Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#61 2010-11-21 12:48:15

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 4,726
Website

Re: smd_prognostics: monitor your Txp installation for suspicious activity

Roelof, I suggest creating a dedicated folder for the “prognostics settings” rather than your root folder, and then try the settings out, first 755, then if that doesn’t work 775, and if that still doesn’t work 777.

To check if it works, follow Stef’s advice above:

So after you have tried to Save the Files, please use your FTP program to verify that the smd_prgnostics_checksums.txt file has been created in the place you have defined.


TXP Builders – finely-crafted code, design and txp

Offline

#62 2010-11-22 15:09:56

roelof
Member
Registered: 2005-03-27
Posts: 647

Re: smd_prognostics: monitor your Txp installation for suspicious activity

Hello,

I tried al three without any success.
I made a directory test and gave it first 755 then 775 and then 777 but still if I change the prognotics folder it will change back to the directory textpattern.

Bloke, I could give you access as soon as I know a mail adress to which I can send on the password.

Roelof

Offline

#63 2010-12-09 09:04:57

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,449
Website GitHub

Re: smd_prognostics: monitor your Txp installation for suspicious activity

New version 0.15 released. Features:

  • Improved warning display when saving preferences (thanks maniqui)
  • Skipped comment preview step for SQL injections (helps prevent false positives and massively cuts down the number of frognostic alerts)
  • Fixed version number in frognostics
  • Fixed display error on Advice panel
  • Added sql_injection callback
  • Added RPC advice check

I’ll have a go at tackling the performance of unmonitored file additions next.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#64 2010-12-09 09:24:02

roelof
Member
Registered: 2005-03-27
Posts: 647

Re: smd_prognostics: monitor your Txp installation for suspicious activity

Hello Bloke,

This version I have the same problem and I get no error messages.
So I hope we can solve this annoying problem.

Roelof

Offline

#65 2010-12-09 11:40:44

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,449
Website GitHub

Re: smd_prognostics: monitor your Txp installation for suspicious activity

roelof wrote:

This version I have the same problem and I get no error messages.

Please send me a login to your site and I’ll see if I can figure it out later. You should see an e-mail link below my avatar on the forum.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#66 2010-12-09 11:46:10

roelof
Member
Registered: 2005-03-27
Posts: 647

Re: smd_prognostics: monitor your Txp installation for suspicious activity

Oke,

I send you a pm with all the data.

Roelof

Offline

#67 2010-12-09 18:49:37

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,449
Website GitHub

Re: smd_prognostics: monitor your Txp installation for suspicious activity

Thanks roelof. Found the bug and fixed it. The problem was that the prefs weren’t being saved at all. Try v0.16

Note to self: never assume that the button names are going to be sent to the plugin in English. Stupid mistake on my part, really sorry.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#68 2010-12-13 12:16:28

roelof
Member
Registered: 2005-03-27
Posts: 647

Re: smd_prognostics: monitor your Txp installation for suspicious activity

Hello Bloke.

Sorry for the late respons.
But everything is working fine.
So may thanks for the help.

Roelof

Offline

#69 2010-12-30 21:47:43

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,449
Website GitHub

Re: smd_prognostics: monitor your Txp installation for suspicious activity

Version 0.17 released. Adds one bug fix (see later) and one new feature: the ability to control the sensitivity of the SQL injection.

On some of my sites I noticed that I was receiving large numbers of frognostics reports when spammers were commenting. Although the plugin doesn’t trip on preview (which helps reduce the quantity of reports) I was still getting more than I liked. So I took a trip through the code and found that the SQL injection routine checks for words such as select, union, from and -- appearing in strategic locations in every request. On sites that have comments enabled, this results in large numbers of posts being erroneously flagged as SQL injections.

This situation is not ideal and I think it needs a long-term rethink, but as a stop-gap I’ve implemented a sensitivity setting. The value(s) you put in the Sensitivity box determine how many “bad words” are permitted in a submission before it triggers the injection warning (you are still free to bypass this entirely with your own plugin if you wish). The default of 1 is the most sensitive. Raise this value to make it less sensitive but at the expense of possibly missing one or two real injection attacks. Your call.

I’ve made it possible to set separate sensitivities for GET and POST requests. In general you’ll want GET requests to be at 1 because any dodgy URL params need to be dealt with swiftly and decisively. If you are doing some clever, custom URL manipulation (maniqui: I’m looking at you!) it might be useful to raise this value. Similarly, if you have enabled comments on your site you might want to raise the POST value a little so someone who innocently adds a couple of -- Textile marks isn’t penalised.

In general I’d advise that a regular TXP site with comments enabled uses a sensitivity of 1, 3 or 1, 4. Season to taste. If you don’t use comments, by all means set the POST sensitivity to 1 as well (note that if you use a single value it applies to both GET and POST requests).

This version also fixes a daft bug that I introduced in v0.16 whereby your settings would be wiped out if you clicked ‘Setup’ from the Prognostics subtab. Apologies for that stupid oversight. I hope it hasn’t caused too much grief.

Hope you all have a Happy New Year.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#70 2011-03-27 23:07:10

maverick
Member
From: Southeastern Michigan, USA
Registered: 2005-01-14
Posts: 976
Website

Re: smd_prognostics: monitor your Txp installation for suspicious activity

Error on “Admin -> Import” tab.

First saw it after Txp 4.4.0 upgrade, but rarely go to the import tab so it could have been present prior.

Notice: Undefined offset: 1 in /home/maverick/textpattern/textpattern/lib/txplib_misc.php(653) : eval()’d code on line 94

v0.16 and v0.17 both yield same result.

Multi-site install.

Offline

#71 2011-03-27 23:21:18

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,449
Website GitHub

Re: smd_prognostics: monitor your Txp installation for suspicious activity

maverick wrote:

Notice: Undefined offset: 1 in /home/maverick/textpattern/textpattern/lib/txplib_misc.php(653) : eval()’d code on line 94

Weird, check the value of your prognostics pref called “Check files between” (if you want to delve deeper, it’s stored in the prefs table as smd_prognostics_check_between).

If you’ve only got one entry (i.e. just in the first box) then you’ll see that message… and others… but not just on the import tab: pretty much everywhere. Thing is, the plugin is supposed to guard against this and if one of the boxes is empty it should fill it in for you with either 00:00 or 23:59. You haven’t got a rogue space in the box or something have you?

Last edited by Bloke (2011-03-27 23:21:45)


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#72 2011-03-27 23:44:52

maverick
Member
From: Southeastern Michigan, USA
Registered: 2005-01-14
Posts: 976
Website

Re: smd_prognostics: monitor your Txp installation for suspicious activity

Bloke wrote:

but not just on the import tab: pretty much everywhere.

Strange as it is, it was only showing on the Import tab.

check the value of your prognostics pref called “Check files between” (if you want to delve deeper, it’s stored in the prefs table as smd_prognostics_check_between).

Okay – the cause of the error makes sense, but the why there was a cause does not.

All the preferences were gone. The situation was the same on both of the sites I’ve checked so far. Both of which had been functioning in the past (though I realize now in retrospect that it has been a while since I remember a report being emailed to me.)

So a simple save filled in the the check between preference and the error is gone. But I’ve no clue where the previous settings went.

Mike

p.s. – when I check the database, I don’t see a smd_prognostic listed. So I can check on it, where in the database does it save its preferences? Thanks.

Last edited by maverick (2011-03-27 23:46:23)

Offline

Board footer

Powered by FluxBB