11
redheadedrod
Re: Protector detects site manipulation

I did do the deactivation as you prescribed but it didn't seem to deactivate the module.

I went into the database for that site, found the "_module" table and found the "protector" line in there, changed the 1 to a 0 for the isactive setting and hit submit.

I exited phpmysql and reentered it, went back and verified the setting was set correctly.

Went to the site and tried to access it and the protector line was still there.

I hit refresh more then once, exited my browser, restarted the computer and tried it again. I did not clear cookies but it should not have made a difference.

Scratching my head on this one. But then again, beta modules are beta for a reason...

And I did NOT put the patches to the core since Mamba mentioned they are no longer necissary with 2.4.3.

Rodney

12
Burning
Re: Protector detects site manipulation
  • 2010/1/15 17:19

  • Burning

  • Theme Designer

  • Posts: 1163

  • Since: 2006/8/22


I have made a new test :
• my site is ok, I have exported database
• I modify mainfile.php, ... so I get alert "Protector detects site manipulation"
• I export my database again and compare it with first

So, I see two changes :
• table : _session
• table : _protector_access

I'm trying to empty these two tables ... but there is someone who is browsing on my site : I can't right now

So could you try to empty these two tables (not delete, just empty) ?


Complements :
• this new protection is presend in readme.txt
Quote:

3.50 beta (2009/11/17)
- modified filters can be turned on/off by preferences of Protector
- moved filters under filters_disabled/ into filters_byconfig/
- added manipulation checker against ftp worms or silent raiders

• some code in xoops_lib/modules/protector/class/protector.php
function check_manipulation()
{
    if( 
$_SERVER['SCRIPT_FILENAME'] == XOOPS_ROOT_PATH.'/index.php' ) {
        
$root_stat statXOOPS_ROOT_PATH ) ;
        
$index_stat statXOOPS_ROOT_PATH.'/index.php' ) ;
        
$finger_print $root_stat['mtime'] .':'$index_stat['mtime'] .':'$index_stat['ino'] ;
        if( empty( 
$this->_conf['manip_value'] ) ) {
            
$this->updateConfIntoDb'manip_value' $finger_print ) ;
        } else if( 
$finger_print != $this->_conf['manip_value'] ) {
            
// Notify if finger_print is ident from old one
            
$ret $this->call_filter'postcommon_manipu' ) ;
            if( 
$ret == false ) die( 'Protector detects site manipulation.' ) ;
            
$this->updateConfIntoDb'manip_value' $finger_print ) ;
        }
    }

}

13
redheadedrod
Re: Protector detects site manipulation

On my site, this showed no change.. emptying those did nothing...

Going to look at the protected directories as I saw mention of things on the support site where they must store stuff there...

But you would think if I disabled the module it should work..

14
Burning
Re: Protector detects site manipulation
  • 2010/1/15 17:57

  • Burning

  • Theme Designer

  • Posts: 1163

  • Since: 2006/8/22


New test : I have deleted database and replace it by original.

Alert is still there

So, secure information is stored elsewhere. Very strange.

15
Burning
Re: Protector detects site manipulation
  • 2010/1/15 18:16

  • Burning

  • Theme Designer

  • Posts: 1163

  • Since: 2006/8/22


I get it, oh dirty best !!

There is an information stored in _config table, make search with :
• manip_value
• or _MI_PROTECTOR_MANIPUVALUE

If you delete line, alert disappear.

... but I don't know consequences : when you go to admin, I believe first thing to do is uninstall / reinstall Protector module

16
redheadedrod
Re: Protector detects site manipulation

I was able to change the setting...

_MI_PROTECTOR_GLOBAL_DISBL

from 0 to 1 which was the setting to totally disable protector from within protector.

This allowed me access to the site.

Ok, I see now what part of the problem was...

Mamba had mentioned to me before that with XOOPS 2.4.3 you don't patch the core to use Protector.

With the patches to mainfile and databasefactory in place the protector module still has "something" in place and deactivating the module by changing the value in _modules doesn't totally disable it. I had apparently patched the core on those sites before being told that and had not changed them yet.

Without the patches in place it does disable the module and you can get into the site from which you can make further adjustments.

I will try to get ahold of the author about this but waiting for his site to give me an activation link which it hasn't done yet.

So as far as I am concerned this is resolved for now. Thanks for those of you that helped me out. I definitely learned something today.

Rodney


17
onasre
Re: Protector detects site manipulation
  • 2010/1/15 23:48

  • onasre

  • Not too shy to talk

  • Posts: 150

  • Since: 2006/8/12


You Guys making it sound harder that wht is ..

u just could disable it from protector setting .

"enable manipulation checking"

select No ..

18
Burning
Re: Protector detects site manipulation
  • 2010/1/16 1:55

  • Burning

  • Theme Designer

  • Posts: 1163

  • Since: 2006/8/22


Thanks

... alert appears as soon that you move a file on server. So before handling anything on server, we have to check No.

19
redheadedrod
Re: Protector detects site manipulation

Quote:

onasre wrote:
You Guys making it sound harder that wht is ..

u just could disable it from protector setting .

"enable manipulation checking"

select No ..


Seems easy sure, the point of this message was that I couldn't get to the menu to change that setting.

When the message comes up there is no EASY way to get into the system PERIOD...You are dead in the water until you figure out that you have to manipulate the flags in the database and go from there.

And if you never have had to mess with that and you don't have a clue how to do that... Well then your stuck until someone helps you or you figure it out.

Login

Who's Online

393 user(s) are online (274 user(s) are browsing Support Forums)


Members: 0


Guests: 393


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits