Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x
Author Message
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Sun Aug 06, 2006 4:45 pm Reply with quote

Leo:

I am looking. I thought I'd find the problem immediately, a missing space or quote that doesn't match but I don't see it. I will try to take a look tomorrow because the least I can do is duplicate the echoes on my own system even though I have a different version of Sentinel. I can't count the number of times I've thumped myself in the forehead for a simple syntax mistake but I just don't have the energy to try to duplicate it tonight and upload it etc.

The blank screen is why I suggested the backup and unless you feel like fiddling I'd revert. I'm sure I just made some "simple" syntax mistake but I need rested eyes to see it.
 
View user's profile Send private message Visit poster's website
leo51
Worker
Worker


Joined: Sep 09, 2004
Posts: 106
Location: Canada

PostPosted: Sun Aug 06, 2006 5:32 pm Reply with quote

OK, Let me see if I could explain this issue: Looking at the log when a successfully payment is made to Paypal and the results are written to my earning database:

Here is the process: (PayPal uses two ips for the process
(1) I Hit the donate.php
(2) Paypal (IP 1) return get my robots.txt
(3) Paypal (IP 1) need access to these strings in /includes/nukesentinel.php
Code:
        $db->sql_query('UPDATE `'.$prefix."_nsnst_flood` SET `lastpost` = '".time()."' WHERE `ip` = '".$nsnst_const['remote_ip']."'");

      } else {
        $db->sql_query('INSERT INTO `'.$prefix."_nsnst_flood` (`ip`, `lastpost`) VALUES ('".$nsnst_const['remote_ip']."', '".time()."')");
        $lpdelete = time() - 600;
        $db->sql_query('DELETE FROM `'.$prefix.'_nsnst_flood` ORDER BY `lastpost` LIMIT '.$ab_config['flood_del']);
        $db->sql_query('OPTIMIZE TABLE `'.$prefix.'_nsnst_flood`');
      }
    } else {
      // let's make a brand new cookie
      $lp = intval($HTTP_COOKIE_VARS['nsnst_flood_lastreq']);

(4)Paypal (IP 2) must POST /ws_donate.php?action=ipn.

(5) If the payment went through, I am taken back to my site and the ws_donate.php?action=success string is reported in my browser. Also, paypal IP 1 reports back to my site the same string as in condition 5.

Now when I have Sentinel "Enable" condition 2 & 3 are not taking place.

That's it .. In my opinion sentinel is the cause of my problem

Again Thanks for previous suggestions and any new which could help me.

Finally....The Good news

From my thinking, I replaced /includes/nukesentinel.php with version before NS2.5.0 and the results. OKOKOKOK--FINE. Therefore, how safe is it to run as this. I don't want by site to be hacked so I replaced back 2.5 and will hold.

Could the developers of Sentinel HELP ME OUT PLEASE.

=============


Last edited by leo51 on Sun Aug 06, 2006 9:29 pm; edited 5 times in total 
View user's profile Send private message Visit poster's website MSN Messenger
fkelly
PostPosted: Sun Aug 06, 2006 9:12 pm Reply with quote

Leo ... I will have to defer to higher authorities with Sentinel on this but good luck with it. I can say that unless there is a specific hack attack that you are looking to protect against you don't have to be at the bleeding edge of Sentinel releases to be "relatively" safe. The temporary solution that you've come up with should work fine until someone can do a file comparison and find out what is causing the problem with the most recent release.
 
leo51
PostPosted: Sun Aug 06, 2006 9:36 pm Reply with quote

Very encouraging, fkelly. Constructive conversations always get results and that what you guys have done to help me.

I am still a novice at this while I have been able to solve many of my issues simple because I love the challenge.

Again, Many Thanks and do enjoy the trip ----- play it safe lol
 
leo51
PostPosted: Mon Aug 28, 2006 12:49 pm Reply with quote

OK, I see that there is no further response since I last posted. Yes, my issues still exist and I have been monitoring the activities and trying to solve it but no results.

Here is what I have been able to notice carefully.

When I am use nukesentinel.php from 242pl9, my subscription activity gets added to the earning database and here is how. (I will use xs and also won’t post the entire strings in order not to compromise anything since I am not sure about what these strings represent during the paypal activite)

action (1) [click donate button]: MY Computer IP XXXXXXXX - - [28/Aug/2006:09:32:22 -0500] "POST /ws_donate.php

action (2) get paypal ipn: Paypal IP xxxxxxxx - - [28/Aug/2006:09:33:06 -0500] "POST /ws_donate.php?action=ipn HTTP/1.0" 200 1

action (3) <b>Paypal IP: XXXXXXXXX - - [28/Aug/2006:09:13:53 -0500] "GET /ws_donate.php?action=success&tx=xxxxxxxxxxx&st=Completed&xxxxx…..DELETE the rest.

Action (4) I return to my web site after making successful payment at Paypal: MY IP XX XXXXXX - - [28/Aug/2006:09:14:10 -0500] "GET /ws_donate.php?action=success&tx=xxxxxxxxxx&st=Completed&xxxxxx….DELETE the rest.</b> and the earnings database is updated.

(1) Now when I use nukesentinel.php from 252 my subscription activity will NOT get posted to the earnings database. I think that either the paypal return or my IP is being blocked from posting at this time.

(I update 250 t0 252 same issue)

Therefore, it could have to do with flooding since my IP did already post a few seconds before but I do not have this option activate:

But there is another issue, when using nukesentinel.php-242pl9 and there is a block, the IP is not written to the sentinel database so that user just hit “Home” and is back on the site to start all over again. Yes, the IP is written to the .htacess but its not written on a separate line so therefore, my site is done due to .htacess internal error misconfiguration.

I really need some assistance PLEASE.

I am also looking at the changes from 242 to 252:

CHANGE LOG:

2.5.00 CHANGES (2006-07-10):
+ Includes IP2Country 2006-07-09 updated imports.
- Took , out of filenames.
+ Checks for empty user agent.
+ Re-added flood protection.
+ Added template viewer resource in admin.
+ Added template source viewer resource in admin.
+ Added Tracked User Agents with ability to add agents to the harvester list.
+ Added new setting so that old tracked ip's are cleared only once
per day. (speed enhancement)
+ Added new setting so that expired blocked ip's and ranges are
cleared only once per day. (speed enhancement)
+ Installer adds the installing admin's ip into the protected
ip range table and the excluded ip range table.
+ Added disable switch to allow for testing of interactions between
NukeSentinel(tm) and other modules/addons.
+ Upgraded OverLib 4.0.0 to OverLib 4.2.1 .
+ Updated tracked and blocked ip's tables for better sorting by ip
address.
- Removed unused lang defines.

2.4.2pl9 CHANGES (2006-06-09):
+ CRITICAL UPDATE: phpBB & user injection update.
+ Corrected lang define that caused poor display.
+ Code corrections (Thanks to Technocrat)..

Could some one familiar with this info point out which addition(s) can cause the issue could just disable that line or function and test. I have tried my little nonsense but to no avail.

THANKS
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9456
Location: Arizona

PostPosted: Tue Aug 29, 2006 12:42 am Reply with quote

At this point, I would suggest PM'ing BobMarion as I am just doubtful any of us here are knowledgable enough to assist you. We have all, including you, spent alot of time on this issue and, as the author of NS, he may be better able to help you.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©