Gossamer Forum
(Advanced Search)
for
Home : Products : Links 2.0 : Customization :

Problems with Lockdown

May 18, 1999, 12:04 PM
XanthisHP
User (148 posts)
May 18, 1999, 12:04 PM
Post #1 of 14
Views: 3755
Shortcut
Quote Reply
Problems with Lockdown
I tried installing lockdown on a remote NT server without success. There's no permission settings for the server cause it's already set on read/write/execute. Anyway, I have edited the script to point to the *.log* files correctly and have inserted:

require 'd:/inetpub/cgi-bin/protect.pl';
&ru_in;

before the eval command in admin.cgi right after the first set of comments. After uploading, I get a form in which it detects that I am a new user. I fill the form and it still have the same form after clicking on it. I refreshed it and it does the same thing. I look in the protperls dir to see if pass.txt is created. Pass.txt is not created. Can anyone help me?

XanthisHP
http://www.clanworld.org/egn
EGN3D
May 19, 1999, 4:54 AM
phoule
User (194 posts)
May 19, 1999, 4:54 AM
Post #2 of 14
Views: 3707
Shortcut
Quote Reply
Re: Problems with Lockdown In reply to
Hi ya,

Well I don't know much about how the NT Perl works...so I don't know if I can help you with this.

But I did think that NT paths were specified Windoze style, meaning that you should try using:

require 'D:\path\to\protect.pl';

rather than:

require 'd:/path/tp/protect.pl';

I could be wrong...

Rod
Jun 22, 1999, 4:56 AM
XanthisHP
User (148 posts)
Jun 22, 1999, 4:56 AM
Post #3 of 14
Views: 3698
Shortcut
Quote Reply
Re: Problems with Lockdown In reply to
I tried to use Lockdown on my NT account without success so I turned to other ways. I found a method which you insert into your cgi scripts to prevent access. What you do is you log in with a password and login. It will check against a file which I renamed as password.cgi instead of password.txt so that when someone tries to read it, it will try to execute. If it corrects, it will copy the IP address down into a log.cgi file. When you try to log into your scripts, the first thing is that it will check your IP against the log.cgi to see if it matches then logs in. You can logout and it will remove the ip from the file. The problem is that I use links with a staff I rounded up. When one person uses it, it will clear the log.cgi and rewrite a new IP. One of the users will be able to access the scripts, but not simutaneously. I'll look into my files to show you how I did it. {I just got my site back up due to a network move. . .} Smile

------------------
XanthisHP
http://boom.home.dhs.org
BOOM! Flash 3 Resource - When there's a Flash, there's a BOOM!
Jun 22, 1999, 6:32 AM
XanthisHP
User (148 posts)
Jun 22, 1999, 6:32 AM
Post #4 of 14
Views: 3688
Shortcut
Quote Reply
Re: Problems with Lockdown In reply to
I just finished reading through 1,200 posts today with another a couple of hundreds later today. Anyway quickly, here's how I protected my scripts in NT:

I have lots of scripts, so I basically made a frame in 2 parts, one the menu to pick which script I want to log in. Also in the menu is logon/logoff script. This is the script:

Logon.pl
Code:
#!/usr/local/bin/perl
#######################################################################
# logon.cgi Log On Script
# Created by Craig David Horton chorton@neo.lrun.com
# Copyright (c) 1996 All Rights Reserved.
#
# This script MAY NOT be redistributed for any reason without
# the expressed written consent of the author . All copyrights reserved.
########################################################################

# Define location of passwd.txt file as created from Matt's Script Archive.
$passfile="d:/inetpub/youdirectory/password.cgi";
$logfile ="d:/inetpub/youdirectory/logon.cgi";

# Get the input
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});

# Split the name-value pairs
@pairs = split(/&/, $buffer);

foreach $pair (@pairs)
{
($name, $value) = split(/=/, $pair);

# Un-Webify plus signs and %-encoding
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

$FORM{$name} = $value;
}

if ($ENV{'REQUEST_METHOD'} eq "POST") {

# Print out a content-type for HTTP/1.0 compatibility
print "Content-type: text/html\n\n";

open(PASSWD,"$passfile") | | die $!;
$passwd_line = <PASSWD>;
chop($passwd_line) if $passwd_line =~ /\n$/;
close(PASSWD);

($username,$passwd) = split(/:/,$passwd_line);

$test_passwd = crypt($FORM{'password'}, substr($passwd, 0, 2));
open(FILE,">$logfile") &#0124; &#0124; die $!;
if (!($test_passwd eq $passwd && $FORM{'username'} eq $username)) {
$access="No One";
} else {
$access=$ENV{'REMOTE_HOST'};
}
print FILE "$access";
close(FILE);

print "<Head><Title>DBasics Log In Script</Title></Head>\n";
print "<h1><center>$access Logged On</center></H1>\n";
print "</body></html>\n";
exit;


} else {

# Print out a content-type for HTTP/1.0 compatibility
print "Content-type: text/html\n\n";

print "<Head><Title>DBasics Log In Script</Title></Head>\n";
print "<h1><center>DBasics Log In Script</center></H1>\n";
print "<FORM METHOD=\"POST\" ACTION=\"logon.pl\">\n";
print "<center><p><b>Username: </b><input type=text name=\"username\"> ";
print "<b>Password: </b><input type=password name=\"password\">\n";
print "<P><input type=submit> <input type=reset></center>\n";
print "</form></body></html>\n";
exit;
}

# END OF SCRIPT

You will need make a password.cgi and a logon.cgi in your directory. Make sure you modify logon.pl to point to the those files. For password.cgi, you will need encrypt the password and put it into the format:

logon:aaTPRWbi3eh7Q

where logon is the user name and aaTPRWbi3eh7Q is the encrypted password.

Now put this little code snippet into the scripts you wanted to protect:

# Place This Snippet At Top of Sensite Scripts
$logfile ="d:/inetpub/yourdirectory/cgi-bin/logon.cgi";
open(FILE,"$logfile") &#0124; &#0124; die $!;
$logon=<FILE>;
close(FILE);
if ($ENV{'REMOTE_HOST'} ne $logon) { exit; }
# End of Snippet

That's basically it. Now logon to logon.pl and enter the login/password then you can start using your scripts. Be sure to logout to erase your IP just in case of IP spoofing.

The only problem is users cannot login simutaneously. Does anyone know a way to let it do that? I would gladly appreciate it.

------------------
XanthisHP
http://boom.home.dhs.org
BOOM! Flash 3 Resource - When there's a Flash, there's a BOOM!
Jun 22, 1999, 9:46 AM
JoSo
New User (2 posts)
Jun 22, 1999, 9:46 AM
Post #5 of 14
Views: 3709
Shortcut
Quote Reply
Re: Problems with Lockdown In reply to
Hi Rod,

I've got the same problem as Xanthis has. I've installed your script on NT as should be done and the program freezes at creating new user. Debug="ON" does not function at this point. The problem is NOT caused by the style of the path-statement. I've put a fake pass.txt in the protperls dir and then the program send me off to the place I wanted hackers to be sent. It created hacker.log and lockoutfile.ip as it should.
So please, can you help? This program seems to be the only way to protect my admin.cgi

Jo
Jun 22, 1999, 4:53 PM
eb
Novice (19 posts)
Jun 22, 1999, 4:53 PM
Post #6 of 14
Views: 3727
Shortcut
Quote Reply
Re: Problems with Lockdown In reply to
I did what you showed and received a syntax error
line 26, near "| |"
line 32, near "| |"
any suggestions what might be needed?
Jun 22, 1999, 5:13 PM
XanthisHP
User (148 posts)
Jun 22, 1999, 5:13 PM
Post #7 of 14
Views: 3733
Shortcut
Quote Reply
Re: Problems with Lockdown In reply to
Can you give the full error code that the server gives?

------------------
XanthisHP
http://boom.home.dhs.org
BOOM! Flash 3 Resource - When there's a Flash, there's a BOOM!
Jun 22, 1999, 5:38 PM
eb
Novice (19 posts)
Jun 22, 1999, 5:38 PM
Post #8 of 14
Views: 3698
Shortcut
Quote Reply
Re: Problems with Lockdown In reply to
CGI Error
The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are:


syntax error at L:\Inetpub\wwwroot\mainfolder\sitename\cgi-bin\main\admin\logon.pl line 26, near "| |"
syntax error at L:\Inetpub\wwwroot\mainfolder\sitename\cgi-bin\main\admin\logon.pl line 32, near "| |"
Execution of L:\Inetpub\wwwroot\mainfolder\sitename\cgi-bin\main\admin\logon.pl aborted due to compilation errors.

Thanks for any help
Jun 22, 1999, 5:48 PM
widgetz
Veteran (2260 posts)
Jun 22, 1999, 5:48 PM
Post #9 of 14
Views: 3723
Shortcut
Quote Reply
Re: Problems with Lockdown In reply to
ok.. the | | thing is this message's board problem...

basically.. | | should be connected.. not without a space in the middle... this message board seperates them for some reason...

Code:
change: "| |" to "| |" (WELL THAT DIDN'T WORK!! Smile just change it so it doesn't have a space in the middle.

hope that helps,
Jerry

[This message has been edited by widgetz (edited June 22, 1999).]

[This message has been edited by widgetz (edited June 22, 1999).]
Jun 22, 1999, 6:05 PM
eb
Novice (19 posts)
Jun 22, 1999, 6:05 PM
Post #10 of 14
Views: 3697
Shortcut
Quote Reply
Re: Problems with Lockdown In reply to
Getting closer. Thanks for the &#0124; &#0124; input
now getting this error after
The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are:
it is letting me logon but not letting me run admin or other files
Jun 23, 1999, 1:26 AM
JoSo
New User (2 posts)
Jun 23, 1999, 1:26 AM
Post #11 of 14
Views: 3712
Shortcut
Quote Reply
Re: Problems with Lockdown In reply to
Xanthis,

Great, thank you VERY much, that option works!

PS Eb, there's a "&#0124; &#0124;" in the snippet too

Jo

[This message has been edited by JoSo (edited June 23, 1999).]
Jun 23, 1999, 4:11 AM
XanthisHP
User (148 posts)
Jun 23, 1999, 4:11 AM
Post #12 of 14
Views: 3685
Shortcut
Quote Reply
Re: Problems with Lockdown In reply to
eb, if you are getting that error while trying to access your scripts, that is what is suppose to do. Take a look at your logon.cgi file to see if your IP matches what is in there after you input the login/password. If it doesn't match, you are doing something wrong. It could be that you are not referencing to the files correctly.

If you logged into logon.cgi and inputted your password/logon correctly, it should return the IP address message showing your IP logged.

------------------
XanthisHP
http://boom.home.dhs.org
BOOM! Flash 3 Resource - When there's a Flash, there's a BOOM!
Jun 23, 1999, 4:45 AM
eb
Novice (19 posts)
Jun 23, 1999, 4:45 AM
Post #13 of 14
Views: 3701
Shortcut
Quote Reply
Re: Problems with Lockdown In reply to
i understand the logon.pl
and password.cgi
i encrypted the password
what exactly is in the logon.cgi
I left it empty and tehn after loggin in to the logon.pl. Then it tells me NO ONE LOGGED ON> also stores that in my logon.cgi.
hmmmm will play around with it some more today. Thanks for the great help so far Smile
Jun 23, 1999, 5:30 AM
eb
Novice (19 posts)
Jun 23, 1999, 5:30 AM
Post #14 of 14
Views: 3706
Shortcut
Quote Reply
Re: Problems with Lockdown In reply to
ok. So here is where i am at.
If i put the snippet into scripts and upload, they will not let in anyone. If i manually put my current IP in the logon.cgi file, it will only let me run the scripts. So far so god Smile
So it seems that the only part i must be messing up is the logon.pl script. Whenever i go to the logon input, and use my id and password, it goes to a screen that says Noone logged on.
and will write that to the logon.cgi file.
so I need to figure out what must be happenning instead of writing my IP into that file.
Thanks again for all your help.