I use PNphpBB2 1.2i and noticed a problem where if you click on the smilies button on Quick Reply a messages pops up saying:
'Hacking attempt1'
I had the same problem with PNphpBB2 1.2h. For some reason the qmode GET variable wasn't being properly passed in quick_reply.php. I fixed the problem by adding the following code to quick_reply.php:
if ($_GET['qmode'] == 'smilies'){
$mode = 'smilies';
}
if ($_GET['qmode'] == 'postimages'){
$mode = 'postimages';
}
below:
{
$mode = '';
}
I'm not sure if the same problem existed for phpBB, but PNphpBB2 1.2i is based on phpBB 2.0.21.
Tuesday, February 20, 2007
Friday, February 16, 2007
You don't have permission to save vista in this location; Notepad
On my Windows Vista system I have a batch file in the root folder of my C: drive. I discovered a neat trick where you can just type on the command prompt:
notepad name_of_the_file
and Windows will open the file in Notepad.
Anyways I wanted to create a new batch file (let's say b.bat) from the original one (a.bat). I opened a.bat w/ Notepad, made my changes, but when I went to save the file on C:\ I got the error message:
"You don't have permission to save in this location. Contact the administrator to obtain permission."What in the world? I am the administrator. Oddly enough, however, if I saved the file somewhere else instead and then copy the file to C:\ it'd work. No doubt this is one of Vista's new security features- not allowing direct access to the root folder, and when you want to copy a file there you need to give explicit permission for the file operation.
Thursday, February 15, 2007
ModSecurity install and setup on Fedora Core 2
Over on rpmfind.net I was able to find a Fedora Core 3 module for modsecurity that I was able to install on Fedora Core 2. I had tried the one for Fedora Core 5 but no go- too many dependency issues.
This was the one that worked:
ftp://194.199.20.114/linux/fedora/extras/3/i386/mod_security-1.9.4-1.fc3.i386.rpm
After downloading I did a:
rpm -Uvh mod_security-1.9.4-1.fc3.i386.rpm
warning: mod_security-1.9.4-1.fc3.i386.rpm: V3 DSA signature: NOKEY, key ID 1ac70ce6
Preparing... ########################################### [100%]
1:mod_security ########################################### [100%]
Then it was time to checkout the mod_security.conf file located over at /etc/httpd/conf.d/.
I uncommented out these lines:
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"
This line:
SecFilter "<(.|\n)+>"
generated false positives on some web post forms so I kept it uncommented.
This was the one that worked:
ftp://194.199.20.114/linux/fedora/extras/3/i386/mod_security-1.9.4-1.fc3.i386.rpm
After downloading I did a:
rpm -Uvh mod_security-1.9.4-1.fc3.i386.rpm
warning: mod_security-1.9.4-1.fc3.i386.rpm: V3 DSA signature: NOKEY, key ID 1ac70ce6
Preparing... ########################################### [100%]
1:mod_security ########################################### [100%]
Then it was time to checkout the mod_security.conf file located over at /etc/httpd/conf.d/.
I uncommented out these lines:
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"
This line:
SecFilter "<(.|\n)+>"
generated false positives on some web post forms so I kept it uncommented.
yum [Errno 4] IOError: HTTP Error 404: Not Found
After discovering that one of my sites had been attacked via SQL injection, I decided to look for some global solutions that would try to prevent those attacks. Obviously the best way would be to patch up problematic webapps, but a global first line of defense would be helpful.
So anyways after some research "mod_security" came up as a good way of preventing web attacks including SQL injection, so I tried to install it via:
yum install mod_security
But then I got the messages:
Gathering header information file(s) from server(s)
Server: Fedora Core 2 - i386 - Base
retrygrab() failed for:
http://download.fedoralegacy.org/fedora/2/os/i386/headers/header.info
Executing failover method
failover: out of servers to try
Error getting file http://download.fedoralegacy.org/fedora/2/os/i386/headers/header.info
[Errno 4] IOError: HTTP Error 404: Not Found
I then edited /etc/yum.conf and replaced (under the [base] section):
baseurl=http://download.fedoralegacy.org/fedora/$releasever/os/$basearch
with:
baseurl=http://rh-mirror.linux.iastate.edu/fedoralegacy/fedora/$releasever/os/$basearch
then replaced (under the [fedoralegacy-updates] section):
baseurl=http://download.fedoralegacy.org/fedora/$releasever/updates/$basearch
with:
baseurl=http://rh-mirror.linux.iastate.edu/fedoralegacy/fedora/$releasever/updates/$basearch
Apparently the fedoralegacy.org site is no longer working to provide updates. Anyways those changes worked but unfortunately apparently mod_security wasn't available with Fedora Core 2. Oh well- time to try elsewhere.
So anyways after some research "mod_security" came up as a good way of preventing web attacks including SQL injection, so I tried to install it via:
yum install mod_security
But then I got the messages:
Gathering header information file(s) from server(s)
Server: Fedora Core 2 - i386 - Base
retrygrab() failed for:
http://download.fedoralegacy.org/fedora/2/os/i386/headers/header.info
Executing failover method
failover: out of servers to try
Error getting file http://download.fedoralegacy.org/fedora/2/os/i386/headers/header.info
[Errno 4] IOError: HTTP Error 404: Not Found
I then edited /etc/yum.conf and replaced (under the [base] section):
baseurl=http://download.fedoralegacy.org/fedora/$releasever/os/$basearch
with:
baseurl=http://rh-mirror.linux.iastate.edu/fedoralegacy/fedora/$releasever/os/$basearch
then replaced (under the [fedoralegacy-updates] section):
baseurl=http://download.fedoralegacy.org/fedora/$releasever/updates/$basearch
with:
baseurl=http://rh-mirror.linux.iastate.edu/fedoralegacy/fedora/$releasever/updates/$basearch
Apparently the fedoralegacy.org site is no longer working to provide updates. Anyways those changes worked but unfortunately apparently mod_security wasn't available with Fedora Core 2. Oh well- time to try elsewhere.
Friday, February 2, 2007
Restoration Nightmare / Back to Vista
Well I had a horrific time trying to restore my Acronis image. In turned out the Acronis True Image 8.0 rescue CD did not had the the serial ATA driver for my HP dv9000t notebook. Whoops. After finalling upgrading to True Image 10.0 home I was able to get the restore going. But after almost 2 hours and only 2% left to go, Acronis spit out got some message that said "Sectors copied was more than read" or something to that effect. I could mount the image fine on the Windows XP desktop that stored the image so apparently it's not corrupted. Perhaps HP's built-in Quickplay partitition had something to do with that (I had only backed up the Windows partition). Or perhaps it was because I wiped out the 10 gig HP Recovery Partition after creating 3 emergency restore DVDs and then combined that with C:. Little did I knew, however, those DVDs would help big time.
Anyways after hours and hours of futzing with the restore, I finally gave up and decided to go back to Vista Ultimate. I figured that eventually I would have to upgrade anyways so this would save the time I'd spend in the future. Then more road blocks. Because of the bad restore attempts there was no windows installed, and Vista Ultimate upgrade refused to continue setup. Apparently there's a loophole where you can install Vista by first not putting in the product key and then re-installing again. I thought I give it a shot but for some reason Vista kept complaining about not being able to assign a drive letter or whatever- even though I had it partition and format the drive. So then I tried installing via the Windows XP Media Center OEM CD that came with my Dell desktop, but apparently it, like Acronis 8, didn't have the SATA driver for my notebook. So finally I resorted to the HP rescue DVDs and a couple hours later I was back in business with XP Media Center installed. Then I was able to install Vista Ultimate successfully.
I was also happy to discover that now the Samsung SCX-4100 drivers for Vista were available. Although I'm still having the primary-monitor-going-blank problem- I've unplugged the 2ndary monitor from my notebook dock now as a temporary workaround. I went on the HP support site to look for some Vista drivers for the dv9000t- there's an update for the Intel Intel Wireless 3945 and a BIOS update. Unfortunately there seems to be an issue w/ the HP ftp server rejecting anonymous connections so I couldn't download them. Hopefully they'll have it resolved soon. As for my problem with Microsoft Small Business Accounting 2006- I'll have to install that on my desktop PC for now and use it there.
Anyways after hours and hours of futzing with the restore, I finally gave up and decided to go back to Vista Ultimate. I figured that eventually I would have to upgrade anyways so this would save the time I'd spend in the future. Then more road blocks. Because of the bad restore attempts there was no windows installed, and Vista Ultimate upgrade refused to continue setup. Apparently there's a loophole where you can install Vista by first not putting in the product key and then re-installing again. I thought I give it a shot but for some reason Vista kept complaining about not being able to assign a drive letter or whatever- even though I had it partition and format the drive. So then I tried installing via the Windows XP Media Center OEM CD that came with my Dell desktop, but apparently it, like Acronis 8, didn't have the SATA driver for my notebook. So finally I resorted to the HP rescue DVDs and a couple hours later I was back in business with XP Media Center installed. Then I was able to install Vista Ultimate successfully.
I was also happy to discover that now the Samsung SCX-4100 drivers for Vista were available. Although I'm still having the primary-monitor-going-blank problem- I've unplugged the 2ndary monitor from my notebook dock now as a temporary workaround. I went on the HP support site to look for some Vista drivers for the dv9000t- there's an update for the Intel Intel Wireless 3945 and a BIOS update. Unfortunately there seems to be an issue w/ the HP ftp server rejecting anonymous connections so I couldn't download them. Hopefully they'll have it resolved soon. As for my problem with Microsoft Small Business Accounting 2006- I'll have to install that on my desktop PC for now and use it there.
Subscribe to:
Posts (Atom)
