I'll just wait until it sorts itself out, my htm file did somehow :S. Thanks for all your help. One last thing, what should I CHMOD fortress.htm and fortress.csv? |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Mouldy_punk on Sunday, May 23 @ 16:09:48 CEST
(User Info | Send a Message) http://www.mouldypunk.com | UPDATE : I have appeared in my csv file now :D
But I am still worried about the CHMOD, because with it set with full permissions to all users, can't someone just delete themselves from the list? |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Zhen-Xjell on Sunday, May 23 @ 16:18:35 CEST
(User Info | Send a Message) http://castlecops.com | | The chmod only applies to attribute settings that are set for any local accounts on the server, and not thru php-nuke. |
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Mouldy_punk on Sunday, May 23 @ 16:23:38 CEST
(User Info | Send a Message) http://www.mouldypunk.com | | Oh. Ok. Thanks for all your help. Everything seems to be working fine now. I have un-banned myself. So thanks again. Your help is apriciated |
]
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by echostorm on Sunday, May 23 @ 19:34:33 CEST
(User Info | Send a Message) | I am using Nuke 7.3. Heres my mainfile, could someone please add the fortress stuff for me? then I can edit it with my info? Thank you.
NUKECOPS BY USING '$matches[1]' INSIDE '$loc'.");
}
if (stristr($_SERVER["QUERY_STRING"],'%20union%20')) header("Location: index.php");
$phpver = phpversion();
if ($phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible')) {
if (extension_loaded('zlib')) {
ob_end_clean();
ob_start('ob_gzhandler');
}
} else if ($phpver > '4.0') {
if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if (extension_loaded('zlib')) {
$do_gzip_compress = TRUE;
ob_start();
ob_implicit_flush(0);
//header('Content-Encoding: gzip');
}
}
}
$phpver = explode(".", $phpver);
$phpver = "$phpver[0]$phpver[1]";
if ($phpver >= 41) {
$PHP_SELF = $_SERVER['PHP_SELF'];
}
if (!ini_get("register_globals")) {
import_request_variables('GPC');
}
foreach ($_GET as $secvalue) {
if ((eregi("]script*"?[^>]*>", $secvalue)) ||
(eregi("]*object*"?[^>]*>", $secvalue)) ||
(eregi("]*iframe*"?[^>]*>", $secvalue)) ||
(eregi("]*applet*"?[^>]*>", $secvalue)) ||
(eregi("]*meta*"?[^>]*>", $secvalue)) ||
(eregi("]*style*"?[^>]*>", $secvalue)) ||
(eregi("]*form*"?[^>]*>", $secvalue)) ||
(eregi("([^>]*"?[^)]*)", $secvalue)) ||
(eregi(""", $secvalue))) {
die ("
The html tags you attempted to use are not allowed
[ Go Back ]");
}
}
|
]
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by echostorm on Sunday, May 23 @ 19:46:55 CEST
(User Info | Send a Message) | My post got messed up some how? heres the top part of my mainfile:
NUKECOPS BY USING '$matches[1]' INSIDE '$loc'.");
}
if (stristr($_SERVER["QUERY_STRING"],'%20union%20')) header("Location: index.php");
$phpver = phpversion();
if ($phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible')) {
if (extension_loaded('zlib')) {
ob_end_clean();
ob_start('ob_gzhandler');
}
} else if ($phpver > '4.0') {
if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if (extension_loaded('zlib')) {
$do_gzip_compress = TRUE;
ob_start();
ob_implicit_flush(0);
//header('Content-Encoding: gzip');
}
}
}
$phpver = explode(".", $phpver);
$phpver = "$phpver[0]$phpver[1]";
if ($phpver >= 41) {
$PHP_SELF = $_SERVER['PHP_SELF'];
}
if (!ini_get("register_globals")) {
import_request_variables('GPC');
}
foreach ($_GET as $secvalue) {
if ((eregi("]script*"?[^>]*>", $secvalue)) ||
(eregi("]*object*"?[^>]*>", $secvalue)) ||
(eregi("]*iframe*"?[^>]*>", $secvalue)) ||
(eregi("]*applet*"?[^>]*>", $secvalue)) ||
(eregi("]*meta*"?[^>]*>", $secvalue)) ||
(eregi("]*style*"?[^>]*>", $secvalue)) ||
(eregi("]*form*"?[^>]*>", $secvalue)) ||
(eregi("([^>]*"?[^)]*)", $secvalue)) ||
(eregi(""", $secvalue))) {
die ("
The html tags you attempted to use are not allowed
[ Go Back ]");
}
}
|
]
| | | | |
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by PHPautH on Sunday, May 23 @ 16:44:28 CEST
(User Info | Send a Message) | | EXCELLENT!!! THIS VERSION 1.20!!! CONGRATULATIONS!!!! |
| | | | |
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by echostorm on Sunday, May 23 @ 19:30:04 CEST
(User Info | Send a Message) | I am running Nuke 7.3 and need some help. I am posting the top part of my mainfile here, could someone please add the fortress stuff in it for me? I can then just edit the names, etc? Thank you.
[b]NUKECOPS BY USING '$matches[1]' INSIDE '$loc'.");
}
if (stristr($_SERVER["QUERY_STRING"],'%20union%20')) header("Location: index.php");
$phpver = phpversion();
if ($phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible')) {
if (extension_loaded('zlib')) {
ob_end_clean();
ob_start('ob_gzhandler');
}
} else if ($phpver > '4.0') {
if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if (extension_loaded('zlib')) {
$do_gzip_compress = TRUE;
ob_start();
ob_implicit_flush(0);
//header('Content-Encoding: gzip');
}
}
}
$phpver = explode(".", $phpver);
$phpver = "$phpver[0]$phpver[1]";
if ($phpver >= 41) {
$PHP_SELF = $_SERVER['PHP_SELF'];
}
if (!ini_get("register_globals")) {
import_request_variables('GPC');
}
foreach ($_GET as $secvalue) {
if ((eregi("]script*"?[^>]*>", $secvalue)) ||
(eregi("]*object*"?[^>]*>", $secvalue)) ||
(eregi("]*iframe*"?[^>]*>", $secvalue)) ||
(eregi("]*applet*"?[^>]*>", $secvalue)) ||
(eregi("]*meta*"?[^>]*>", $secvalue)) ||
(eregi("]*style*"?[^>]*>", $secvalue)) ||
(eregi("]*form*"?[^>]*>", $secvalue)) ||
(eregi("([^>]*"?[^)]*)", $secvalue)) ||
(eregi(""", $secvalue))) {
die ("
The html tags you attempted to use are not allowed
[ Go Back ]");
}
}
[/b] |
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Zhen-Xjell on Sunday, May 23 @ 21:13:34 CEST
(User Info | Send a Message) http://castlecops.com | | Hi echostorm, check above I've already supplied it in this article and its also in the php file. If you still have problems let me know. But the %20union%20 hack you quoted above does not filter anything for base64 or even HEX injections. My advise is to switch over completely to Fortress(tm). |
]
| | | | |
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by IACOJ on Sunday, May 23 @ 21:19:18 CEST
(User Info | Send a Message) | Hello everyone.
Please make sure you check the config section of Fortress(TM) there are changes which need to be made by you. If those changes are not made we here at NC get your email alerts rather then you getting them. |
| | | | |
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by BrainSmashR on Tuesday, May 25 @ 18:07:48 CEST
(User Info | Send a Message) http://www.brainsmashr.com | Installed fortress, clicked a link on my homepage and was instantly banned, now I see that my server (on my site all the time for some reason) is now also banned. How do I fix this?
|
Re: Beta Fortress(TM) 1.20 Released (Score: 1)
by Zhen-Xjell on Wednesday, May 26 @ 07:58:27 CEST
(User Info | Send a Message) http://castlecops.com | | Hi, you can edit the CSV file and remove the line that has your IP. What was the link that caused you to be banned? |
]
| | | | | |
