Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
sharlein
Member Emeritus


Joined: Nov 19, 2002
Posts: 322
Location: On the Road

PostPosted: Wed Jul 07, 2004 2:35 pm Reply with quote

Go to Sentinel™ Configuration, scroll down to harvest list. Find ''custo'' and remove it for the time being.

_________________
Give Me Ambiguity Or Give Me Something Else! 
View user's profile Send private message
sharlein
PostPosted: Wed Jul 07, 2004 2:38 pm Reply with quote

How do I delete this post?
 
ConViCT
New Member
New Member


Joined: Oct 18, 2002
Posts: 21

PostPosted: Wed Jul 07, 2004 2:41 pm Reply with quote

Thanks, sharlein!
 
View user's profile Send private message Visit poster's website
cprompt
Regular
Regular


Joined: Jun 08, 2004
Posts: 64

PostPosted: Fri Jul 16, 2004 10:14 am Reply with quote

I got these three today.

Quote:
Blocked IP: 209.237.238.180
User ID: Anonymous (1)
Reason: Abuse - AGENT
--------------------
User Agent: ia_archiver


Quote:
Blocked IP: 200.64.54.223
User ID: Anonymous (1)
Reason: Abuse - AGENT
--------------------
User Agent: Microsoft Data Access Internet Publishing Provider Protocol Discovery


Quote:
Blocked IP: 212.200.53.61
User ID: Anonymous (1)
Reason: Abuse - AGENT
--------------------
User Agent: WebReaper [info@webreaper.net]


I ran them thru the Agent Inspector but all that says is what Harvester block in the list is blocking it. It does not necessarily tell us if it is OK to let these harvesters thru or not, so what do we do?
 
View user's profile Send private message
sharlein
PostPosted: Fri Jul 16, 2004 12:23 pm Reply with quote

The 'disco' part has been well discussed on this forum. The recommendation is to delete the 'disco' from the Harvester list. It is totally up to you to allow or disallow the others. The programmers of Sentinal™ are the most trusted and respected that I know. I will go with their judgement and allow those to be banned. Steve
 
WielM
New Member
New Member


Joined: Dec 03, 2004
Posts: 3

PostPosted: Fri Dec 03, 2004 3:57 pm Reply with quote

This is obviously a call of the abuse-other template, but I have no clue why this visitor was blocked:

----
You have been blocked from entering this site.

You have attempted an unknown attack on this site.

All of the following information has been gathered to assist the
webmaster should this need to be report to local or federal officers.

User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2)
Gecko/20040804 Netscape/7.2 (ax)
Remote Address: 69.43.20.28
Client IP: none
Forwarded For: none
Date Blocked: 2004-11-30 12:36:33
Block expires: Permanent
NukeSentinel™ 2.1.0 by: NukeScripts.net
-----

When the links are clicked directly, the visitor can see the pages. When called by a link from another site, some users get this message.
 
View user's profile Send private message
BobMarion
Former Admin in Good Standing


Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)

PostPosted: Fri Dec 03, 2004 4:30 pm Reply with quote

9 times out of 10 it is hows the link is written on those other sites. One of the main things that get trapped is when another site links to your site with ( and ) in the link url which is considered a scripting hack attempt. Look at your blocked ip list and see what the query string was and email it to me at webmaster(at)nukescripts(dot)net . Then I can tell more about why the person was blocked. DO NOT try to post the query string here as you will most likely get blocked due to it.

_________________
Bob Marion
Codito Ergo Sum
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website
WielM
PostPosted: Fri Dec 03, 2004 4:33 pm Reply with quote

Nothing was logged in the blocked IP table!
And also, the link didn't have anything special.

Thanks for answering this fast!
 
WielM
PostPosted: Sat Dec 04, 2004 4:04 pm Reply with quote

I checked the webserver log and found this cuty as a referer:

"XXXX:+++++++++++++++++++++++++++++"

when she enters the portal using the link on her other website.. Seems that some kind of program she uses tries to hide the referer and Sentinel does not like this?
 
ring_c
Involved
Involved


Joined: Dec 28, 2003
Posts: 276
Location: Israel

PostPosted: Wed Mar 02, 2005 3:13 am Reply with quote

In the last 3 days I'm getting dozens of LWP attacks.
The exact agent name is: LWP::Simple/5.43 (with different versions number each time).

The attacks are coming from variuos IPs.
Your utility does not explain what this attack is all about.

Could any one shed some light on this please??
 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Wed Mar 02, 2005 4:55 am Reply with quote

It's the Santy Worm Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©