Protector System Notes

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

Well I'd like to personally thank mister for providing such a wonderful program that interfaces not just with our ip bans list, but is highly intelligent in creating ban automations.

I know Nuke Cops is an official mirror site for the product, but I'd also like to extend it into the NC 7.0 bundle which includes CVS incorporation.

Lets spread the word on this awesome security system I say -- all with mister's A-OK (mister has my emails on this).

Some bugs I'd like to comment on for the latest downloadable release 1.14.b2:

- By default going into Protector brings up admin.php?op=AdminBan. Nuke Cops has 400 visitors that must be brought up and it can take a more than a handful of seconds to do so. Worse yet, I want to install this at http://computercops.biz which sees 2000 users on at a single time. Talk about a long hang time. Perhaps by default enable it to just a selection: View All, Registered, Anonymous, Etc.

- When under Locate Panel there exists the Notes column. Upon opening it I cannot delete any notes placed there, nor it seems, Edit them.

Wish list:

- Under user information it displays current IP address. I'd like to see a rolling log history for IP address and Proxy IP used. I haven't checked yet, but there are basically four different ways to capture the IP within PHP. I presume you use remote_addr and http_forwarded_for?

- The ability ban (permanent or temporary) users from certain modules or the entire site.

- The ability to send warnings to users while having those warnings logged to their user notes.

Questions, does this system also track potential sql injections?

Keep up the great work!

Corporal Joined: Dec 16, 2003 Posts: 61

Thanks Mister! Very Happy

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

Ok some of my original comments don't apply for the wish list. Specifically this one:

Under user information it displays current IP address. I'd like to see a rolling log history for IP address and Proxy IP used. I haven't checked yet, but there are basically four different ways to capture the IP within PHP. I presume you use remote_addr and http_forwarded_for?

I see you check for three values, very nice. And the logging exists for previous IP addresses under findStuff. Nice!

OK, some bug squashing...

There is a single instance of $dib instead of $dbi in admin/modules/blocker.php. Change it to $dbi.

Under maintence function block, this is there:

list($name) = sql_fetch_array($query_authors);

Switch it to:

list($name) = sql_fetch_array($query_authors, $dbi);

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

Same for the proMod function block, change this:

list($name) = sql_fetch_array($query_authors);

to this:

list($name) = sql_fetch_array($query_authors, $dbi);

Posted: Wed Feb 25, 2004 8:49 pm

Zhen-Xjell wrote:

There is a single instance of $dib instead of $dbi in admin/modules/blocker.php. Change it to $dbi.

I don't know anything about db calls, perhaps they are supposed to be there but I found 5 $dib in that file.

Support Mod Joined: Jun 11, 2003 Posts: 245

Wow thx alot .. im at work atm and can't read my mail yet (will do asap).
Just a fast answer here (need to work Wink

) about the $dbi thing I did all sql_query() befor whit $dbi but im slowly converting them all to use the new one $db-> thats why i can have missed some...

Will send you a better answer later on today .. Very Happy

Posted: Thu Feb 26, 2004 5:20 am

Hello,

I added this program to my website. Yes, indeed I like it alot although there was/is a problem with the automatic ban. It's banning all of my members for some apparent reason. Plus, visitors who never visited my site was getting ban on their first visit. I received numerous of email from users and first time visitors asking why are they banned from the site. Uhm, I was not aware of any banning on my part, then I thought about the Protector that I installed. I had to remove the blocker.php from the header to allow members to gain access. Could this be a bug that's detecting IP addresses similar to those preinstalled from the program?

Support Mod Joined: Jun 11, 2003 Posts: 245

A common misstake is that you have enabled deny Proxy. If you ask the user what kind of "Message" that get frfom my system would make it easyer for me to understand why they ghet banned. So please ask them Very Happy

A bug in my BBB function was that the get denied access if they forget to insert the security number.

Well now im of home so i can work on next release. ALOT of more security checks are done thx to Kipuka who are handling that now and let me focus more on the script itselves Wink

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

Another dib in blocker.php:

while(list($pro_mod_id, $pro_mod) = sql_fetch_array($query_promod, $dib))

list($pro_mod1) = sql_fetch_array($query_promod1, $dib);

more... (as said above)

In securecheck a dbi is missing:

list($banned_ip) = sql_fetch_array($query_banned);

while(list($sid, $old_aid, $informant) = sql_fetch_row($result)) {

Also this:

list($name) = sql_fetch_array($query_authors);

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

I cannot save notes to users either.

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

[quote="MisterWORK"]

A bug in my BBB function was that the get denied access if they forget to insert the security number.
quote]Where is this selectable? Also, the issue with timeouts at http://computercops.biz for AdminBan... there are just way too many sessions to load up in a single shot. I cannot view the list of banned IPs because of it.

Thanks

Support Mod Joined: Jun 11, 2003 Posts: 245

Zhen-Xjell wrote:

I cannot save notes to users either.

Then you might missing any tables. Try to run the ps_checker.php http://site.com/ps_checker.php

BBB can be found on the Ban Ip page

Quote:

There are just way too many sessions to load up in a single shot

It's noticed.. Will look into that

All $dbi is now converted to $db-> (just finished whit that) and any missing things is added. It's a wonder that the function has worked ?? Shocked

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

There is no ps_checker.php. The tables all appear to be there... I can go into the block notes table and see the notes there along with their fields... however, the edit/delete/save doesn't function.

Posted: Thu Feb 26, 2004 3:47 pm

ps_checker.php is in the extra folder in the 1.14.b2 distribution.

Ron....

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

Not in the version I downloaded a couple days ago. Its not in there.