protection
French 
CrawlTrack, webmaster dashboard.
Web analytic, SEO and protection

CrawlProtect, your website safety.
Reinforced protection

Two php/MySQL scripts, free and easy to install
The tools you need to manage and keep control of your site.





diable

CrawlTrack and CrawlProtect support forum

You are not logged in.


#1 02-03-2011 01:44:57

rick
Nouveau membre
Registered: 01-03-2011
Posts: 3

Shell hacking attempt

Hi,
I just installed CrawlProtect 2.0.0 a few days ago, and it immediately started intercepting hacking attempts :-).  However, it is also intercepting certain admin functions like editing a portal head block or splitting SMF topics as the shell hacking attempt.  One of the functions is:

forum/index.php?action=splittopics;sa=execute;topic

Is there an easy fix?  I'd not like to comment out the shell section, but as it is I can't perform several important admin functions.
Thanks for any advice you can give

Offline

 

#2 02-03-2011 08:35:45

Jidébé
Administrateur
Registered: 30-10-2005
Posts: 2928

Re: Shell hacking attempt

Hi,

In the createhtaccess.php file (content folder) at the replace the line 581 with this one:

Code:

    $crawlprotect.="RewriteCond %{QUERY_STRING} ^(.*)(wget|shell_exec|passthru|system|popen|proc_open)(.*)$\n";

Once it's done, recreate your httaccess file.

Jean-Denis


CrawlTrack & CrawlProtect developer

Offline

 

#3 02-03-2011 17:23:36

rick
Nouveau membre
Registered: 01-03-2011
Posts: 3

Re: Shell hacking attempt

Thank you for your quick reply :-),

Just to be sure I don't do the wrong line, here are a few lines in the original createhtaccess.php file:

580    $crawlprotect.="RewriteCond %{QUERY_STRING} ^(.*)(wget|shell_exec|passthru|system|exec|popen|proc_open)(.*)$\n";
581    if($yourip==1)
582        {
583        $crawlprotect.="#Avoid any blocage for yourself (for admin access)\n";

Although you instructed to replace line 581, I replaced 580 because that looked the closest to your change - did I do wrong? 

Then when I recreated the .htaccess file, and then I tried to change the head block, the error was still present:

Shell type hacking attempt:

/index.php?action=admin;area=pmx_blocks;sa=head;c6eb249f3ec=15fea639556faaeb32454a4
  93d8e5182

Sorry if I am not understanding, but thank you for replying

Offline

 

#4 02-03-2011 19:37:02

Jidébé
Administrateur
Registered: 30-10-2005
Posts: 2928

Re: Shell hacking attempt

Hi,

You have done the right thing (sometime raw number can be different from one text editor to an other).

I need to have a deeper look for your second issue but as I'm travelling now, I will have limited time in the coming days.

Jean-Denis


CrawlTrack & CrawlProtect developer

Offline

 

Board footer

Powered by PunBB
© Copyright 2002–2008 PunBB