Welcome to Geeklog Sunday, February 23 2020 @ 12:48 am EST

Geeklog Forums

Ban and Gallery


Status: offline

ajzz

Forum User
Regular Poster
Registered: 19/01/05
Posts: 113
Hello folks,

I am running Gallery1.x embedded in GL1.3.11x and was wondering if someone has experienced the follwing issue and whether it is in fact expected:

Although I have used the ban plugin to block a remote IP address, a bot is still able to access the gallery directory from the banned IP and in this case index an annoying 1000 pages a day. The ban seems to be effective for the rest of the site and attempts to index those pages fail and show in the ban log.

If this was intended behavior, please tell me how to work around the issue (short of using .htaccess which my host does not allow for this site).

Thanks,

Ajay
 Quote

Status: offline

tomw

Forum User
Full Member
Registered: 12/08/02
Posts: 300
Ban will only work for the Geeklog portion of the site. It comes into play when lib-common is loaded.
 Quote

Status: offline

ajzz

Forum User
Regular Poster
Registered: 19/01/05
Posts: 113
Thanks for the prompt reply TomW. So how would I go about loading lib-common when gallery pages open? Is this complicated or as simple as including a line in the wrappers?

Ajay
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
If you have Gallery integrated into Geeklog, then it already loads lib-common.php and the Ban plugin should do its work.

However, if these bots (or whatever) access the pictures directly (not through Gallery), then the Ban plugin is not activated. Only a .htaccess would help in that case (yes, I know ...).

bye, Dirk
 Quote

Status: offline

ajzz

Forum User
Regular Poster
Registered: 19/01/05
Posts: 113
In fact the first time I noticed this is via the GUS plugin where the Ban was on but there were still hits showing from this IP. The embedding was done at the Gallery config level and not by installing a separate integration plugin so we are subject to what gallery provides as headers.

The wrapper provided by gallery includes this in the header
PHP Formatted Code
        case 'GeekLog':
                /*
                ** Display header and left blocks
                */

$display = COM_siteHeader ();
$display .= COM_startBlock ('My Picture Gallery');
Echo $display;
//              echo COM_siteHeader();
        break;

 
which I though should take care of lib-common but I dont know enough.

Anyway, I have tweaked some register-global-check setting in gallery and will report if that made a difference. Meanwhile, any insights would be useful.

Ajay
 Quote

Status: offline

tomw

Forum User
Full Member
Registered: 12/08/02
Posts: 300
One issue that the ban plugin has always had is that it is sensitive to the order that plugins are loaded. To get around this I have always modified the query that sets the load order so that ban will load first and thus completely block access to all plugins. The way I do this is sort the query that gets the plugin names by plugin name. Since B is before all other plugins it loads first.

To do this in the current versions of Geeklog change the query in lib-plugins which loads the plugin names by adding " ORDER by pi_name" to the end of the query. I know, don't alter core files, but geeklog has no mechinism to order the loading of plugins. Note in older versions of geeklog the query is at the end of lib-common.

The code effected is below -- edited for your veiwing pleasure.

PHP Formatted Code
$result = DB_query("SELECT pi_name FROM {$_TABLES['plugins']} WHERE pi_enabled = 1 ORDER by pi_name");
$_PLUGINS = array();
while ($A = DB_fetchArray($result)) {
    $_PLUGINS[] = $A['pi_name'];

 
 Quote

Status: offline

ajzz

Forum User
Regular Poster
Registered: 19/01/05
Posts: 113
Hmm... the code from my install is pasted below. It is already sorted by plugin name. Any other ideas?
PHP Formatted Code
$result = DB_query("SELECT pi_name FROM {$_TABLES['plugins']} WHERE pi_enabled = 1 ORDER by pi_name");
$_PLUGINS = array();
while ($A = DB_fetchArray($result)) {
    $_PLUGINS[] = $A['pi_name'];
}

 
 Quote

Status: offline

tomw

Forum User
Full Member
Registered: 12/08/02
Posts: 300
Nope -- my quess is that gallery loads a bunch of stuff before lib-common and thus before ban comes into play.
 Quote

All times are EST. The time is now 12:48 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content