A dumb question....

Corporal Joined: May 15, 2004 Posts: 64

Umm.,...Its just one file!?

Captain Joined: Feb 21, 2004 Posts: 421

Yes.

Corporal Joined: May 15, 2004 Posts: 64

Ok, does it have some sortof interface? How do I know its working? i type
http://vercettihq.gta-nation.com/fortress.php and it goes to index.php

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

Fortress.php is not allowed to be called directly. You can see how it works here:

http://nukecops.com/fortress.htm
http://nukecops.com/fortress.csv

Read the fortress.php for instructions (including the end of the file).

Corporal Joined: May 15, 2004 Posts: 64

ok great thanks!

EDIT: Where/how do I access the .htm and csv files?

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

They should get created by the web server, if not, you can manually create them... read the end of the fortress.php file.

Corporal Joined: May 15, 2004 Posts: 64

It only had PHP code no real instructions....

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

Really? Is has this inside:

Quote:

SUPPORT
If Fortress(TM) is unable to create fortress.csv and fortress.htm then simply create them yourself
using the text below and ensure your web server can append (write) information to them.

Just copy/paste the ode below into their respective filesnames.

Corporal Joined: May 15, 2004 Posts: 64

Oops! I didnt see that lol...I'll look in the script again
nope....heres the whole code:

Code:

<?php
/* Fortress Beta 1.01 by Nuke Cops, Zhen-Xjell
http://nukecops.com - Computer Cops, LLC
Copyright 2004, All Rights Reserved

License: You may not modify or distribute any parts of the Fortress code without
obtaining written authorsization from the Copyright holder. Doing so is considered
a breach of Copyright. Receiving written authorsization requires that the Copright
and Credits remains in tact.

Platform:
Fortress is written to be called by any PHP developed website. For troubleshooting
or installation helps, visit the Copryight holder's website: http://nukecops.com.

Description:
Fortress is a unique application that provides a multi-faceted approach to security
and alert notifications. Fortress is a live work in progress and will be updated
when milestones are met, and if any patches are released.

Example Use:
Fortress when used with Union Tap Code (UTC) also from Nuke Cops will email alerts
if attacks are spotted to the site webmaster.

Installation:
Save fortress.php in your PHP-Nuke root folder. This is generally where "config.php"
is located.

Configuration:
Go down to the configuration section of Fortress, after this comment section and
modify the variables: $sitename, $to, $subject, $realname, and $domain.

Usage:
Use signifies agreement to the Acceptable Use Policy at Nuke Cops.

Operation:
Phase 1
When Fortress is triggered, a silent email is activated. The suspect is unaware
they are being tracked.

Credits:
The original proof of concept and work in this technology was founded by Allevon,
an Elite Nuker at Nuke Cops and owner of http://allevontech.com. The email alert
proof of concept was inspired by Mister, a loyal Nuke Cops member and owner of
http://protector.warcenter.se. Testing was done by dsnail2000, IACOJ, Sting, and
Zhen-Xjell.

History:
Fortress is the first in its class that doesn't interface with PHP-Nuke. Fortress
protects itself on sites using REGISTER_GLOBALS, and it takes on a truly intelligent
operation where users do not know of its existence. Silent operation ensures all
suspects continue leaving more proof and evidence that they are being malicious.
This information arms you in whatever path you take for action.

Union Tap Code:
The following code is called Union Tap Code. It is not part of the Fortress code,
but it is quoted here for easy access. To install it and call Fortress, open
mainfile.php and after the first line: "<?php" install the following code:

[----CUT----]
// Union Tap Code (UTC) - Fortress Integrated
// Copyright Zhen-Xjell 2004 http://nukecops.com
// Beta 4b Code to prevent UNION SQL Injections
// GNU GPL License 2

// The following catches C-like comment code within all SQL Injections, not just Union.
// White paper available here: http://www.securiteam.com/securityreviews/5FP0O0KCKM.html
// Also caught are plaintext and base64 version of the Union SQL Injection code.
define('ZERO', true);
include('fortress.php');
if (strstr($loc,"*")) {
   $method = "CLIKE";
   AlertMail($method);
}
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", $loc, $matches)) {
   $method = "UNION";
   AlertMail($method);
}
ReleaseVars();
[----CUT----]
            .end. */

/* Start Configuration Section */

// You Must Configure This Section
$sitename = "Nuke Cops"; // Enter your website name here.
$domain = "http://nukecops.com"; // Enter your full website URL here. Include "http://". Do not include a trailing "/".
$to = "zx@nukecops.com"; // Enter the email address Alerts should be sent to.
$realname = "Zhen-Xjell"; // Enter the full name such that email Alerts may be properly titled.
$subject = "Fortress Alarm @ $sitename"; // You may change the Subject here (optional).
/* End Configuration Section */

/* Do Not Edit Settings Below */

$ver = "Beta 1.01"; // Internal variable for Fortress version.

if (defined('ZERO')) {

// Protecting against possible Register_Global attacks
unset($matches);
unset($rawloc);
unset($loc);
unset($addr);
unset($refer);
unset($agents);
unset($method);
unset($cookies);
unset($authors);
unset($uri);
unset($rawuri);
unset($port);
unset($host);

$server=$_SERVER["SERVER_NAME"];
$rawloc=$_SERVER["QUERY_STRING"];
$loc=rawurldecode($_SERVER["QUERY_STRING"]);
$addr=$_SERVER["REMOTE_ADDR"];
$refer=$_SERVER["HTTP_REFERER"];
$agents=$_SERVER["HTTP_USER_AGENT"];
$cookiess=explode(":", base64_decode($_COOKIE["user"]));
$authorss=explode(":", base64_decode($_COOKIE["admin"]));
$rawuri=$_SERVER["REQUEST_URI"];
$uri=rawurldecode($_SERVER["REQUEST_URI"]);
$port=$_SERVER["REMOTE_PORT"];
$host=$_SERVER["REMOTE_HOST"];

} else { Header("Location: index.php"); }

function AlertMail($method) {

global $server, $rawloc, $loc, $addr, $refer, $agents, $sitename, $domain, $to, $realname, $ver, $matches, $method, $subject, $cookies, $authors, $uri, $rawuri, $port, $host;

if ($method == "CLIKE") { $matches[1] = "A C-Like Comment Code Entry"; }
$body = "Fortress Alarm!\r\n"
."---------------\r\n"
."\r\n"
."An attack on $server has triggered Fortress to send a high-priority email to you."
." Other methods may be included in this attack, but it only takes one to trigger an Alert."
." It is that trigger which is reported below:\r\n\r\n"
."Timestamp: " . date("l dS of F Y h:i:s A") ."\r\n"
."Attack: $matches[1]\r\n"
."Query: $loc\r\n"
."Raw Query: $rawloc\r\n"
."Method: $domain" . "$uri\r\n"
."Raw Method: $domain" . "$rawuri\r\n"
."Suspect Host: $host\r\n"
."Suspect IP: $addr\r\n"
."Remote Port: $port\r\n"
."Suspect Agents: $agents\r\n"
."User Cookie: $cookies[1]\r\n"
."Admin Cookie: $authors[0]\r\n"
."Referred: $refer\r\n"
."\r\n\r\n"
."---\r\n"
."Fortress $ver\r\n"
."Brought to you exclusively by http://nukecops.com. Keep it secure!\r\n";
$to = $realname . " <$to>";
$headers = "From: Fortress\r\n"
."Priority: urgent\r\n"
."Importance: High\r\n"
."Precedence: special-delivery\r\n"
."Organization: $sitename\r\n"
."MIME-Version: 1.0\r\n"
."Content-Type: text/plain\r\n"
."Content-Transfer-Encoding: 8bit\r\n"
."X-Priority: 1\r\n"
."X-MSMail-Priority: High\r\n"
."X-Mailer: PHP/" . phpversion() ."\r\n"
."X-Fortress: $ver by http://nukecops.com\r\n";
mail($to, $subject, $body, $headers);
Header("Location: index.php");

}

function ReleaseVars() {

unset($matches);
unset($rawloc);
unset($loc);
unset($addr);
unset($refer);
unset($agents);
unset($method);
unset($cookies);
unset($authors);
unset($uri);
unset($rawuri);
unset($port);
unset($host);
unset($subject);
unset($sitename);
unset($domain);
unset($to);
unset($realname);

}

?>

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

You are using beta 1.01. Please grab 1.20 beta.

Corporal Joined: May 15, 2004 Posts: 64

Ok can you send me a link?

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

Its right in the My_Downloads page.

Posted: Fri Nov 05, 2004 10:18 pm

I installed the fortress.htm and the fortress.csv files myself. The htm works so I think but I was wounder if the csv file will auto update as time goes bye.

So far this is all I see http://www.extremerigs.com/main/fortress.csv
And I see http://www.extremerigs.com/main/fortress.htm

I think I did everything I should have.

How will I know if Fortress is really working or if I missed something?

Thanks guys, you all do a great job by the way!

Nuke Cadet Joined: May 23, 2004 Posts: 4

Has Zhen-Xjell, Fortress, and fortress.cc gone to the wayside? Whats the deal?

Site Admin Joined: Aug 17, 2003 Posts: 12346

Yes, ZX has left and Fortress is no longer being developed.