HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


[Solved] v9.0.3 Critical error editing banner

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#93414 (In Topic #18678)
Avatar

Community saint

Editing (or even just clicking the "save" button) the "advertise_here" banner gives me a hack attempt warning…


and this stack trace…

Expand:


Steve
Back to the top
 
Posted
Rating:
#93415
Avatar

What's the security log say about it / hack-attack notification possibly received by email?


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#93416
Avatar

Community saint

This made me laugh…
Reason
Tried to add a downloaded file that points to a script: so they could get the script contents (e.g. passwords)
The admin trying to hack his own site!  :lol:

The only thing I tried to edit was changing the owner from guest to either "sholzy" or "admin". After that I tried just hitting "save" without any edits. All gave the same results in the first post above.

Here's everything I found in the Security Alert screen…

Code

Reason

Tried to add a downloaded file that points to a script: so they could get the script contents (e.g. passwords)

Details

Username   sholzy
IP address   ***.***.***.***
URL    /v901/cms/index.php?page=cms_banners&type=__ed&id=advertise_here&redirect=http%3A%2F%*************.com%2Fv901%2Findex.php%3Fpage%3Dbanners%26type%3Dview%26source%3Dadvertise_here&uploading=1
Referrer    http://***********.com/v901/cms/index.php?page=cms_banners&type=_ed&id=advertise_here&redirect=http%3A%2F%2F************.com%2Fv901%2Findex.php%3Fpage%3Dbanners%26type%3Dview%26source%3Dadvertise_here
User Agent (typically, the web browser)   Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Operating System   X11; Linux x86_64
POST data

Any web request can be classified as either a 'GET' request or a 'POST' request. 'GET' requests are carried out purely via a URL, whilst 'POST' requests include additional data. The following data was posted when the security alert was raised...

MAX_FILE_SIZE=>134217728

label_for__name=>Codename

name=>advertise_here

require__name=>1

label_for__site_url=>Destination URL

site_url=>http://*************.com/v901/site/index.php?page=advertise

require__site_url=>0

label_for__b_type=>Banner type

b_type=>

require__b_type=>0

label_for__submitter=>Owner

submitter=>Guest

require__submitter=>1

label_for__notes=>Notes

notes=>Provided as default. This is a default banner (it shows when others are not available).

pre_f_notes=>1

require__notes=>0

label_for__validated=>Validated

validated=>1

tick_on_form__validated=>0

require__validated=>0

label_for__file=>Upload

require__file=>0

hidFileID_file=>-1

media=>on

image_url=>data/images/advertise_here.png

label_for__image_url=>Image URL

require__image_url=>0

comcode__title_text=>1

label_for__title_text=>Title text / trigger text

require__title_text=>0

pre_f_direct_code=>1

label_for__direct_code=>Direct code

require__direct_code=>0

label_for__caption=>Description

comcode__caption=>1

caption=>Advertise here!

require__caption=>0

the_type=>0

label_for__campaignremaining=>Courtesy hits

require__campaignremaining=>0

label_for__importancemodulus=>Importance modulus

importancemodulus=>10

require__importancemodulus=>1

expiry_date_day=>

expiry_date_month=>

expiry_date_year=>

expiry_date_hour=>

expiry_date_minute=>

require__expiry_date=>0

label_for__delete=>Delete

tick_on_form__delete=>0

require__delete=>0

http_referer=>http://*************.com/v901/cms/index.php?page=cms_banners&type=_ed&id=advertise_here&redirect=http%3A%2F%************.com%2Fv901%2Findex.php%3Fpage%3Dbanners%26type%3Dview%26source%3Dadvertise_here

Steve
Back to the top
 
Posted
Rating:
#93417
Avatar

Community saint

No email notification. I usually get hack attack emails.

Steve
Back to the top
 
Posted
Rating:
#93472
Avatar

Seems I can reproduce this on my machine (didn't think I'd be able to so easily). Looking into it closely now.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#93473
Avatar

Got it. It happens sporadically, at least one my machine. The fix is in sources/files2.php. This line of code should actually be removed!

Code

$input_len+=max(0,strlen($old_line)-$tally);


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#93548
Avatar

Community saint

Thanks, Chris! It seems to be fixed now, but if it happens again I'll revisit this thread.

Steve
Back to the top
 
There are too many online users to list.
Control functions:

Quick reply   Contract

Your name:
Your message: