HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


bug report

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#80674 (In Topic #16365)
Avatar

Community saint

I don't know if this really matters what with v8 coming along soon but I got so freaked out by trying to search in the themes templates, my site told me I was trying to hack my own site and I could end up getting banned!?!

How freaked out do you suppose I got when all I was doing was searching the templates to find the members info block in the forum posts!

I tried to do a search for the following:

Code

<col style="


Rather than getting a search result list I got this in my face:
A potential hacking attempt has been detected. Please do not be alarmed: approximately half of the suspected attempts are triggered innocently (the software intentionally has a paranoid security model, to give you very high security). Real hacking attempts are almost always caused by 'bots' (computer programs) that automatically crawl the internet looking for websites which may contain vulnerabilities, and then reporting any found vulnerabilities to their 'master' for future exploitation (usually, to assist in spam relaying). If this was a real hack attempt, it has failed - you might want to try and analyse the logged details (in case it gives clues to a real and persistent offender). More information on security is given in the software documentation.


Then I got this in an email:
A potential hacking attempt has been detected. Please do not be alarmed: approximately half of the suspected attempts are triggered innocently (the software intentionally has a paranoid security model, to give you very high security). Real hacking attempts are almost always caused by 'bots' (computer programs) that automatically crawl the internet looking for websites which may contain vulnerabilities, and then reporting any found vulnerabilities to their 'master' for future exploitation (usually, to assist in spam relaying). If this was a real hack attempt, it has failed - you might want to try and analyse the logged details (in case it gives clues to a real and persistent offender). More information on security is given in the software documentation.

Reason: A suspicious GET parameter was given (search as <col style=")
IP address: ###########
Member ID: 2
Username: Petrikuhr
User Agent (typically, the web browser): Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
Referrer: http://www.rockbabe.org/adminzone/index.php?page=admin_themes&type=edit_templates&theme=Rock_Babe&keep_fatalistic=1
Operating System: Windows NT 6.1; WOW64; rv:10.0.2
Date and time: 8:35 AM
URL: /adminzone/index.php?page=admin_themes&type=_edit_templates&
theme=Rock_Babe&keep_fatalistic=1&search=%3Ccol+style%3D%22



If you believe this suspected hack attempt is neither correct nor benign, but rather actually represents a substantial stability problem in the website software, read the information below. Otherwise, do not read on.

Below is a stack trace revealing the state the software was in when the error occurred. If this represents a bug in the unmodified software, you may want to check ocPortal website for a fix, and if there isn't one, report this as a bug. Please note that merely posting a stack trace is not sufficient for us to solve your problem; the stack trace is just an aid that presents us with additional information. We still need to know the error message, what you tried to do, how you tried to do it, version numbers, and any other appropriate information.
We apologise for this problem and if it's a bug we hope you will work with us so that we can fix it for you promptly.

File '/home/rockbabe/public_html/sources/failure.php' Line '431' Function 'get_html_trace' Args
File '/home/rockbabe/public_html/sources/global2.php' Line '982' Function '_log_hack_attack_and_exit' Args
'DODGY_GET_HACK'

'search'

'<col style="'


File '/home/rockbabe/public_html/sources/global2.php' Line '1,382' Function 'log_hack_attack_and_exit' Args
'DODGY_GET_HACK'

'search'

'<col style="'


File '/home/rockbabe/public_html/adminzone/pages/modules/admin_themes.php' Line '1,128' Function 'get_param' Args
'search'

''


File '/home/rockbabe/public_html/adminzone/pages/modules/admin_themes.php' Line '217' Function '_edit_templates' Class 'Module_admin_themes' Object Module_admin_themes::__set_state(array()) Type '->' Args
File '/home/rockbabe/public_html/sources/zones.php' Line '386' Function 'run' Class 'Module_admin_themes' Object Module_admin_themes::__set_state(array()) Type '->' Args
File '/home/rockbabe/public_html/sources/site.php' Line '970' Function 'load_module_page' Args
'adminzone/pages/modules/admin_themes.php'

'admin_themes'


File '/home/rockbabe/public_html/sources/site.php' Line '753' Function 'request_page' Args
'admin_themes'

true


File '/home/rockbabe/public_html/adminzone/index.php' Line '51' Function 'do_site' Args



I don't mind telling you I was seriously freaked out by this, it's a great protective feature granted but DAMN, it shook me up!

Metal IS Forever & We WILL Rock You 'til You Choke! Rock Babe
Back to the top
 
Posted
Rating:
#80677
Avatar

Community saint

This warning message can be safely ignored.

This was most likely triggered because you used "<" in your search.

The email is just a follow-up to inform the admin of a potential security threat. As you were the one performing the search you know it can be safely ignored.

I have received many such warning and ignored them all because I was the instigator.

Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#80681
Avatar

Whoops, that's a bug. We air on the side of caution with ocPortal, but occasionally we slip up and forget to define exceptions to the automated checking.

@temp1024 If this happens it's definitely a bug unless you're really doing some PHP coding and write the code wrong, so please do report.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#80682
Avatar

Btw…

Rock_Babe

 :rockon:


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#80685
Avatar

Community saint

Chris Graham said

Btw…

Rock_Babe

 :rockon:

Hee-hee, I was going to go with Metal Queen but my best mate said she wanted to be Metal Queen as a Rank so i went with Rock Babe instead, I still love it and I think it's still pretty catchy.

I'll expect to see you over there when it's open then Chris, there's no way you don't listent o a bit of Metal, there's definitely some 'rebel' rushing around in your veins!

Metal IS Forever & We WILL Rock You 'til You Choke!

Metal IS Forever & We WILL Rock You 'til You Choke! Rock Babe
Back to the top
 
Posted
Rating:
#80686
Avatar

lol. It depends how you define metal I suppose. I am very slowly learning electric guitar, many things sound better with distortion on. Does that mean I like metal ;)? I'm not a big fan of screaming vocals, I prefer stuff a bit more melodic :lol:.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#80687
Avatar

Community saint

Chris Graham said

Whoops, that's a bug.
Ah, OK Chris.

Sorry for leading you up the garden path on this one @Petrikuhr.

Chris Graham said

We air on the side of caution with ocPortal, but occasionally we slip up and forget to define exceptions to the automated checking.
In this case I assumed it was just HTML injection protection because of the "<".
@temp1024 If this happens it's definitely a bug unless you're really doing some PHP coding and write the code wrong, so please do report.
While I think I did get it on php coding a couple of times, I mostly get it when using the OcCLE (I think typically when I use echo instead of :echo).

(P.S. I just tried using OcCLE for the first time in months and am getting a a 'console' is undefined error when I type a command and press enter.)

Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#80688
Avatar

In this case I assumed it was just HTML injection protection because of the "<".

It was, but the check should not be applied for when you manually type something. That's the main exception really, as most GET parameters are auto-generated.

While I think I did get it on php coding a couple of times, I mostly get it when using the OcCLE (I think typically when I use echo instead of :echo).

(P.S. I just tried using OcCLE for the first time in months and am getting a a 'console' is undefined error when I type a command and press enter.)

I'm sure this all must be fixed in v8 (I just checked the console thing and couldn't find any unguarded references in the code).


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#80689
Avatar

Community saint

Chris Graham said

lol. It depends how you define metal I suppose. I am very slowly learning electric guitar, many things sound better with distortion on. Does that mean I like metal ;)? I'm not a big fan of screaming vocals, I prefer stuff a bit more melodic :lol:.

No worries there Chris, Rock Babe is for Hard Rock / Heavy metal, that's everything from Cream to Cradle Of Filth. ;)

Metal IS Forever & We WILL Rock You 'til You Choke! Rock Babe
Back to the top
 
Posted
Rating:
#80694
Avatar

Chris Graham said

I am very slowly learning electric guitar, many things sound better with distortion on.
You haven't lived until you've heard Chris' recreations of popular TV theme-tunes. :cool:


Like ocPortal on Facebook:
Back to the top
 
Posted
Rating:
#80695
Avatar

 :lol:

I can play a few proper songs now ;).


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#80700
Avatar

Community saint

Chris Graham said

 :lol:

I can play a few proper songs now ;).

Can you play the tune for the Robert Powell 'Jesus of nazareth' movie?

Oh I love that theme tune, did you ever watch it, the very end scene with the camera getting closer to Roberts eyes, oh my god I nearly wet my knickers the first time I saw that bit, he is so gorgeous. :)

Metal IS Forever & We WILL Rock You 'til You Choke! Rock Babe
Back to the top
 
Posted
Rating:
#80704
Avatar

O_o


Like ocPortal on Facebook:
Back to the top
 
Posted
Rating:
#80705
Avatar

Afraid not. I had a quite look and couldn't find any tabs/chords for it, if I could I'd try for the heck of it. But I wouldn't have shared the result because I'm rubbish ;).


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#80725
Avatar

Community saint

If you can learn by ear you can hear it here: Jesus Of Nazareth - 1977 Theme Song

Metal IS Forever & We WILL Rock You 'til You Choke! Rock Babe
Back to the top
 
There are too many online users to list.
Control functions:

Quick reply   Contract

Your name:
Your message: