Possible attack

Steps i took:

1)Went at the demo site of D7b8

2)Tried to Login via Facebook Connect

3)Got a "Method not found" message

4)Refreshed my Facebook ( thought that Dolphin sends this message since i was idle in FB)

5)Refreshed the page and the message "Possible attack!!! All data has been collected and sent to the site owner for analysis." appeared.

Now i am locked out of dolphin (i ain';t sure if that is a good or a bad thing, but i guess all possible attacks should be blocked, as long as they're not mistakenly thought as attacks)

whatever file you get this just add:

define('BX_SECURITY_EXCEPTIONS', true);
$aBxSecurityExceptions = array(
'POST.Text',
'REQUEST.Text',
);

above the first require once

may i ask witch folder or file do you add it ? because i get possible attack when i want to delet or disable the list in the Group Categories !

thanks .

According to Trac, the attack issues have been cleared.

Yes probably this issue sorted out in adding an html code to the Block or adding an article to the tineymc.

But at the moment when i got to admin -------> Categories------>All Categories-----> Modules----->Groups---> I selct from the list Dolphin Community . i want to disbale it or delet it i got POSSIBLE ATTACK as a result .

So is there any chance to know how to fix it or what ever works , i know there's some here they still have the same problem , for your information i had replace the folder with the lastest fix and also change the code with latest code for the fix to the html block and tineymc but now i have this problem in the Categories .

This is what i got everytime i want to delet or disable :

Total impact: 6
Affected tags: xss, csrf

Variable: REQUEST.pathes.0 | Value: Dolphin Community%%0%%bx_groups
Impact: 3 | Tags: xss, csrf
Description: Detects halfwidth/fullwidth encoded unicode HTML breaking attempts | Tags: xss, csrf | ID: 13

Variable: POST.pathes.0 | Value: Dolphin Community%%0%%bx_groups
Impact: 3 | Tags: xss, csrf
Description: Detects halfwidth/fullwidth encoded unicode HTML breaking attempts | Tags: xss, csrf | ID: 13

REMOTE_ADDR: xxxxxxxxxxxxx
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:

Thanks.

This is fixed in this revision:

http://www.boonex.com/trac/dolphin/changeset/13146

If you have any problems with "Possible attack" you can check it on http://demozzz.com/dolphin7b/, if there is no such error on demozzz then it is already fixed (it is not this case, because you can not check admin area on demozzz).

Thanks Alex and Michelswiss and everyone , No possible Attack in the categories from the admin area , it's FIXED.

Peace and Bread ,

Eli

It Worked!!! Thank you very much!! Woo Hoooo!!

Yahooo I have made fix for this bug! its works for me...i hope its work for u as well

download this file and replace it with: /DOLPHIN DIRECTORY/inc/security.inc.php

http://www.mediafire.com/?hciyinnjn20

thanks bilal

I just installed Dolphin 7 RC and went in to edit the Navigation Menu.  I wanted to make the Group module viewable only by members.  When I clicked on save changes, it froze up.  Shortly after that I got an email about a possible attack.  I tried both fixes in this thread but it still doesn't work.  What can I do?

Event star i had man the same problem no one has help me sort it out and it's not only in group , check my post here and confirm to me if you can't save even in the ones i state in my post ok mate :

http://www.boonex.com/unity/forums/topic/Possible-Attack-in-admin-area-2009-11-07.htm

Yes, it looks like its the same spots.  However, I just noticed that a ticket has been opened for the problem:

http://www.boonex.com/trac/dolphin/ticket/1467

So, I'm just going to wait until the next RC version and try again.