Temos pavadinimas: WordPress, Shopify ir PHPFusion programuotojų bendruomenė :: BS-Security Prisijungimo problema

Parašė RokasL· 2012 Rugp. 8 17:08:24
#1
Taigi instaliavau svariai moda "bs-security" ir yra tokia problema kad pvz ivedus neteisinga prisijungima tave iskarto blokina is webo gal kas pasakytu kaip padaryti kad neblokintu uz neteisinga prisijungima?

Parašė minimukas· 2012 Rugp. 8 19:08:05
#2
gi yra tam nustatymai... ir seip bs-secutiry yra tokiu spragu per kurias galiu web paziest... tai patariu pirma issitaisyk tada diekis.
P.S. per BS web nenulausi, bet zalos padaryt galima gana daug :D

Parašė ilblud· 2012 Rugp. 9 14:08:16
#3
redaguoti si faila:
./infusions/security_system/main_control.php
Surasti:

if ($hack) {
      $user_agent= (SYS_USER_AGENT!="" ? stripinput(str_replace('||', ' ', SYS_USER_AGENT)) : "");
          $resu=dbcount("(blacklist_ip)",DB_PREFIX."secsys_blacklist","blacklist_ip='".SYS_USER_IP."'");
          if ($resu=="0") {
          $resu2=dbquery("INSERT INTO ".DB_PREFIX."secsys_blacklist (blacklist_ip,blacklist_datestamp) VALUES('".SYS_USER_IP."','".time()."')");
          }
          $rsl=dbrows(dbquery("SELECT * FROM ".DB_PREFIX."secsys_logfile WHERE hack_ip='".SYS_USER_IP."' AND hack_type='hacks' AND hack_datestamp>='".(time()-3600)."'"));
        if (!sec_proxyscan()) {
$resu2=dbcount("(proxy_ip)",DB_PREFIX."secsys_proxy_blacklist","proxy_ip='".SYS_USER_IP."' LIMIT 0,1");
if (@$resu2=="0") {
          $result=dbquery("INSERT INTO ".DB_PREFIX."secsys_proxy_blacklist (proxy_ip,proxy_datestamp) VALUES ('".SYS_USER_IP."','".time()."')");
          }
  }   
   if ($rsl==0 && $sys_setting['ctracker_log']=='1') {
          $sys_msg=stripinput($_SERVER['QUERY_STRING']);
          $sys_msg=$sys_msg;
          $sys_msg_entry=str_replace(" ","",$sys_msg);
          $result=dbquery("INSERT INTO ".DB_PREFIX."secsys_logfile (hack_id,hack_type,hack_userid,hack_ip,hack_query,hack_referer,hack_agent,hack_datestamp) VALUES (NULL,'hacks','".SYS_USER_ID."','".SYS_USER_IP."','".$sys_msg_entry."','".stripinput(SYS_USER_REFERER)."','".$user_agent."','".time()."')");
          }
 
          $result=dbquery("UPDATE ".DB_PREFIX."secsys_statistics SET hacks=hacks+1");
          mysql_close();
          redirect("http://sourceprotection.de/attack.html");exit;
}
}
 

Pakeisti:

if ($hack) {
      $user_agent= (SYS_USER_AGENT!="" ? stripinput(str_replace('||', ' ', SYS_USER_AGENT)) : "");
if (isset($_GET['error']) && isnum($_GET['error'])) { } else {
          $resu=dbcount("(blacklist_ip)",DB_PREFIX."secsys_blacklist","blacklist_ip='".SYS_USER_IP."'");
          if ($resu=="0") {
          $resu2=dbquery("INSERT INTO ".DB_PREFIX."secsys_blacklist (blacklist_ip,blacklist_datestamp) VALUES('".SYS_USER_IP."','".time()."')");
          }
}
          $rsl=dbrows(dbquery("SELECT * FROM ".DB_PREFIX."secsys_logfile WHERE hack_ip='".SYS_USER_IP."' AND hack_type='hacks' AND hack_datestamp>='".(time()-3600)."'"));
        if (!sec_proxyscan()) {
$resu2=dbcount("(proxy_ip)",DB_PREFIX."secsys_proxy_blacklist","proxy_ip='".SYS_USER_IP."' LIMIT 0,1");
if (@$resu2=="0") {
          $result=dbquery("INSERT INTO ".DB_PREFIX."secsys_proxy_blacklist (proxy_ip,proxy_datestamp) VALUES ('".SYS_USER_IP."','".time()."')");
          }
  } 
 
if (isset($_GET['error']) && isnum($_GET['error'])) { } else {
   if ($rsl==0 && $sys_setting['ctracker_log']=='1') {
          $sys_msg=stripinput($_SERVER['QUERY_STRING']);
          $sys_msg=$sys_msg;
          $sys_msg_entry=str_replace(" ","",$sys_msg);
          $result=dbquery("INSERT INTO ".DB_PREFIX."secsys_logfile (hack_id,hack_type,hack_userid,hack_ip,hack_query,hack_referer,hack_agent,hack_datestamp) VALUES (NULL,'hacks','".SYS_USER_ID."','".SYS_USER_IP."','".$sys_msg_entry."','".stripinput(SYS_USER_REFERER)."','".$user_agent."','".time()."')");
          }
 
          $result=dbquery("UPDATE ".DB_PREFIX."secsys_statistics SET hacks=hacks+1");
          mysql_close();
          redirect("".INFUSIONS."security_system/attack.html");exit;
}
}
}