Results 1 to 7 of 7

Thread: user/forum admin blocked again and again - ALERT - ASCII-NUL chars not allowed

  1. #1
    Registered Member
    Join Date
    Mar 2004
    Posts
    1,069

    Default user/forum admin blocked again and again - ALERT - ASCII-NUL chars not allowed

    We have a hosted customer who is maintaining a UBB forum, but is being blocked again and again with the resulting log entire below:

    [Fri Aug 21 12:10:59 2009] [error] [client 74.195.252.71] ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'ubbt_admin' (attacker '74.195.252.71', file '/home/[userid]/public_html/[path to the forum admin script]'), referer: Home[path to the forum admin script]

    I am also finding this in the /var/messages logs:

    Aug 21 12:20:35 pulsar suhosin[24306]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'ubbt_admin' (attacker '74.195.252.71', file '/home/[userid]/public_html/[path to the forum admin script]')

    The hosted members claims to be on a PC that is currently virus free, although earlier in the month he had some cleanup to do in this regard.

    Any idea what could be going on here?

    Thanks much!

  2. #2
    Registered Member
    Join Date
    Jan 2006
    Location
    India
    Posts
    31

    Default

    Please make sure that you are using the latest version of the application.
    --
    Sanju Abraham
    sanjuak@gmail.com

  3. #3
    Registered Member
    Join Date
    Mar 2004
    Posts
    1,069

    Default

    Thanks, but they are using the most recent version of UBB.

  4. #4
    cPanel Product Evangelist Infopro's Avatar
    Join Date
    May 2003
    Location
    Pennsylvania
    Posts
    11,454
    cPanel Access Level

    Root Administrator

    Lightbulb

    Isn't this your answer?

    Aug 21 12:20:35 pulsar suhosin[24306]:

  5. #5
    Registered User
    Join Date
    Mar 2002
    Location
    Dallas, TX
    Posts
    103
    cPanel Access Level

    Root Administrator

    Default

    Here's a suggestion. Try editing the suhosin settings to allow the ASCI-NULL. Edit your /usr/local/lib/php.ini and add this in the [suhosin] section:

    suhosin.cookie.disallow_nul = Off
    suhosin.get.disallow_nul = Off
    suhosin.post.disallow_nul = Off
    suhosin.request.disallow_nul = Off

    Then restart apache and see if that helps.

  6. #6
    Registered Member
    Join Date
    Mar 2004
    Posts
    1,069

    Default

    Quote Originally Posted by alwaysweb View Post
    Here's a suggestion. Try editing the suhosin settings to allow the ASCI-NULL. Edit your /usr/local/lib/php.ini and add this in the [suhosin] section:

    suhosin.cookie.disallow_nul = Off
    suhosin.get.disallow_nul = Off
    suhosin.post.disallow_nul = Off
    suhosin.request.disallow_nul = Off

    Then restart apache and see if that helps.
    Thanks very much for your help alwaysweb!

    However, I have a (potentially stupid) question:

    Won't this make the server less secure?

  7. #7
    Registered User
    Join Date
    Mar 2002
    Location
    Dallas, TX
    Posts
    103
    cPanel Access Level

    Root Administrator

    Default

    I dont' know of any attacks that use asci-null characters directly, but i'm sure there are some. Really we're just disabling a few rules that are causing false positives. However, its up to you. Its a balance between security and convenience (or usability).

Similar Threads

  1. Username allowed chars
    By critical_error in forum General Discussion
    Replies: 2
    Last Post: 01-31-2012, 04:05 AM
  2. Change max allowed user id chars?
    By zwolf in forum General Discussion
    Replies: 1
    Last Post: 01-10-2007, 10:59 AM
  3. To Nick / Cpanel Forum Admin
    By billau in forum General Discussion
    Replies: 1
    Last Post: 08-01-2004, 04:35 AM
bargain