Welcome to Geeklog, Anonymous Wednesday, December 25 2024 @ 08:37 pm EST
Geeklog Forums
Ban plugin 1.0.1
ironmax
Thanks in advance
Michael
Laugh
The latest ban plugin I can find is 1.0, where is 1.0.1
Just tried installing this on a new install of geeklog and it didn't work no error message nothing. I checked into it and noticed it accesses form variables directly and not with $_REQUEST so global variables need to be on. This doesn't work in my situation as I like having global variables off. I have been running the ban plugin on other sites for a while now thinking it was working!
Is TomW (ban plugin author around anymore) or has someone updated the ban plugin for registered globals to be off, maybe this is 1.0.1? If not I can do it since it's not very big but I rather release it as a new version of the ban plugin and not as a brand new plugin.
One of the Geeklog Core Developers.
jmucchiello
Laugh
I'll upload the 1.0.2 ban plugin to geeklog.
jmucchiello, I emailed you back a while ago regarding testing the new version of the autotag plugin, did you get it?
One of the Geeklog Core Developers.
ironmax
I went ahead and updated the ban plugin. It was failing on any page that required user input (install,adding, logfile). As far as I can tell after a quick look everything else worked. If your ban table contained data before switching to registered globals off it still banned those ips, you just couldn't delete or add new ones.
I'll upload the 1.0.2 ban plugin to geeklog.
Laugh, did you ever upload the updated Ban plugin?
jmucchiello
Laugh
IRONMAX - opps, I'll upload the ban plugin now.
One of the Geeklog Core Developers.
ironmax
IRONMAX - opps, I'll upload the ban plugin now.
Thanx for the update...works like its supposed to now.
Michael
ironmax
Michael
Update....
Would help if I read the regex better. You have to excape the periods with a backslash.
Example: www.example.com should read as www\.example\.com
ironmax
I don't know if this is isolated or not. Anyways, I have noticed in the updated version that the Ban plugin seems to not block the referrals when the site name that it refers to is put in the system. Also the logging does not seem to record that fact either. Anyone else having this issue?
Michael
Update....
Would help if I read the regex better. You have to excape the periods with a backslash.
Example: www.example.com should read as www.example.com
Okay...so my original message stands. There still seems to be a problem. The referrers that I put in are still coming back to my site and and leaving referral links in the referrer area listed in GUS. Any ideas? Dirk, login and have a look to verify what I mean. Look at the 10:45am entry.
Laugh
One of the Geeklog Core Developers.
Laugh
function BAN_check()
{
global $HTTP_USER_AGENT, $REMOTE_ADDR, $HTTP_REFERER, $_TABLES, $SCRIPT_NAME, $_BAN_log, $_BAN_page;
$result = DB_Query("SELECT * FROM {$_TABLES['ban']}",1);
$nrows = DB_numRows( $result );
for( $i = 1; $i <= $nrows; $i++ ) {
$A = DB_fetchArray($result);
if (eregi($A['data'],$$A['bantype'])) {
if ($_BAN_log) {
BAN_Log('Access Banned because ' . $$A['bantype'] . " matches {$A['data']}");
}
if ($_BAN_page != '') {
echo COM_refresh($_BAN_page);
die();
} else {
die();
}
}
}
}
The code doesn't even refer to the remote IP plus for some reason it is trying to compare the banned ips in the db with the current records ban type??
Plus the ban type variable has a double $$.
One of the Geeklog Core Developers.
jmucchiello
Plus the ban type variable has a double $$.
Calm. That is the magic of the code. I have never ever looked at the ban plugin but I will bet that the "bantype" column in the ban table is supposed to contain one of the following strings: HTTP_USER_AGENT, REMOTE_ADDR, HTTP_REFERER, or SCRIPT_NAME.
The magic eregi line look at the variable contained in the variable name by $A['bantype'] and that's why there are 2 dollar signs.
So if the ban table has a record where data = '^192\.168\.' and bantype = 'REMOTE_ADDR' than anyone connecting with a remote_addr starting 192.168 will be stopped by that record.
Get it?
Laugh
I've uploaded Ban Plugin Ver. 1.0.3
One of the Geeklog Core Developers.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content