 hi, i used to embed videos in orca in my dolphin 6.1.6 but since i upgraded to d7 i cant embed videos in orca forum anymore. i know i can embed videos in video area but i would like to embed in orca forum as well. can some one tell me how can i change the settings ? i did it in D6.1.6 but i cant remember now. regards. mchauhan Regards........ M.Chauhan U.K. |
anyone know about this ?? please help. Regards........ M.Chauhan U.K. |
you would grab the embed link from the video, and use the tinymce editor on the forum to post the embed link in as HTML. Regards, When a GIG is not enough --> Terabyte Dolphin Technical Support - Server Management and Support |
I had the same problem, after upgrading to RC2 it's gone. |
you would grab the embed link from the video, and use the tinymce editor on the forum to post the embed link in as HTML.
Regards,
thats what i do .... in the html box paste the embed code and then click update. it works fine upto this point. but when i click submit button in the actual post, i does not do anything .... is there any problem with this ?? is it a bug or just need some modification ??
cheerz for answers guys ..
regards.
mchauhan Regards........ M.Chauhan U.K. |
I had the same problem, after upgrading to RC2 it's gone. i have got rc2 already.
regads.
mchauhan Regards........ M.Chauhan U.K. |
I have another problem. And its a clean RC2 installation with migrated data from 6.1.6 After i have embbed youtube into orca topic i get email msg: security attack was stopped!Total impact: 70
shockwave-flash\" height=\"340\" width=\"560\" data=\"http://www.youtube.com/v/PwfZNsgOWGo&hl=ru_RU&fs=1&\">
<param name=\"allowFullScreen\" value=\"true\" /> <param name=\"allowscriptaccess\" value=\"always\" /> <param name=\"src\" value=\"http://www.youtube.com/v/PwfZNsgOWGo&amp;hl=ru_RU&amp;fs=1&amp;\" /> <param name=\"allowfullscreen\" value=\"true\" /> </object> </p> Impact: 35 | Tags: xss, csrf, id, rfe, lfi Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1 Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2 Description: finds malicious attribute injection attempts | Tags: xss, csrf | ID: 69 Description: Detects JavaScript language constructs | Tags: xss, csrf, id, rfe | ID: 20 Description: Detects JavaScript location/document property access and window access obfuscation | Tags: xss, csrf | ID: 23 Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33 Description: Detects possibly malicious html elements including some attributes | Tags: xss, csrf, id, rfe, lfi | ID: 38 Description: finds attribute breaking injections including obfuscated attributes | Tags: xss, csrf | ID: 68 Variable: POST.topic_text | Value: <p style=\"text-align: center;\"> <object type=\"application/x-shockwave-flash\" height=\"340\" width=\"560\" data=\"http://www.youtube.com/v/PwfZNsgOWGo&amp;hl=ru_RU&amp;fs=1&amp;\"> <param name=\"allowFullScreen\" value=\"true\" /> <param name=\"allowscriptaccess\" value=\"always\" /> <param name=\"src\" value=\"http://www.youtube.com/v/PwfZNsgOWGo&amp;hl=ru_RU&amp;fs=1&amp;\" /> <param name=\"allowfullscreen\" value=\"true\" /> </object> </p> Impact: 35 | Tags: xss, csrf, id, rfe, lfi Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1 Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2 Description: finds malicious attribute injection attempts | Tags: xss, csrf | ID: 69 Description: Detects JavaScript language constructs | Tags: xss, csrf, id, rfe | ID: 20 Description: Detects JavaScript location/document property access and window access obfuscation | Tags: xss, csrf | ID: 23 Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33 Description: Detects possibly malicious html elements including some attributes | Tags: xss, csrf, id, rfe, lfi | ID: 38 Description: finds attribute breaking injections including obfuscated attributes | Tags: xss, csrf | ID: 68 |
any ideas anyone ?? Regards........ M.Chauhan U.K. |
Works for me. My opinions expressed on this site, in no way represent those of Boonex or Boonex employees. |
When you embed a link from youtube, the information regarding the video is automatically pulled from youtube. You need to make sure that there are no hyperlinks or any other strange characters in the descriptions or titles of the video you upload. Easy solution is to embed the video using the link, write your own title and description :) Note that not all youtube videos are like this, just some. Chris Nothing to see here |
raise: Total security impact threshold to send report and block aggressor: to 70 in admin settings/advanced settings/ "other" arrow I have video tutorials to help you mrpowless.com |
raise: Total security impact threshold to send report and block aggressor: to 70 in admin settings/advanced settings/ "other" arrow nothing happens with this....
thanks for reply
regards.
mchauhan Regards........ M.Chauhan U.K. |
i did manage to embed any kind of videos and add images in orca forum of D6.1.6 using this example :
http://www.expertzzz.com/forumz/?action=goto&cat_id=1#action=goto&topic_id=17634
but i dnt how to do it in D7 orca forum.
any more suggestions ??
regards.
mchauhan Regards........ M.Chauhan U.K. |
any more suggestions anyone ??
may be someone form boonex admin please help.
regards.
mchauhan Regards........ M.Chauhan U.K. |
does no one know about thiis ?? Regards........ M.Chauhan U.K. |
Not sure how HL got this to work, but I tried it last night and it did nothing as well. When you paste the HTML code to embed the video, the shockwave box appears in the forum, but when you click submit, nothing happens. I received an email regarding a possible attack with a large Impact total (60+). So I am pretty sure this is getting stopped by the PHPIDS filter. A way that you could test this is to set both your total impact levels REAL high, like 150 (advanced settings> other) and try to post the link again to see if it works. But by no means would I keep it that high or you could be at risk for actual attacks. May need to look at Filtering for this if they want to allow Youtube video embedding into the forum. As you can see from proket's email, it detects alot of stuff: Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1 Chris Nothing to see here |
Not sure how HL got this to work, but I tried it last night and it did nothing as well. When you paste the HTML code to embed the video, the shockwave box appears in the forum, but when you click submit, nothing happens.
I received an email regarding a possible attack with a large Impact total (60+). So I am pretty sure this is getting stopped by the PHPIDS filter. A way that you could test this is to set both your total impact levels REAL high, like 150 (advanced settings> other) and try to post the link again to see if it works. But by no means would I keep it that high or you could be at risk for actual attacks.
May need to look at Filtering for this if they want to allow Youtube video embedding into the forum.
As you can see from proket's email, it detects alot of stuff:
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Chris
oh thanks chris... it does work with high value like 200.
i know its not secure.
so is there any way that i can set a high value for administrator and low value for normal users so they cannot put any malicious contents on my site through Cpanel. i looked in administrator folder in root but no luck. could you please explian if u know.
thanks.
regards.
mchauhan Regards........ M.Chauhan U.K. |
chris have u seen this yet ? Regards........ M.Chauhan U.K. |
To my knowledge there is no way to specify the impact levels based on "who" the member is (ex. Admin). The PHPIDS filter either needs to be "re-worked" or the forums need a way to add youtube videos to a post. I suppose that if it became a popular request that it might be considered for an enhancement request. You setting the impact levels high and it works, validates that this is being blocked by PHPIDS. Chris Nothing to see here |
To my knowledge there is no way to specify the impact levels based on "who" the member is (ex. Admin). The PHPIDS filter either needs to be "re-worked" or the forums need a way to add youtube videos to a post. I suppose that if it became a popular request that it might be considered for an enhancement request.
You setting the impact levels high and it works, validates that this is being blocked by PHPIDS.
Chris
Sorry if its a Dumb question. What is PHPIDS ??
can i see them somewhere in Cpanel ??
regards.
mchauhan Regards........ M.Chauhan U.K. |
I have video tutorials to help you mrpowless.com |
thanks mrpowless. #
i will definitely check it now.
regards.
mchauhan Regards........ M.Chauhan U.K. |
Unfortunately mchauhan, this is not something you can "see", disable or enable. The only thing you can control about this is the Total Impact levels. This is something new to D7, so its gonna take some time to "tweak" it just right and keep Dolphin sites safe at the same time. You can use the reference link provided by mrpowless (haha I got it right this time) for more information on "what" it does. Chris Nothing to see here |
ya ... i just had a look on that link now understand this software.
i can understand its there to make a site safe.. but i have found a solution...i just change the impact value to a high number when i want to embed something in forum. and after that just bring it back down.
by the way what was the default value ?? i did not pay attention... at the moment i have just set it to 30... still trying to get the default value ... if you still have default value in ur admin settings please let me know...
regards.
mchauhan Regards........ M.Chauhan U.K. |
The defaults are: 9 - to send the email notifications 27 - to block the user Chris Nothing to see here |
thanks chris...
i think we can set different impact values for different users.
if you go to /plugins/phpids thats where all the coding is sitting for phpids in D7.
i am not a php expert so i am not sure how to do it ... but some one with good knowledge should be able to make
some changes to set high impact value for administrator and moderators and very low value for others users of the site.
anyone with good php knowledge any suggestions ??
regards.
mchauhan Regards........ M.Chauhan U.K. |
