Intrusion Detection System
trialnick Offline
Junior Member
**
Posts: 13
Joined: Oct 2010
Post: #19
RE: Intrusion Detection System
I do appreciate your work here ( this is one of my fav mybb forums), I like your review of plugins , but you have to understand that you belong to few people around who can fluently read codes and notice holes in plugins. That's not the case for many of us, so we should find the other way. At that point, you don't have competency to realize how the "ordinary users" think Wink because you aren't part of them. Eg. bulletproof protection plugin was made for wordpress , because they are pretty aware that their users are those who use blogging to write about coffee, school, books , ants and that they aren't coders, designers etc. Hope you get my words now.

(02-10-2011 08:57 AM)ZiNgA BuRgA Wrote:  
(02-10-2011 05:16 AM)trialnick Wrote:  well, not so many at all. One should remove select, insert ....
So if someone searches for, say, "select" or "insert", their request gets mysteriously blocked?

Exactly what I said---select and insert should be removed from the htaccess lines.

The script isn't perfect: that's why one has to search for other queries ...
There's the great method to get blind mysql inj in very short way (using floor rand) and such queries should be prevented as well...I'll repeat: I have no idea who and how plugins are made and if I had enough time I'll read the whole code, but this is the shortcut I use (I have no ambition to be a coder ).

Other thing: I saw the site that had a sqli error , but no one could inject anything because the htaccess redirect any suspicious queries (except order and select). When one tried to use union, site was looping, also blind way didn't worked. Thanks to htaccess Biggrin
(This post was last modified: 02-12-2011 09:30 AM by trialnick.)
02-12-2011 09:22 AM
Find all posts by this user Quote this message in a reply

« Next Oldest | Next Newest »

Messages In This Thread
Intrusion Detection System - techu - 11-01-2010, 11:49 PM
RE: Intrusion Detection System - RateU - 11-02-2010, 04:27 AM
RE: Intrusion Detection System - MattR - 11-02-2010, 04:48 AM
RE: Intrusion Detection System - RateU - 11-02-2010, 04:58 AM
RE: Intrusion Detection System - techu - 11-02-2010, 12:19 PM
RE: Intrusion Detection System - 1master1 - 11-02-2010, 05:52 PM
RE: Intrusion Detection System - trialnick - 11-07-2010, 02:28 AM
RE: Intrusion Detection System - trialnick - 02-08-2011, 11:14 AM
RE: Intrusion Detection System - trialnick - 02-08-2011, 08:37 PM
RE: Intrusion Detection System - trialnick - 02-10-2011, 05:16 AM
RE: Intrusion Detection System - trialnick - 02-12-2011 09:22 AM

 Standard Tools
Forum Jump: