Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
protocool
New Member
New Member


Joined: Aug 19, 2004
Posts: 15

PostPosted: Sun Dec 19, 2004 11:49 am Reply with quote

Is there anyway to check whether sentinel is actually working? Currently got sentinel 2.1.2 and phpnuke 7.6.
Thanks
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Sun Dec 19, 2004 12:08 pm Reply with quote

Logoff from your website, both user and admin. Then type this in your browser url:
Only registered users can see links on this board! Get registered or login!

This assumes that you have set the union protection on. After you are banned you will need to use phpMyAdmin to remove your IP from the nsnst_blocked_ips table. Then, if you are writing to .htaccess, you will have to remove your IP from there too.
 
View user's profile Send private message
protocool
PostPosted: Sun Dec 19, 2004 1:08 pm Reply with quote

Okay... it doesnt seem to be working Sad. It just says Sorry, this Module isn't active!...
 
Raven
PostPosted: Sun Dec 19, 2004 2:48 pm Reply with quote

Well, try using a module that is active.
 
protocool
PostPosted: Sun Dec 19, 2004 5:07 pm Reply with quote

The module is active, I can access it via "feedback.html", however when I add the union tag "feedback.html%union%", it says that the module is inactive... Im guessing it thinks of it as a completely different module ?!?

Thanks.
 
Raven
PostPosted: Sun Dec 19, 2004 5:23 pm Reply with quote

Try name=Downloads&d_op=viewdownloads&sid=-1/* */UNION/* */
 
protocool
PostPosted: Sun Dec 19, 2004 5:30 pm Reply with quote

Yay! atlast im banned from my site Very Happy... actually, im sure not sure if that supposed to be a good thing Razz.
Thanks for you help Raven!!!!
 
ThePiston
Worker
Worker


Joined: Dec 22, 2004
Posts: 135

PostPosted: Fri Dec 24, 2004 12:50 pm Reply with quote

Hey Raven, I'm running 7.6patched and Sentinel 2.1.2. I tried both scripts from above... here's the scripts and what I get on screen:
Only registered users can see links on this board! Get registered or login!
Sorry, files does not exist...
Only registered users can see links on this board! Get registered or login! */UNION/* */
this takes me back to index.php

I've run all kinds of scripts and I never get banned, I either get the popup login from .htaccess or "you leave this site now" or "file deos not exist" et. Is this because I'm running 7.6patched or is Sentinel not working correctly?
 
View user's profile Send private message
Raven
PostPosted: Fri Dec 24, 2004 1:45 pm Reply with quote

And you've modified the mainfile.php for NukeSentinel? Are you using any other 'protection' that could be interferring?
 
ThePiston
PostPosted: Sun Dec 26, 2004 7:14 pm Reply with quote

Yep, I modified all 3 files that the readme file said (javascript, mainfile, header)
 
BillTheCat
New Member
New Member


Joined: Dec 30, 2004
Posts: 9
Location: Colorado

PostPosted: Thu Dec 30, 2004 11:02 pm Reply with quote

I'm getting the same results. The Only registered users can see links on this board! Get registered or login! also returns Sorry, files does not exist...

The test of modules.php?name=Downloads&d_op=viewdownloads&sid=-1/* */UNION/* */ brought up the banned screen but didn't block my IP - I was still able to login and the blocked_ip list did not contain my IP.
 
View user's profile Send private message Visit poster's website
Raven
PostPosted: Thu Dec 30, 2004 11:12 pm Reply with quote

Do you have NukeSentinel configured to block and write your IP? Have you removed all other protection methods - even Chatserv's mainfile and admin code?
 
ThePiston
PostPosted: Fri Dec 31, 2004 7:42 am Reply with quote

I fixed mine.... I didn't have "BLOCK" on, only the default page.
 
BillTheCat
PostPosted: Fri Dec 31, 2004 10:22 am Reply with quote

-I had Protector running but it has been removed.
-Write to .htaccess is ON (mode is 666) in root.
-I get the E-mails but am not blocked.
-I searched for Chatserv's mainfile and admin code but couldn't find it so I assume it isn't there.
-Mods to the three files were made.
PHP version 4.3.10
phpNuke 6.5 release
mysql Ver 8.40 Distrib 4.0.16

Bill Catz
 
ThePiston
PostPosted: Fri Dec 31, 2004 10:28 am Reply with quote

Oh yeah, check to make sure that you actualyl have Sentinel configured to DO something. I was sp stupid I thought that installing Sentinel alone was enough, but you have to go into "Sentinel Configuration" and turn on all the blocks. Have you done that?
 
sixonetonoffun
Spouse Contemplates Divorce


Joined: Jan 02, 2003
Posts: 2496

PostPosted: Fri Dec 31, 2004 10:36 am Reply with quote

It won't write the ban if you have an admin cookie also if your just using .htaccess as the path try the full server path or vice versa.

_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 
View user's profile Send private message
BillTheCat
PostPosted: Fri Dec 31, 2004 11:35 am Reply with quote

Yes, every filter is ON to write to .htaccess.
I had a recent attack and received the E-mail
- nothing written to .htaccess
- nothing in the Blocked_IPs list
So, it looks like the write IP function is what's not working. Write E-mail works.
I had the full path to .htaccess but changed it to the web root path. Neither works. I've had two legitimate attacks and received the E-mails saying they were blocked but they were not.

Something that may help...
In the Sentinel Admin menu everything has a link to configure EXCEPT:
IP to Country
Admin Auth List
Scan for New Admins
Database Maintenance

Also, In the NukeSentinel Admin page, where it says You MUST set ALL admin passwords before activating HTTPAuth or CGIAuth!, clicking on "MUST" just returns me to the same page - /admin.php?op=ABAuthList link returns me to /admin.php?op=ABMain

I do not have cgiAuth installed.

Bill Catz
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9456
Location: Arizona

PostPosted: Fri Dec 31, 2004 3:09 pm Reply with quote

I know you said your .htaccess file had 666 permissions but check again. When I added the code to .htaccess to stop the Sanity worm and other attacks, my update forced my permissions back to 644. Might have been a admin panel thing. I had to change it back to 666 before sentinel could write to it again.

montego
 
View user's profile Send private message Visit poster's website
sixonetonoffun
PostPosted: Fri Dec 31, 2004 4:29 pm Reply with quote

Yeh sometimes ftp can't change the permissions of system files either and you have to do it from the webmin or CPanel whatever the host has provided.
 
BillTheCat
PostPosted: Fri Dec 31, 2004 4:51 pm Reply with quote

I telneted to the system and verified that all is as it should be (mode=666).
Even if it wasn't, that wouldn't explain why the database isn't being updated also. I can manually enter IPs to block but the scripts do not update the tables.

Bill Catz

p.s. When I manually block an IP, it DOES write to the .htaccess file. So it appears to be when an attack happens, the E-mail is sent and that's all but from the E-mail, I can manually block the IP and then it's in both the database and the .htaccess file.

Hopefully this will help.

Thanks in advance!!!
Bill
 
BillTheCat
PostPosted: Mon Jan 10, 2005 5:47 pm Reply with quote

I reinstalled Sentinel and everything is now working as before. The E-mail is sent but the IP is NOT blocked. If I manually block the IP, then it gets added to both the database and the .htaccess.

Any ideas?
Thanks in advance
 
montego
PostPosted: Mon Jan 10, 2005 8:39 pm Reply with quote

Ok, the easy stuff is out of the way... Sad

You may wish to contact your web hosting company (unless that is YOU of course). I didn't mention this perviously because I had a different problem where Apache wasn't recognizing my Rewrite rules placed in the .htaccess file. After hours of frustration I finally contacted my web hosting company to see if there was something in the configuration stopping this from working. Although Apache was compiled with mod_rewrite module, they had to change some setting to get it to work.

I realize that your issue has nothing to do with Rewrite, but I think you may be down to finding out if they can identify any reason why Sentinel cannot write to .htaccess.

Sorry...
montego
 
drmike
Worker
Worker


Joined: Jul 15, 2004
Posts: 108
Location: Charlotte, NC

PostPosted: Mon Jan 10, 2005 9:22 pm Reply with quote

After all of the scans looking for hackable copies of PHPBB recently, I'm happy to say that Sentinel is working over here. Had somethingn like 600 IPs blocked within a 2 day period.

-drmike

_________________
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website ICQ Number
GJSchaller
New Member
New Member


Joined: Jan 03, 2005
Posts: 3

PostPosted: Mon Jan 10, 2005 9:39 pm Reply with quote

BillTheCat wrote:
Also, In the NukeSentinel Admin page, where it says You MUST set ALL admin passwords before activating HTTPAuth or CGIAuth!, clicking on "MUST" just returns me to the same page - /admin.php?op=ABAuthList link returns me to /admin.php?op=ABMain


I am running into the same thing - but in my case, the link on MUST is missing the word "admin" - the URL is Only registered users can see links on this board! Get registered or login! - which is definatley odd. When I manually type in the word Admin, I get bounced, as Bill does.

I've tried re-uploading the files, in case something failed or died in transfer. I even re-downloaded the tar.gz file to make sure.

I'm not sure if this is related or not, but the links for Admin Auth List, Scan for New Admins, and Database Maintenance are also dead (they aren't links).

_________________
Geoffrey J. Schaller
Technical Officer
Knight Realms Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message
Muffin
Client


Joined: Apr 10, 2004
Posts: 649
Location: UK

PostPosted: Tue Jan 11, 2005 5:54 am Reply with quote

When I click on the link MUST I get a 404 page lol

Are you sure you're logged in as God, because if not then those links won't be active to check for new Admins.

_________________
Classic Mini rules the bends & bends the rules!
[img] 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©