cpg1.4.10 and Snort cpg1.4.10 and Snort
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

cpg1.4.10 and Snort

Started by mrn, January 22, 2007, 10:11:59 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

mrn

Hello there

I had upgrade my gallery from cpg1.4.X  to cpg1.4.10 a few weeks ago, and everything is working ok but that i am receiving a lot of complains from users that say when try to upload a file, the gallery shows a message like:
"The conection was lost, try to connect again"
The users try to connect again, but the browser say:
"The server you are trying to connect is taking too long to response" and really they cant connect again.

After some investigations i had discovered that the users are being banned from the web server because Snort is installed on it and it says they are "suspected intruders" because they has attempted id command access via web, like related on this link: http://www.snort.org/pub-bin/sigs.cgi?sid=1333

I had commented the line:

# include $RULE_PATH/web-attacks.rules

at my /etc/snort.conf and now users can upload photos again, but i whould like to check for web-attacks again, because there is forums and other applications installed on the same server.

Anybody knows if coppermine really needs the id command or if it can be disabled?
Other ways to fix the problem?

Thanks to read, sorry about my poor english

Regards

Nibbler

It doesn't, must be a false positive.

mrn

Hello Nibbler
I dont know if is a false o true positive, but the only way users can upload photos at my gallery is disabling web-attacks rule, which blocks users because coppermine uses id command via web and its supposed an agression.
Why coppermine needs to know what users i have on my server?

Thank you

Regards

Nibbler

It doesn't. It is a false positive. Locate and disable the specific rule in the file that causes the problem.