Home arrow Forum Latest posts of: Peter
  Welcome, Guest. Please login or register.
Did you miss your activation email?
January 09, 2009, 01:26:37 AM
Home New Posts Search Calendar


Login with username, password and session length
  Show Posts
Pages: 1 [2]
16  Joomla Hacks / Joomla-SMF 2.0.x / Re: CB-SMF Plugins for JSMF 2.0 on: October 04, 2006, 06:53:07 PM
Thank you for the detailed reply Brat...Its appreciated.

A signature plugin would be an awesome addition for me, so if you were to do this I would be sure to use it on several sites, hopefully it can be a requested feature by others!

My error on Point 2.  I didn't read the documentation properly, my apologies.

The last isn't a big issue for me, I don't mind removing the subscription part altogether if that is possible.  Is this something that could easily be accomplished?  Having the ability for users to just have their "Post" history is good enough!
17  Joomla Hacks / Joomla-SMF 2.0.x / Re: CB-SMF Plugins for JSMF 2.0 on: September 28, 2006, 08:14:51 PM
Hello,

Thanks for the these plugins - It makes the profiles so much more relevant to the forum!

A few questions:

1)  Is there anyway to allow users to simply modify their signatures and nothing more?  I realise when you publish the SMF profile plugin it allows them to go into the complete SMF profile and change things (email, password etc, layout settings etc etc)...I'd really not like that to happen and just offer users the ability to change their signatures.

Ideally have the signature box appear on their CB profile settings (like Joomlaboard did)

2)  On the "User Posts" plugin, where it allows you to click a link below the thread title of the users thread to see the posts, its titled:

"UE_SHOW_HIDE_TEXT"

Also on this User Posts page, it shows the public the threads the users have subscribed to etc.  This should be personal info in my eyes and not for public consumption...Is there anyway to make it so it only appears on the owners profile visible to them only when they login?

I can appreciate there are a few bugs with this (I am also getting the "This profile no longer exists" problem) that are being tackled
I'd appreciate some help with this!

Thanks,

Pete
18  Joomla Hacks / Joomla-SMF 2.0.x / Re: Mod_Security and JSMF - Triggering 404 Error on: September 27, 2006, 09:03:44 PM
Thanks for posting Wolverine.  I'll leave part of it with you then for the time being see if you can see anything, I'll also contact SMF to see what they have to say.

Thanks again,

Pete
19  Joomla Hacks / Joomla-SMF 2.0.x / Re: Mod_Security and JSMF - Triggering 404 Error on: September 27, 2006, 02:58:30 PM
Thinking this might be related to the following rule:

# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"

I commented it out to check - I haven't been able to produce the problem since (though it was random before so unsure if its cured it)...However, a different problem seems to have popped up.

If the user has navigated away from the site and returned and their "ghost" user is still logged in and they login again, its giving the following error:

An Error Has Occurred!
You were unable to login. Please check your cookie settings.

If they try to login again, they login just fine.  Obviously the problem is they need to login twice now.
20  Joomla Hacks / Joomla-SMF 2.0.x / Mod_Security and JSMF - Triggering 404 Error on: September 27, 2006, 08:44:02 AM
Hello,

I have eth0's ruleset installed in mod_security.  I notice some of my users are getting a Forbidden (404) error when trying to login to the website (I have also had it now and then).  It doesn't always trigger, but once is more than enough for me.  I am not greatly experienced with mod_security so I'd appreciate if you could help me here.

Using latest version of JSMF, CB latest version (and CB login module), latest version of Joomla.

The error in my mod_sec log is as follows:

==c77f7939==============================
Request: www.****.net **.***.**.** - - [27/Sep/2006:13:20:35 +0100] "GET /index.php?option=com_smf&Itemid=155&PHPSESSID=c47f32118f53421e5a9053b1f43036c0;a$
Handler: server-parsed
----------------------------------------
GET /index.php?option=com_smf&Itemid=155&PHPSESSID=c47f32118f53421e5a9053b1f43036c0;action=login2;sa=check;member=62 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Encoding: gzip, deflate
Accept-Language: en-gb
Cache-Control: no-cache
Connection: keep-alive
Cookie: __utma=134262882.885386045.1159277676.1159277676.1159285579.2; __utmz=134262882.1159277676.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSES$
Host: www.********.net
Referer: http://www.*********.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
X-Forwarded-For: **.***.***.***
mod_security-message: Access denied with code 403. Pattern match "!^[0-9a-z]*$" at ARG("PHPSESSID")
mod_security-action: 403

HTTP/1.1 403 Forbidden
Keep-Alive: timeout=15, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
--c77f7939--


The ruleset I have is:

----Ruleset----

<IfModule mod_security.c>
# Turn the filtering engine On or Off
SecFilterEngine On

# Change Server: string
SecServerSignature "Apache"


# This setting should be set to On only if the Web site is
# using the Unicode encoding. Otherwise it may interfere with
# the normal Web site operation.
SecFilterCheckUnicodeEncoding Off

# The audit engine works independently and
# can be turned On of Off on the per-server or
# on the per-directory basis. "On" will log everything,
# "DynamicOrRelevant" will log dynamic requests or violations,
# and "RelevantOnly" will only log policy violations
SecAuditEngine RelevantOnly

# The name of the audit log file
SecAuditLog logs/audit_log

# Should mod_security inspect POST payloads
SecFilterScanPOST On

# Action to take by default
SecFilterDefaultAction "deny,log,status:403"

## ## ## ## ## ## ## ## ## ##
## ## ## ## ## ## ## ## ## ##

# Require HTTP_USER_AGENT and HTTP_HOST in all requests
# SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

# Require Content-Length to be provided with
# every POST request
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"

# Don't accept transfer encodings we know we don't handle
# (and you don't need it anyway)
SecFilterSelective HTTP_Transfer-Encoding "!^$"

# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"

SecFilter "viewtopic\.php\?" chain
SecFilter "chr\(([0-9]{1,3})\)" "deny,log"

# Block various methods of downloading files to a server
SecFilterSelective THE_REQUEST "wget "
SecFilterSelective THE_REQUEST "lynx "
SecFilterSelective THE_REQUEST "scp "
SecFilterSelective THE_REQUEST "ftp "
SecFilterSelective THE_REQUEST "cvs "
SecFilterSelective THE_REQUEST "rcp "
SecFilterSelective THE_REQUEST "curl "
SecFilterSelective THE_REQUEST "telnet "
SecFilterSelective THE_REQUEST "ssh "
SecFilterSelective THE_REQUEST "echo "
SecFilterSelective THE_REQUEST "links -dump "
SecFilterSelective THE_REQUEST "links -dump-charset "
SecFilterSelective THE_REQUEST "links -dump-width "
SecFilterSelective THE_REQUEST "links http:// "
SecFilterSelective THE_REQUEST "links ftp:// "
SecFilterSelective THE_REQUEST "links -source "
SecFilterSelective THE_REQUEST "mkdir "
SecFilterSelective THE_REQUEST "cd /tmp "
SecFilterSelective THE_REQUEST "cd /var/tmp "
SecFilterSelective THE_REQUEST "cd /etc/httpd/proxy "
SecFilterSelective THE_REQUEST "/config.php?v=1&DIR "
SecFilterSelective THE_REQUEST "&highlight=%2527%252E "
SecFilterSelective THE_REQUEST "changedir=%2Ftmp%2F.php "
SecFilterSelective THE_REQUEST "arta\.zip "
SecFilterSelective THE_REQUEST "cmd=cd\x20/var "
SecFilterSelective THE_REQUEST "HCL_path=http "
SecFilterSelective THE_REQUEST "clamav-partial "
SecFilterSelective THE_REQUEST "vi\.recover "
SecFilterSelective THE_REQUEST "netenberg "
SecFilterSelective THE_REQUEST "psybnc "
SecFilterSelective THE_REQUEST "fantastico_de_luxe "

SecFilter "bcc:"
SecFilter "bcc\x3a"
SecFilter "cc:"
SecFilter "cc\x3a"
SecFilter "bcc:|Bcc:|BCC:" chain
SecFilter "[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,4}\,\x20[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,4}"
SecFilterSelective POST_PAYLOAD "Bcc:"
SecFilterSelective POST_PAYLOAD "Bcc:\x20"
SecFilterSelective POST_PAYLOAD "cc:"
SecFilterSelective POST_PAYLOAD "cc:\x20"
SecFilterSelective POST_PAYLOAD "bcc:"
SecFilterSelective POST_PAYLOAD "bcc:\x20"
SecFilterSelective POST_PAYLOAD "bcc: "
SecFilterSelective THE_REQUEST "Bcc:"
SecFilterSelective THE_REQUEST "Bcc:\x20"
SecFilterSelective THE_REQUEST "cc:"
SecFilterSelective THE_REQUEST "cc:\x20"
SecFilterSelective THE_REQUEST "bcc:"
SecFilterSelective THE_REQUEST "bcc:\x20"
SecFilterSelective THE_REQUEST "bcc: "
# WEB-PHP phpbb quick-reply.php arbitrary command attempt
SecFilterSelective THE_REQUEST "/quick-reply\.php" chain
SecFilter "phpbb_root_path="

</IfModule>


---/Ruleset---

Unsure which would be triggering this error - I will gladly remove it the rule if it can be found out which one is triggering this error.

Cheers,

Pete.
Pages: 1 [2]


Login with username, password and session length

Powered by MySQL Powered by PHP Joomla Forum | Powered by SMF 1.1 RC1.
© 2001-2005, Lewis Media. All Rights Reserved.
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!

Joomla Hacks is a Joomla Components, Joomla Modules, Joomla Templates, & Joomla Mambots resource portal. None of the text or images in this public website may be copied without the expressed written consent of the authors. Copyright 2005 by JoomlaHacks.com. Powered by Joomla. All rights reserved.
Terms of Use
Joomla Hacks



Joomla Hacks
 German Lang French Lang Italian Lang Spanish Lang Japanese Lang Chinese Lang
Search Contact About Advertise Blogs Topsites Submit News Register Login