Today in a
thread Ryan Gordan wrote:
Quote:It was our Intrusion Detection System giving false positives. It should allow you to post it now.
If anyone knows, what is this??
Is it a feature in mybb or is it unique for mybb.com?
I think it is a "special" feature for the site, related to the rule in Requests/Services/Jobs forum.
It's nothing to do with the rules in that forum, it's a general security feature for the site.
Ah... I thought it has a relationship with the rules for advertiser there.
Ah yes, I think the" error" comes from the reply of PM.
I believe it's a special plugin installed only on that forum to try to make attacks against it more difficult.
Ultimately, how successful it is does depend on the exploit an attacker is using and how creative they are at coding around the filters (if necessary at all).
I think it's based off PHPIDS:
http://php-ids.org/
(11-02-2010 12:06 PM)ZiNgA BuRgA Wrote: [ -> ]I believe it's a special plugin installed only on that forum to try to make attacks against it more difficult.
Ultimately, how successful it is does depend on the exploit an attacker is using and how creative they are at coding around the filters (if necessary at all).
I think it's based off PHPIDS: http://php-ids.org/
So do your think php-ids.org actually works??
Of course it does.
Probably not a good idea to rely on it however.
yeah, its bad to rely on them as they block some of the basic php functionalities. i had installed injection scanner and it is working fine but not allowing members to perform some basic functionalites on the site.
mainly it is interferring with the RSS feed poster but working fine when who ever tries to run/injection commands to deface the site, it will actively refuse them.
Quote:but not allowing members to perform some basic functionalites on the site.
injection scanner is fine, I used that too. If it doesn't allow some fuctions you can simply filtered them out. In the list of exploits , some codes are missing as the list is made in 2007.
I use googleseo, and unistalled injection scanner; so I modified htaccess file -putting there many exploit codes (so far I've mainly for sql , xss and javascript inj.), I used bulletproof + my queries (like|rlike etc)
hope it helps
Sorry to revive an old thread.
I'd like to see if it's possible for someone to make a plugin with this web software? It'd be really nice to have to say the least.