Donations Being Blocked NS

cyberdog · Posted: Thu Aug 16, 2007 2:52 pm

Afternoon everyone. I need a little help and scratching my head right now.

I have a PHP website and I am running NukeSentinel(tm) 2.5.03. It's been working awesome and I have not made any changes or other to my sites configuration.

Over the last couple weeks, members have been getting banned from the site for trying for trying to make a donation by clicking on our donate picture.

Here is the Log shows:

User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR
2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.2)
Query String:

Only registered users can see links on this board!
Get registered or login to the forums!

me=Team+N+Tense+Site+Donation&item_number=Servers&no_shipping=1&custom=72.204.17
.27&on0=ID&os0=18&notify_url=http://www.teamntense.com/ipn_don.php&return=http:/
/www.teamntense.com/modules.php?name=Donate&op=received&uid=18&no_note=1&currenc
y_code=USD&tax=0&on1=Show+Donation&os1=1&submit.x=75&submit.y=37
Get String:

Only registered users can see links on this board!
Get registered or login to the forums!

me=Team N Tense Site
Donation&item_number=Servers&no_shipping=1&custom=72.204.17.27&on0=ID&os0=18&not
ify_url=

Only registered users can see links on this board!
Get registered or login to the forums!

hp?name=Donate&op=received&uid=18&no_note=1&currency_code=USD&tax=0&on1=Show
Donation&os1=1&submit_x=75&submit_y=37
Post String:

Only registered users can see links on this board!
Get registered or login to the forums!

Forwarded For: none
Client IP: none
Remote Address: 72.***.17.27 (**Privacy)
Remote Port: 52740
Request Method: GET

Is there anything I can do to get NS to stop banning people from making donations?

Gremmie · Posted: Thu Aug 16, 2007 5:07 pm

I think it is probably the

Only registered users can see links on this board!
Get registered or login to the forums!

stuff in the arguments that is tripping it up.

What version of Nuke and what is the name of the donation block?

As to how to fix it or work around it.....hmmmm. If you could find a way to code the block so those

Only registered users can see links on this board!
Get registered or login to the forums!

aren't there, that would do it. Failing that, you'd have to modify Sentinel.

Guardian2003 · Site Admin Joined: Aug 28, 2003 Posts: 4821

You may want to also check the

Code:

cmd=

as I think nukesentinel.php specifically looks for this string - at least in newer versions.

fkelly · Posted: Thu Aug 16, 2007 6:28 pm

I can't quote every version of NS to you and you have to realize that 2.5.03 is seriously out of date and you should look into upgrading. I believe you are like 8 versions out of date. RN upgrades you automatically at least to NS 2.5.10 (the most recent is 2.5.11) but still I will try to address your problem.

The "cmd=" string is indeed blocked in NS. We've had similar issues with Gallery trying to issue it and getting blocked. You'll find the block down under the comment:

Code:

// Check for XSS attack
if(!stristr($nsnst_const['query_string'], "index.php?url=") AND (!isset($_COOKIE['admin']) OR !is_admin($_COOKIE['admin']))) {
if( (isset($name) AND (eregi("http\:\/\/", $name) OR eregi("https\:\/\/", $name)))
OR (isset($file) AND (eregi("http\:\/\/", $file) OR eregi("https\:\/\/", $file)))
OR (isset($libpath) AND (eregi("http\:\/\/", $libpath) OR eregi("https\:\/\/", $libpath)))
OR stristr($nsnst_const['query_string'], "http://") OR stristr($nsnst_const['query_string'], "https://")
OR ( stristr($nsnst_const['query_string'], "cmd=") AND !stristr($nsnst_const['query_string'], "&cmd") )
OR ( stristr($nsnst_const['query_string'], "exec") AND !stristr($nsnst_const['query_string'], "execu") )
OR stristr($nsnst_const['query_string'],"concat") AND !stristr($nsnst_const['query_string'], "../") ) {
block_ip($blocker_row);
}

I'm not sure what the best approach is to fixing this. Your could just comment out the cmd= part of the OR. Or you could find out what module is generating that (say "donations") and code an exclusion. I think we did that for Gallery a year or two ago. I can't (and don't have the time to) simulate this so I can't give you a bullet proof answer. But I understand the frustration.

cyberdog · Posted: Fri Aug 17, 2007 7:28 am

Thanks for the information. I am using PNC Nuke 4.01. The Donations block is from Teli at Codezwiz.

I will look into all this tonight when I get home. It is strange because everything was working just great, then one day people were getting banned going into this block-module. That's why I am scratching my head.

Thanks, for the assistance. I will get back to everyone when I get this figured out with a resolution.

I also realize I am a couple versions behind. I haven't had the time to get the updates going. I plan on getting the updates on ASAP.

But, it has been doing what we need it to do.

Thanks everyone for the info again!!!