FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » Bug Reports » INSERTions into ses table for unknown users (Fantom sessions?)
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: INSERTions into ses table for unknown users [message #168064 is a reply to message #168063] Wed, 09 January 2013 02:14 Go to previous messageGo to previous message
San ??????? is currently offline  San ???????
Messages: 4
Registered: January 2013
Karma:
Junior Member

I applied following quick&dirty hack to prevent my site from that kind of attacks:

306c306
<       do {
---
>       /* do { */
307a308
>               $id = $uid;
309c310
<       } while (!($id = db_li("INSERT INTO 2frmdb_ses (ses_id, time_sec, sys_id, user_id) VALUES ('".$ses_id."', ".__request_timestamp__.", '".ses_make_sysid()."', ".$uid.')', $ef, 1)));
---
>       /* } while (!($id = db_li("INSERT INTO 2frmdb_ses (ses_id, time_sec, sys_id, user_id) VALUES ('".$ses_id."', ".__request_timestamp__.", '".ses_make_sysid()."', ".$uid.')', $ef, 1))); */


The problem is that ses_anon_make() declared in more than one place. Strange code organization, yes...
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: CKEditor conflicts with default formatting tools
Next Topic: Censorship bug
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 23 03:06:23 GMT 2024

Total time taken to generate the page: 0.03604 seconds