HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


"Suspected hacking attempt" when trying to remove the video description

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#69712 (In Topic #14776)
Avatar

Community saint

In "Edit video", I am trying to remove the description. When I save the page I get and error and the following message:
The website software has detected what may be a hacking attempt. Please do not be alarmed, and unless you are really trying to hack the website, nobody will question you. Please do not click refresh though or you could be automatically banned. If you got here via a link, please inform the link maintainer of the problem. (version: 6.1.1, PHP version: 5.2.17, URL: /cms/cms_galleries/__ev/2.htm?redirect=http%3A%3Aslash%3A%3A
slash%3Axxxxx.xxxxxxxx.com%3Aslash%3Agalleries%3Aslash%3Amisc
%3Aslash%3Ajulian_ritter__palette_of_passione_of_passion.htm%
3Fkeep_fatalistic%3D1&uploading=1&keep_fatalistic=1)

Why can I not remove the desciption of the video?

Ver 6.1.1

Thanks-

Bob
Back to the top
 
Posted
Rating:
#69714
Avatar

We will need to know the details of the alerts, which are available under the Admin Zone and also emailed to you.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#69724
Avatar

Community saint

Here you go.

Code

A potential hacking attempt has been detected. Please do not be alarmed: approximately half of the suspected attempts are triggered innocently (the software intentionally has a paranoid security model, to give you very high security). Real hacking attempts are almost always caused by 'bots' (computer programs) that automatically crawl the internet looking for websites which may contain vulnerabilities, and then reporting any found vulnerabilities to their 'master' for future exploitation (usually, to assist in spam relaying). If this was a real hack attempt, it has failed - you might want to try and analyse the logged details (in case it gives clues to a real and persistant offender). More information on security is given in the software documentation.

Reason: Tried to add a downloaded file that points to a script: so they could get the script contents (e.g. passwords)
IP address: x.x.x.x
Member ID: 2
Username: admin
User Agent (typically, the web browser): Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; en-us) AppleWebKit/533.21.1 (KHTML, like Gecko) Version/5.0.5 Safari/533.21.1
Referrer: http://xxxxxx.xxxxxx.com/cms/cms_galleries/_ev/2.htm?keep_fatalistic=1&redirect=http%3A%3Aslash%3A%3Aslash%3Axxxxxx.xxxxxx.com%3Aslash%3Agalleries%3Aslash%3Amisc%3Aslash%3Ajulian_ritter__palette_of_passione_of_passion.htm%3Fkeep_fatalistic%3D1
Operating System: Macintosh; U; Intel Mac OS X 10_6_7; en-us
Date and time: 4:54 AM
URL: /cms/index.php?page=cms_galleries&type=__ev&id=2&&redirect=h
ttp%3A%3Aslash%3A%3Aslash%3Axxxxxx.xxxxxx.com%3Aslash%3Aga
lleries%3Aslash%3Amisc%3Aslash%3Ajulian_ritter__palette_of_pa
ssione_of_passion.htm%3Fkeep_fatalistic%3D1&uploading=1&keep_
fatalistic=1

CODE:
X_FILE_SIZE => 67108864

label_for__cat => Gallery

cat => julian_ritter__palette_of_passione_of_passion

require__cat => 1

label_for__file => Upload

require__file => 0

hidFileID_file => -1

label_for__url =>     URL

url => /uploads/galleries/Julian Ritter - Palette of passion-web.mp4

require__url => 1

label_for__file2 => Thumbnail

require__file2 => 0

hidFileID_file2 => -1

label_for__thumb_url =>     URL

thumb_url => uploads/galleries_thumbs/Julian_Ritter_POP_poster.png

require__thumb_url => 0

comcode__comments => 1

label_for__comments => Description

comments =>

comments_parsed => Julian Ritter was an immensely talented and complex man. <i>Julian Ritter: Palette of Passion</i> explores the complexities of Julian's life and his art. From humble beginnings in pre-WWI Germany to his eventual successes as noted contemporary artist with collectors and patrons, from his early love of the sea to his near-death voyage of the Pacific….all this is examined.<br /><br />Julian Ritter never earned the respect of the art community because he never cared to be anyone but himself - a self-proclaimed bohemian. In retrospect, it is easy to see that Ritter was one of the most underrated painters of the 20th century.<br /><br />Explore the man and art yourself by watching this documentary from 1989.

label_for__video_length => Video length

video_length => 1736

require__video_length => 0

label_for__video_width => Width

video_width => 631

require__video_width => 0

label_for__video_height => Height

video_height => 480

require__video_height => 0

label_for__validated => Validated

validated => 1

tick_on_form__validated => 0

require__validated => 0

label_for__allow_comments => Allow comments

allow_comments => 1

require__allow_comments => 1

label_for__notes => Notes

notes =>

pre_f_notes => 1

require__notes => 0

label_for__meta_keywords => Keywords

meta_keywords =>

require__meta_keywords => 0

label_for__meta_description => Concise description

meta_description => Julian Ritter: Palette of Passion is a short documentary that explores both the man and his art. It covers his life from his early days to his life in Hawaii and considers his art from his early days as a student through his life as a master painter.

require__meta_description => 0

label_for__ => Delete status

delete => 0

require__ => 0

http_referer => http://ritter.jobosales.com/cms/cms_galleries/_ev/2.htm?keep_fatalistic=1&redirect=http%3A%3Aslash%3A%3Aslash%3Aritter.jobosales.com%3Aslash%3Agalleries%3Aslash%3Amisc%3Aslash%3Ajulian_ritter__palette_of_passione_of_passion.htm%3Fkeep_fatalistic%3D1

comments__is_wysiwyg => 1
Back to the top
 
Posted
Rating:
#69726
Avatar

Ok I can explain this. Your video URL has a leading '/'. ocPortal wouldn't put this in. Because it is now a local URL that doesn't now start 'uploads/', ocPortal will actually ensure that the URL is not a script (e.g. something that might be sensitive and ocPortal must never read directly as a file, like info.php) by comparing what it reads from disk to what downloads from there. In this case it failed, maybe due to some anti-leech code in an htaccess, or some other kind of issue stopping the server directly connecting to itself to run the check.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#69733
Avatar

Community saint

Thanks again, Chris. Removed the leading slash and it now works.

Bob
Back to the top
 
There are too many online users to list.
Control functions:

Quick reply   Contract

Your name:
Your message: