HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


Try to import from Invision : Suspected hacking attempt

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#19425 (In Topic #4507)
Avatar

Community saint

I've a forum recently converted to IPB 1.3Final. When I've installed OCP (2.6.2) I selected that I want to use this forum. I wanted to migrate it to OCF, so I've done the followings:

Admin area -> Import –> selected IPB 1.3.x –> new import session –> set the path to IPB –> selected only the first option –> GO –> "An error has occured  ,  Suspected hacking attempt"  O_o

Here is the security log:

Code

View security alert (06 June, 2006, 02:31 PM)    
Reason
An invalid parameter ('refresh_time' as '') was sent to a script. Perhaps an XSS or SQL injection attack.

Username
ibfadmin

IP address
x.x.x.x
 
POST data
old_base_dir => path_to_my_root/ipb
require__old_base_dir => 1
importer => ipb1
import_ocf_groups => 1

URL
/teszt/admincentre/index.php?page=admin_import&type=import

Environment:

IPB and OCP shares a single database.
IPB path: /ipb/
OCP path: /teszt/

PHP Safe Mode: ON


It's quite annoying, so I hope there is a solution for this problem :)

(Btw I get the same error if I want to merge two OCPs - same version)


Last edit: by Tcat
Back to the top
 
Posted
Rating:
#19427
Avatar

Try changing line 385 of admincentre/pages/modules/admin_import.php from:

Code

      $refresh_time=either_param_integer('refresh_time');
to:

Code

      $refresh_time=either_param_integer('refresh_time',30);


If that doesn't work, try changing it to:

Code

      $refresh_time=30;



I'm not sure why this problem would occur, so this is just a cure of the symptom. Did it happen as soon as you started the actual import, or was it about 15 seconds in, or was it about 30 seconds in?


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#19490
Avatar

Community saint

It happened immediately.

But $refresh_time=either_param_integer('refresh_time',30); + turning off safe mode was a solution. Thanks!  :thumbs:
Back to the top
 
Posted
Rating:
#19599
Avatar

Community saint

To complete this story: recently I realized, that all this happened because of Safe Mode. In Safe Mode you can't set the value of the refresh time: the input filed in the Import section where you can set the value of the refresh rate only appears when Safe Mode is turned off. So there is nothing wrong with the importer, sorry for the false alarm  :$

I know disabling Safe Mode is reccomended with OCP, but I think it'd be a nice little feature to warn the user @ the Import screen if Safe Mode is On and it can cause troubles.
Back to the top
 
There are too many online users to list.
Control functions:

Quick reply   Contract

Your name:
Your message: