PDA

View Full Version : Big Problem


bigdon
29th November 2009, 07:01 PM
Hello

if you google for a link from my site clicks to get there is not as desired for entry but it comes the following announcement

Error:
Security violation attempt detected!
IP = xx.xx.xx.xx
Proxy =
are you trying to hack me duhdah?

can, as in that of any exhibitor Coverkill which the user via google will not be recognized as a hacker

ICEFIRE
29th November 2009, 08:59 PM
What link is it exactly?

Also what CjOverkill version are you using?

bigdon
29th November 2009, 09:49 PM
What link is it exactly?

Also what CjOverkill version are you using?


I use the version 4.1.2, I have sent you a pn

ICEFIRE
30th November 2009, 12:57 PM
Version 4.x accepts a maximum of 250 chars in any string passed to the server. This is the old behavior for http protocol.

Version 5.x has it to 1024 chars, that is the current behavior for http protocol.

You should upgrade to version 5.x and it will fix in the next google update.

cyonix
3rd December 2009, 11:11 PM
Hi icefire

is it possible to edit the source code of the 4.1.2 version that the version accept longer referer strings too?

i have made a lot of mods for 4.1.2 for personal use, and i have the same problem, but i dont want to upgrade to Cjoverkill v5, because than i lose all my modifications.

would be nice if you can give us a solution ;)

edit:

i have found the following line in the in.php


Line 113 "if (strlen($referer)>256){"

i have edited 256 to 1256, and it worked for me, is it a real solution which works for every visitor of my website? that would be nice. does it take a security risk to set this value higher?

ICEFIRE
4th December 2009, 01:21 AM
You can change the strlen value to 1024 or more. It's not a security problem for CjOverkill itself, but it may be a problem for other scripts you run. If it works for you, then it's ok.

cyonix
4th December 2009, 01:39 AM
hi :)

which problems could be faced on other scripts, if i change this value?

ICEFIRE
4th December 2009, 02:52 AM
This value basically cuts the strings that are passed to your site.

For example, a buggy wp version would be protected to some extent from automated robots with that.

Of course, if your other scripts have no security bugs, then this is not a problem at all to be changed. In any case, in version 5.x it just cuts the strings to the maximum value the server should accept ignoring several automated bots that way, but nothing else.