Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: cpg1.4.10 and Snort  (Read 2513 times)

0 Members and 1 Guest are viewing this topic.

mrn

  • Coppermine newbie
  • Offline Offline
  • Posts: 4
cpg1.4.10 and Snort
« on: January 22, 2007, 10:11:59 am »

Hello there

I had upgrade my gallery from cpg1.4.X  to cpg1.4.10 a few weeks ago, and everything is working ok but that i am receiving a lot of complains from users that say when try to upload a file, the gallery shows a message like:
"The conection was lost, try to connect again"
The users try to connect again, but the browser say:
"The server you are trying to connect is taking too long to response" and really they cant connect again.

After some investigations i had discovered that the users are being banned from the web server because Snort is installed on it and it says they are "suspected intruders" because they has attempted id command access via web, like related on this link: http://www.snort.org/pub-bin/sigs.cgi?sid=1333

I had commented the line:

# include $RULE_PATH/web-attacks.rules

at my /etc/snort.conf and now users can upload photos again, but i whould like to check for web-attacks again, because there is forums and other applications installed on the same server.

Anybody knows if coppermine really needs the id command or if it can be disabled?
Other ways to fix the problem?

Thanks to read, sorry about my poor english

Regards
Logged

Nibbler

  • Guest
Re: cpg1.4.10 and Snort
« Reply #1 on: January 22, 2007, 12:23:13 pm »

It doesn't, must be a false positive.
Logged

mrn

  • Coppermine newbie
  • Offline Offline
  • Posts: 4
Re: cpg1.4.10 and Snort
« Reply #2 on: January 25, 2007, 12:26:22 am »

Hello Nibbler
I dont know if is a false o true positive, but the only way users can upload photos at my gallery is disabling web-attacks rule, which blocks users because coppermine uses id command via web and its supposed an agression.
Why coppermine needs to know what users i have on my server?

Thank you

Regards
Logged

Nibbler

  • Guest
Re: cpg1.4.10 and Snort
« Reply #3 on: January 25, 2007, 12:34:16 am »

It doesn't. It is a false positive. Locate and disable the specific rule in the file that causes the problem.
Logged
Pages: [1]   Go Up
 

Page created in 0.02 seconds with 20 queries.