Elxis CMS Forum

Support => Security => Topic started by: datahell on July 08, 2013, 22:24:37

Title: Elxis defender doesnt like torrents
Post by: datahell on July 08, 2013, 22:24:37

Have you ever been banned by Elxis Defender in your local Elxis 4.x installation without doing anything?
If you have and you didn't understood why, then you might be banned because you had μtorrent/utorrent running on the same time!
It seems that Elxis Defender doesn't like pirate downloads :-)
The reason for the ban is that μtorrent silently queries your local pc with the "%0" pattern which triggers Elxis defender security filters. This is a proof on how effective Elxis Defender is against attacks from sources you could never imagine. I believe with a little tweak we can use Elxis Defender as anti-virus too ;D

Today's security alert from my local Elxis installation due to μtorrent:

Code: [Select]

Elxis Defender blocked an attack to your site!
Reference code: SEC-DEFG-0004

Elxis Defender report
Signatures: general
Match method: inmatch
Haystack: query
Pattern match: %0
Reason: RFI attack/SQL injection (Unprintable ASCII escaping).
The guest has been BANNED as he was blocked by Elxis Defender 3 times!

Requested URI:
IP address: 127.0.0.1
Hostname: ios
User agent: uTorrent/2210(25130)
Date (UTC): 2013-07-08 18:21:17
Site URL: http://elxis4.loc
My query is why μtorrent/utorrent queries port 80? Does anyone knows?

Title: Re: Elxis defender doesnt like torrents
Post by: webgift on July 10, 2013, 11:36:53

Port 80 is most often used by HTTP protocol. Did you use the search tool of utorrent* application? Below are the default search providers :

Quote

BitTorrent|http://www.bittorrent.com/search?client=%v&search=
Mininova|http://www.mininova.org/search/?cat=0&search=

* I use utorrent 3.2.1.

I think that it's time to extend elxis project regarding the security.  ;D I recently read what we can do with PHP:
- Writing desktop applications. PHP is probably not the very best language to create a desktop application with a graphical user interface, but if you know PHP very well, and would like to use some advanced PHP features in your client-side applications you can also use PHP-GTK to write such programs. You also have the ability to write cross-platform applications this way. PHP-GTK (http://gtk.php.net/) is an extension to PHP, not available in the main distribution.

Title: Re: Elxis defender doesnt like torrents
Post by: datahell on July 10, 2013, 13:48:32

I didn't used search but even in this case it seems weird. Why bittorrent to query port 80 in my local apache installation? The excpected behavior I think is to search the file system, not my local web.

I have developed php-gtk applications a few years ago, it is easy to do so if you know php.