Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Senteniel Block Question
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
leo51
Worker
Worker



Joined: Sep 09, 2004
Posts: 106
Location: Canada
PostPosted: Sat Jul 08, 2006 11:13 am Reply with quote
I am not sure if its OK to post this here but I really need an answer and not sure where actually to address the question. Sorry if I am at the wrong Place.

Ever so offten senteniel is doing it job when it sees something that it don't like. However, I am a but concern if all of these blockings are hacking attempt or eligimate users just typing the wrong thing. Therefore, I am loosing visitors who gets block just because they type something wrong.

Can someone familar with Senteniel look at the following because almost everday I am getting this similar blocks and is now wondering mainly since I see this time its from aol. I am using Raven76

Thanks.



wondering if itDate & Time: 2006-07-08 10:35:21 CDT GMT -0500
Blocked IP: 172.202.140.132
User ID: Anonymous (1)
Reason: Abuse-Referer
String Match: xxxx:
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Query String: bobofindit.com/index.php?none
Get String: bobofindit.com/index.php
Post String: bobofindit.com/index.php
Forwarded For: none
Client IP: none
Remote Address: 172.202.140.132
Remote Port: 2240
Request Method: GET
--------------------
Who-Is for IP
172.202.140.132

OrgName: America Online
OrgID: AOL
Address: 22000 AOL Way
City: Dulles
StateProv: VA
PostalCode: 20166
Country: US

NetRange: 172.192.0.0 - 172.216.255.255
CIDR: 172.192.0.0/12, 172.208.0.0/13, 172.216.0.0/16
NetName: AOL-172BLK-2
NetHandle: NET-172-192-0-0-1
Parent: NET-172-0-0-0-0
NetType: Direct Allocation
NameServer: DAHA-01.NS.AOL.COM
NameServer: DAHA-02.NS.AOL.COM
NameServer: DAHA-07.NS.AOL.COM
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2002-02-13
Updated: 2004-12-22

RTechHandle: AOL-NOC-ARIN
RTechName: America Online, Inc.
RTechPhone: +1-703-265-4670
RTechEmail: [ Only registered users can see links on this board! Get registered or login! ]

OrgAbuseHandle: AOL382-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-703-265-4670
OrgAbuseEmail: [ Only registered users can see links on this board! Get registered or login! ]

OrgNOCHandle: AOL236-ARIN
OrgNOCName: NOC
OrgNOCPhone: +1-703-265-4670
OrgNOCEmail: [ Only registered users can see links on this board! Get registered or login! ]

OrgTechHandle: AOL-NOC-ARIN
OrgTechName: America Online, Inc.
OrgTechPhone: +1-703-265-4670
OrgTechEmail: [ Only registered users can see links on this board! Get registered or login! ]
 
View user's profile Send private message Visit poster's website MSN Messenger
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
PostPosted: Sat Jul 08, 2006 11:51 am Reply with quote
This one is common enough. They were blocked because their IP was hidden. Or more accurately, either AOL or the users firewall is substituting their true referer id with 'xxxx' to make them harder to trace.

To stop this happening all you have to do is got to the referer blocker configuration and remove the line that says 'xxxx' from the list and save.

BUT - before you go rushing off to do the miracle cure thing, asl yourself two important questions....
1. Do you want to allow anyone who tries to hide their IP from accessing your site.
2. Knowing that when they were banned they would have seen the appropriate template message warning which says something like "If you think this was a mistake, contact the Webmaster at youATyoursiteDOTcom" - how many of these banned people bothered to email you and explain it WAS a mistake?
 
View user's profile Send private message Send e-mail
leo51
PostPosted: Sat Jul 08, 2006 12:17 pm Reply with quote
Guardian2003 wrote:
This one is common enough. They were blocked because their IP was hidden. Or more accurately, either AOL or the users firewall is substituting their true referer id with 'xxxx' to make them harder to trace.

To stop this happening all you have to do is got to the referer blocker configuration and remove the line that says 'xxxx' from the list and save.

BUT - before you go rushing off to do the miracle cure thing, asl yourself two important questions....
1. Do you want to allow anyone who tries to hide their IP from accessing your site.
2. Knowing that when they were banned they would have seen the appropriate template message warning which says something like "If you think this was a mistake, contact the Webmaster at youATyoursiteDOTcom" - how many of these banned people bothered to email you and explain it WAS a mistake?


OK, Thanks very much for the quick response. I will not change the settings at this time or may be never because I do hate people hiding there IP or using proxy.

In the first place, I went to the lengths to protect my site, and yes, now I remember that is after I did some reading on Senteniel and add the settings I stated seeing blocks as this one.

While on the subject, I did turn proxy on and had a friend come to the site through a proxy and got through. Is the proxy setting not ment to stop that?

Again, Many Thanks.
 
Guardian2003
PostPosted: Sat Jul 08, 2006 2:25 pm Reply with quote
Normally, if the 'block proxies' is urned on it should block them but there may be others reasons why it didnt such as if they were an admin or the IP was in the excluded or protected range.
 
leo51
PostPosted: Sat Jul 08, 2006 3:28 pm Reply with quote
Guardian2003 wrote:
Normally, if the 'block proxies' is urned on it should block them but there may be others reasons why it didnt such as if they were an admin or the IP was in the excluded or protected range.


OK, Thanks.

None of the two were true. I just set the option to "yes", called up my nephew let him turnon his proxy software and try to reach the site and he did but I might have missed another option to set it right or as your said, some other reason.

Will run another test sometime and watch out for what I might have not done right.

I don't remember from which country that he pick up the IP but he is using the same ISP as I am. We just live some miles apart.

Thanks, Again
 
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
PostPosted: Sun Jul 09, 2006 8:04 am Reply with quote
There are three levels of proxy blocking in NS. Which one did you choose? Have you tried all three and he is still not getting blocked?

However, please look at the pop-up help on that field in the NS administration. "This is not 100%".

_________________
Where Do YOU Stand?
HTML Newsletter::ShortLinks::Mailer::Downloads and more... 
View user's profile Send private message Visit poster's website
leo51
PostPosted: Sun Jul 09, 2006 2:43 pm Reply with quote
OK, Then Thanks.

I will report back after I run those test again.

From my installation of Ravennuke76, when I click on the question makes there is no popup windows while I can see the code on the status bar.

Not sure what's the problem. Will also take a closer look at the setting in NS.


Thanks.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©