You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 370 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Beta Fortress(TM) 1.20 Released
SecurityYou've asked for it, so here it is. It will be the masthead for a new generation of security tools to safeguard your websites. All instructions and donation credits are already included within the application. Future versions will rely on your support thru donations. This release protects your sites against all forms of HTTP GET injections:

  • bad html tags
  • union injections
  • C comment codes

    Fortress(tm) filters them thru plaintext, base64, and even HEX.
  • Posted on Sunday, May 23 @ 10:45:39 CEST by Zhen-Xjell
     
    Related Links
    · Computer Cops
    · More about Security
    · News by Zhen-Xjell


    Most read story about Security:
    PHP-Nuke admin.php security hole - PATCHED

    Article Rating
    Average Score: 3.22
    Votes: 9


    Please take a second and vote for this article:

    Excellent
    Very Good
    Good
    Regular
    Bad


    Options

     Printer Friendly Page  Printer Friendly Page

     Send to a Friend  Send to a Friend

    Threshold
    The comments are owned by the poster. We aren't responsible for their content.

    No Comments Allowed for Anonymous, please register

    Re: Beta Fortress(TM) 1.20 Released (Score: 1)
    by valkster on Sunday, May 23 @ 11:19:37 CEST
    (User Info | Send a Message) http://zamboozle.com
    Pasting current code to mainfile.php gets me this . .

    Parse error: parse error in /home/............./public_html/1/mainfile.php on line 1241

    Fatal error: Call to a member function on a non-object in /home/.............../public_html/1/index.php on line 18

    Things look good. I created the fortress.htm and csv files manually.



    Re: Beta Fortress(TM) 1.20 Released (Score: 1)
    by Tank863 on Sunday, May 23 @ 11:28:49 CEST
    (User Info | Send a Message) http://tankweb.net
    I also when cutting and pasting to the mainfile received the exact same errors.




    Re: Beta Fortress(TM) 1.20 Released (Score: 1)
    by genoxide on Sunday, May 23 @ 11:36:24 CEST
    (User Info | Send a Message) http://www.projectxero.org
    im getting those errors Warning: Variable passed to each() is not an array or object in /home/xerogen/public_html/fortress.php on line 42



    Re: Beta Fortress(TM) 1.20 Released (Score: 1)
    by Zhen-Xjell on Sunday, May 23 @ 11:42:52 CEST
    (User Info | Send a Message) http://castlecops.com
    Hi folks, please do not copy/paste the new mainfile.php code as each version is going to be different I didn't include it for that purpose. You'll have to manually modify your mainfile.php to be similar to the one I have in fortress.php. Specifically, you are looking for where the "Add new lines" are supposed to go. Within fortress.php, the UTC Final code resembles what the NC mainfile.php looks like. You can copy/paste your mainfile.php if you need our special attention.
    Just paste the top part, not mainfile in its entirety.



    Re: Beta Fortress(TM) 1.20 Released (Score: 1)
    by nuke-lux on Sunday, May 23 @ 13:03:39 CEST
    (User Info | Send a Message) http://www.nukecommunity.com
    I use patched php-nuke 7.3 by chatserv and i had no problems to install the fortress file, but then i wanted to test it so i visited security focus to get the latest bug and i found this one: http://www.securityfocus.com/bid/10365 but when i tried it, it worked, so is this a bug fortress doesn't cover or did i do something wrong when i installed fortress?

    I also tried this code http://www.nukecommunity.com/modules.php?name=Downloads&d_op=viewsdownload&sid=-1/**/UNION/**/SELECT/**/0,0,aid,pwd,0,0,0,0,0,0,0,0/**/FROM/**/nuke_authors/**/WHERE/**/radminsuper=1/**/LIMIT/**/1/* , but nothing happened, i got not banned i only had to go back to index.php ...?



    Re: Beta Fortress(TM) 1.20 Released (Score: 1)
    by speedx on Sunday, May 23 @ 14:33:41 CEST
    (User Info | Send a Message)
    Seems it is all working, can login as admin but if I try to login as a user I get this error

    "Sorry, such file doesn't exist..."



    Re: Beta Fortress(TM) 1.20 Released (Score: 1)
    by nix on Sunday, May 23 @ 15:17:40 CEST
    (User Info | Send a Message)
    Can someone help me with the changes to mainfile.php

    Here is my mainfile.php It seems diffrent then the example in the fortress.php I am using nuke 7.0

    ************************************************************************/
    /* PHP-NUKE: Advanced Content Management System */
    /* ============================================ */
    /* */
    /* Copyright (c) 2002 by Francisco Burzi */
    /* http://phpnuke.org */
    /* */
    /* This program is free software. You can redistribute it and/or modify */
    /* it under the terms of the GNU General Public License as published by */
    /* the Free Software Foundation; either version 2 of the License. */
    /************************************************************************/

    $phpver = phpversion();
    if ($phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible')) {
    if (extension_loaded('zlib')) {
    ob_end_clean();
    ob_start('ob_gzhandler');
    }
    } else if ($phpver > '4.0') {
    if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
    if (extension_loaded('zlib')) {
    $do_gzip_compress = TRUE;
    ob_start();
    ob_implicit_flush(0);
    //header('Content-Encoding: gzip');
    }
    }
    }

    $phpver = explode(".", $phpver);
    $phpver = "$phpver[0]$phpver[1]";
    if ($phpver >= 41) {
    $PHP_SELF = $_SERVER['PHP_SELF'];
    }

    if (!ini_get("register_globals")) {
    import_request_variables('GPC');
    }

    foreach ($_GET as $secvalue) {
    if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
    (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
    (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
    (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
    (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
    (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
    (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
    (eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
    (eregi("\"", $secvalue))) {
    # die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
    }
    }

    foreach ($_POST as $secvalue) {
    if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*style*\"?[^>]*>", $secvalue))) {
    die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
    }
    }

    if (eregi("mainfile.php",$PHP_SELF)) {
    Header("Location: index.php");
    die();
    }

    if ($forum_admin == 1) {
    require_once("../../../config.php");
    require_once("../../../db/db.php");
    } elseif ($inside_mod == 1) {
    require_once("../../config.php");
    require_once("../../db/db.php");
    } else {
    require_once("config.php");
    require_once("db/db.php");
    /* FOLL

    Read the rest of this comment...



    Re: Beta Fortress(TM) 1.20 Released (Score: 1)
    by Mouldy_punk on Sunday, May 23 @ 15:36:12 CEST
    (User Info | Send a Message) http://www.mouldypunk.com
    I have installed it and I havn't recieved any errors, which was nice. But I don't have a fortress.csv file or a fortress.htm file. Where do they come from?



    Re: Beta Fortress(TM) 1.20 Released (Score: 1)
    by PHPautH on Sunday, May 23 @ 16:44:28 CEST
    (User Info | Send a Message)
    EXCELLENT!!! THIS VERSION 1.20!!! CONGRATULATIONS!!!!



    Re: Beta Fortress(TM) 1.20 Released (Score: 1)
    by echostorm on Sunday, May 23 @ 19:30:04 CEST
    (User Info | Send a Message)
    I am running Nuke 7.3 and need some help. I am posting the top part of my mainfile here, could someone please add the fortress stuff in it for me? I can then just edit the names, etc? Thank you.

    [b]NUKECOPS BY USING '$matches[1]' INSIDE '$loc'.");
    }
    if (stristr($_SERVER["QUERY_STRING"],'%20union%20')) header("Location: index.php");
    $phpver = phpversion();
    if ($phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible')) {
    if (extension_loaded('zlib')) {
    ob_end_clean();
    ob_start('ob_gzhandler');
    }
    } else if ($phpver > '4.0') {
    if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
    if (extension_loaded('zlib')) {
    $do_gzip_compress = TRUE;
    ob_start();
    ob_implicit_flush(0);
    //header('Content-Encoding: gzip');
    }
    }
    }

    $phpver = explode(".", $phpver);
    $phpver = "$phpver[0]$phpver[1]";
    if ($phpver >= 41) {
    $PHP_SELF = $_SERVER['PHP_SELF'];
    }

    if (!ini_get("register_globals")) {
    import_request_variables('GPC');
    }

    foreach ($_GET as $secvalue) {
    if ((eregi("]script*"?[^>]*>", $secvalue)) ||
    (eregi("]*object*"?[^>]*>", $secvalue)) ||
    (eregi("]*iframe*"?[^>]*>", $secvalue)) ||
    (eregi("]*applet*"?[^>]*>", $secvalue)) ||
    (eregi("]*meta*"?[^>]*>", $secvalue)) ||
    (eregi("]*style*"?[^>]*>", $secvalue)) ||
    (eregi("]*form*"?[^>]*>", $secvalue)) ||
    (eregi("([^>]*"?[^)]*)", $secvalue)) ||
    (eregi(""", $secvalue))) {
    die ("

    The html tags you attempted to use are not allowed

    [ Go Back ]");
    }
    }

    [/b]



    Re: Beta Fortress(TM) 1.20 Released (Score: 1)
    by IACOJ on Sunday, May 23 @ 21:19:18 CEST
    (User Info | Send a Message)
    Hello everyone.

    Please make sure you check the config section of Fortress(TM) there are changes which need to be made by you. If those changes are not made we here at NC get your email alerts rather then you getting them.



    Re: Beta Fortress(TM) 1.20 Released (Score: 1)
    by BrainSmashR on Tuesday, May 25 @ 18:07:48 CEST
    (User Info | Send a Message) http://www.brainsmashr.com
    Installed fortress, clicked a link on my homepage and was instantly banned, now I see that my server (on my site all the time for some reason) is now also banned. How do I fix this?


    Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
    Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
    Page Generation: 0.059 Seconds - 302 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
    :: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::