Seit PHP-Fusion 7.02 gibt es Probleme mit dem SecuritySystem,wie:
Bei Falschem Passwort BLACKLISTE und bei sonstigen Error Meldungen von PHP-Fusion wird die IP in die Blackliste gesetzt.
Folgende Datei zu bearbeiten:
./infusions/security_system/main_control.php
das suchen:
if ($hack) {
$user_agent= (SYS_USER_AGENT!=\"\" ? stripinput(str_replace(\'||\', \' \', SYS_USER_AGENT)) : \"\");
$resu=dbcount(\"(blacklist_ip)\",DB_PREFIX.\"secsys_blacklist\",\"blacklist_ip=\'\".SYS_USER_IP.\"\'\");
if ($resu==\"0\") {
$resu2=dbquery(\"INSERT INTO \".DB_PREFIX.\"secsys_blacklist (blacklist_ip,blacklist_datestamp) VALUES(\'\".SYS_USER_IP.\"\',\'\".time().\"\')\");
}
$rsl=dbrows(dbquery(\"SELECT * FROM \".DB_PREFIX.\"secsys_logfile WHERE hack_ip=\'\".SYS_USER_IP.\"\' AND hack_type=\'hacks\' AND hack_datestamp>=\'\".(time()-3600).\"\'\"));
if (!sec_proxyscan()) {
$resu2=dbcount(\"(proxy_ip)\",DB_PREFIX.\"secsys_proxy_blacklist\",\"proxy_ip=\'\".SYS_USER_IP.\"\' LIMIT 0,1\");
if (@$resu2==\"0\") {
$result=dbquery(\"INSERT INTO \".DB_PREFIX.\"secsys_proxy_blacklist (proxy_ip,proxy_datestamp) VALUES (\'\".SYS_USER_IP.\"\',\'\".time().\"\')\");
}
}
if ($rsl==0 && $sys_setting[\'ctracker_log\']==\'1\') {
$sys_msg=stripinput($_SERVER[\'QUERY_STRING\']);
$sys_msg=$sys_msg;
$sys_msg_entry=str_replace(\" \",\"\",$sys_msg);
$result=dbquery(\"INSERT INTO \".DB_PREFIX.\"secsys_logfile (hack_id,hack_type,hack_userid,hack_ip,hack_query,hack_referer,hack_agent,hack_datestamp) VALUES (NULL,\'hacks\',\'\".SYS_USER_ID.\"\',\'\".SYS_USER_IP.\"\',\'\".$sys_msg_entry.\"\',\'\".stripinput(SYS_USER_REFERER).\"\',\'\".$user_agent.\"\',\'\".time().\"\')\");
}
$result=dbquery(\"UPDATE \".DB_PREFIX.\"secsys_statistics SET hacks=hacks+1\");
mysql_close();
redirect(\"http://sourceprotection.de/attack.html\");exit;
}
}
hiermit ersetzten:
if ($hack) {
$user_agent= (SYS_USER_AGENT!=\"\" ? stripinput(str_replace(\'||\', \' \', SYS_USER_AGENT)) : \"\");
if (isset($_GET[\'error\']) && isnum($_GET[\'error\'])) { } else {
$resu=dbcount(\"(blacklist_ip)\",DB_PREFIX.\"secsys_blacklist\",\"blacklist_ip=\'\".SYS_USER_IP.\"\'\");
if ($resu==\"0\") {
$resu2=dbquery(\"INSERT INTO \".DB_PREFIX.\"secsys_blacklist (blacklist_ip,blacklist_datestamp) VALUES(\'\".SYS_USER_IP.\"\',\'\".time().\"\')\");
}
}
$rsl=dbrows(dbquery(\"SELECT * FROM \".DB_PREFIX.\"secsys_logfile WHERE hack_ip=\'\".SYS_USER_IP.\"\' AND hack_type=\'hacks\' AND hack_datestamp>=\'\".(time()-3600).\"\'\"));
if (!sec_proxyscan()) {
$resu2=dbcount(\"(proxy_ip)\",DB_PREFIX.\"secsys_proxy_blacklist\",\"proxy_ip=\'\".SYS_USER_IP.\"\' LIMIT 0,1\");
if (@$resu2==\"0\") {
$result=dbquery(\"INSERT INTO \".DB_PREFIX.\"secsys_proxy_blacklist (proxy_ip,proxy_datestamp) VALUES (\'\".SYS_USER_IP.\"\',\'\".time().\"\')\");
}
}
if (isset($_GET[\'error\']) && isnum($_GET[\'error\'])) { } else {
if ($rsl==0 && $sys_setting[\'ctracker_log\']==\'1\') {
$sys_msg=stripinput($_SERVER[\'QUERY_STRING\']);
$sys_msg=$sys_msg;
$sys_msg_entry=str_replace(\" \",\"\",$sys_msg);
$result=dbquery(\"INSERT INTO \".DB_PREFIX.\"secsys_logfile (hack_id,hack_type,hack_userid,hack_ip,hack_query,hack_referer,hack_agent,hack_datestamp) VALUES (NULL,\'hacks\',\'\".SYS_USER_ID.\"\',\'\".SYS_USER_IP.\"\',\'\".$sys_msg_entry.\"\',\'\".stripinput(SYS_USER_REFERER).\"\',\'\".$user_agent.\"\',\'\".time().\"\')\");
}
$result=dbquery(\"UPDATE \".DB_PREFIX.\"secsys_statistics SET hacks=hacks+1\");
mysql_close();
redirect(\"\".INFUSIONS.\"security_system/attack.html\");exit;
}
}
}
|