Security Attack after upgrade to 7.0.5

Hi to all,

today i upgrade my site to 7.0.5 and i get this mail :

Total impact: 12

Affected tags: dt, id, lfi, xss, csrf, rfe

Variable: COOKIE.memberSession | Value: e/g8siEMGez7y/96B9AGNJ2Q./mZd4hJ

Impact: 5 | Tags: dt, id, lfi

Description: Detects basic directory traversal | Tags: dt, id, lfi | ID: 10

Variable: COOKIE.trafic_h | Value: 9e9d36723l37f478ed7dbc849be669c6*1275207209*xxx*1280392749*1282242056*4

Impact: 7 | Tags: xss, csrf, id, rfe, lfi

Description: Detects unknown attack vectors based on PHPIDS Centrifuge detection | Tags: xss, csrf, id, rfe, lfi | ID: 67

Centrifuge detection data  Threshold: 3.49  Ratio: 3.2857142857143

REMOTE_ADDR: 188.24.96.66

HTTP_X_FORWARDED_FOR:

HTTP_CLIENT_IP:

SCRIPT_FILENAME: /var/www/vhosts/xxx/httpdocs/member_menu_queries.php

QUERY_STRING: action=get_bubbles_values&bubbles=Spy%3A0%2CFriends%3A0%2C&_r=0.001572110690176487

REQUEST_URI: /member_menu_queries.php?action=get_bubbles_values&bubbles=Spy%3A0%2CFriends%3A0%2C&_r=0.001572110690176487

QUERY_STRING: action=get_bubbles_values&bubbles=Spy%3A0%2CFriends%3A0%2C&_r=0.001572110690176487

SCRIPT_NAME: /member_menu_queries.php

PHP_SELF: /member_menu_queries.php

I have set both the total security impact to -1

And also a mail from the cron with this error :

PHP Warning:  set_time_limit(): Cannot set time limit in safe mode in /var/www/vhosts/xxx/httpdocs/inc/classes/BxDolCronNotifies.php on line 30

Warning: set_time_limit(): Cannot set time limit in safe mode in /var/www/vhosts/xxx/httpdocs/inc/classes/BxDolCronNotifies.php on line 30

Somebody can help me? thank you

Salutare ! ;)

Yup, I can help you mate !
It's because of your trafic.ro java script loader . the trafic.ro tracking script sets a COOKIE called trafic_h

All you need to do is open /IDS/Config/Config.ini.php or whatever your config file is and ADD an exception . same style as for adsense, analytics .. so here it is :

ADD THE LINES :

    exceptions[]    = GET.trafic_h
    exceptions[]    = REQUEST.trafic_h
    exceptions[]    = COOKIE.trafic_h

Also I can see that you have problems with another cookie : COOKIE.memberSession so also add :

    exceptions[]    = GET.memberSession
    exceptions[]    = REQUEST.memberSession
    exceptions[]    = COOKIE.memberSession

I don't know if you need the request and get lines, i just added them to skip this error for trusted scrits (this goes for both the trafic.ro cookie and your membersession cookie).

All the exceptions in my config file :

    ; define which fields shouldn't be monitored (a[b]=c should be referenced via a.b)
    exceptions[]    = GET.__utmz
    exceptions[]    = GET.__utmc
    exceptions[]    = REQUEST.__utmz
    exceptions[]    = REQUEST.__utmc
    exceptions[]    = REQUEST.__gads
    exceptions[]    = COOKIE.__utmz
    exceptions[]    = COOKIE.__utmc  
    exceptions[]    = COOKIE.__gads
    exceptions[]    = GET.trafic_h
    exceptions[]    = REQUEST.trafic_h   
    exceptions[]    = COOKIE.trafic_h


Hai noroace ;)

[EOF-:)] - skilledhat -

Or just do what boonex did by default in later versions when they realized it was a flop. Shut the stupid thing off.

See this topic.

http://www.boonex.com/forums/topic/Troubleshooting-Possible-Security-Attacks-.htm

 Do people find these old threads in Google and then respond without looking at the date? I'm just trying to figure out why we have so many new posters that reply to 1, 2 or even 3 or 4 year old threads like it was just posted. 

Hmmm, Maybe i should have looked myself.