Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
muzzy
New Member
New Member


Joined: Jan 22, 2005
Posts: 7

PostPosted: Sun Jan 23, 2005 1:48 pm Reply with quote

Ok, Thank you very much. I've tried a lot of codes from this site, and I've been blocked by sentinel every time. RavensScripts

I'm searching a way to protect admin.php for those of us with this 'Apache 2.0' issue... If I find a way I'll post for all...

Thanks a lot for your help. Cheers
 
View user's profile Send private message
muzzy
PostPosted: Sun Jan 23, 2005 9:14 pm Reply with quote

I've found a solution for me... I used the code posted by Raven to find the real path of my .htaccess. The problem was that this doesn't show the real complete path (maybe because the Apache 2.0). I found the real path protecting a directory from my hosting Admin Panel... Raven's one only shows this part: /var/www/html/.htaccess but creating htaccess from my hosting Panel I found that the real path was something like that: /home/virtual/site76/fst/var/www/html/.htaccess

Whit this path, Sentinel Admin http Auth works.

So, if you have this problem, check the path of your htaccess (if you can, make one htaccess from CPanel, or the one used in your hosting)

Hope this could help someone.
 
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Sun Jan 23, 2005 9:27 pm Reply with quote

Sometimes I overlook the obvious questions I should ask. Sorry!
 
View user's profile Send private message
nikits72
Regular
Regular


Joined: Jan 06, 2005
Posts: 80
Location: Athens/Greece

PostPosted: Mon Jan 24, 2005 9:30 am Reply with quote

That is an interesting turn in finding the solution to this matter.
I used raven's script too to find the .htaccess path. Going asap ,to see if i can find the path with another way so i will see if it is the correct one in deed.

Quote:
Sometimes I overlook the obvious questions I should ask. Sorry!

That is human.
Sorry??!! Well ,knowledge is power and i am so weak, and glad to have powerfull human allies such as raven Cool
(Crowd's voice--> But, but..you mean.. he is not a dragon as shown in his avatar? Wink )

Also glad to see high-standard users in this forum such as muzzy that come and post the solution and are not around only when they have the problem worship .

Thx.

_________________
nikits72 with the unexploding grenade...

Last edited by nikits72 on Mon Jan 24, 2005 10:48 am; edited 1 time in total 
View user's profile Send private message
muzzy
PostPosted: Mon Jan 24, 2005 9:47 am Reply with quote

nikits72 wrote:

Glad to see high-standard users in this forum such as muzzy that come and post the solution and are not around only when they have the problem worship .

Thx.


Embarassed

Thanks, but just a newbie here (in nuke security)... I think the better way to help myself is helping the others if I can. Post your results. It will be usefull for those with our same problem.

Regards.
 
nikits72
PostPosted: Mon Jan 24, 2005 10:18 am Reply with quote

Unfortunatelly ,i cannot find out from inside my control panel (plesk) if the path is the one raven's script shows.

Also my hoster gives support specific hours of the day which i work too and i cannot contact them by phone Bang Head .
Although i will try to explain them by mail it is very douptfull if they will support me.
That is a problem i couldn't possibly imagine (or maybe i could?) when i was searching for hosting company .
(Crowd's voice--> We told you you will say this line many times ROTFL )

So ,is there any other way i can tell for sure my real path to the .htaccess?

Thx.
 
PHrEEkie
Subject Matter Expert


Joined: Feb 23, 2004
Posts: 358

PostPosted: Mon Jan 24, 2005 7:17 pm Reply with quote

There are some 'test attack' URLs floating around the Forums here.. search and ye shall find.

Sentinel is a 2 layer approach to banning. The IP is banned via database, and if possible is doubled up by being banned server-side via htaccess. If the htaccess route won't work for you, then your database bans should still work.

The common mistake is to be logged in as God Admin when you test an attack. God Admins are automatically given 'protected' status, so even tho you see the 'you've been banned' page, your IP is not added to the DB or htaccess (which leads many Admins to think their Sentinel is not working). To test and make sure IP's are in fact being added to the DB, log out as a God or a protected Admin, and throw a test URL at your site. Then use phpMyAdmin or similar to browse the banned IPs table to see if you were added. If you were, simply drop that entry and you'll be able to access your site again.

PHrEEk
 
View user's profile Send private message
PHrEEkie
PostPosted: Mon Jan 24, 2005 7:27 pm Reply with quote

nikits72 wrote:
So ,is there any other way i can tell for sure my real path to the .htaccess?


You can try this:

copy this code into a text editor and name get_cwd.php
Code:
<?php


$_cur_dir = getcwd();
echo"My web root dir is: $_cur_dir";

?>


Upload it to your public_html (www) folder, open a browser and add to the address bar: Only registered users can see links on this board! Get registered or login!

It should spit out a page that says something like:

My web root dir is: /home/your_sitename/public_html

In that case, your htaccess path is:

/home/your_sitename/public_html/.htaccess

Not sure if sentinel is picky about the leading forward slash... if it doesn't work, try it without it.

PHrEEk
 
eltioloco
New Member
New Member


Joined: Jan 25, 2005
Posts: 4

PostPosted: Tue Jan 25, 2005 1:43 am Reply with quote

Hello, i seem to be having the same issues, i have installed the sentinel, correct version for 7.60... as far as i know...new to phpnuke and loving it

i think the problem i have i dont know how to set the original username and password to the .stacess file....

when i check it is empty

the .htacess file has the information the site gives me to put on it...


which as far i can see it place admin.php where only set users can use it...and it finds the list of users from the .stacess (sorry if i misspelled it) file. but i just can get my username to be in that file...

is there a way to manually put the username and password in the file..

now in the options on sentinel it asks me for the username and i set it...and then i click on resend, but nothing changes.

i would really appreciate all and any help...

thank you.
 
View user's profile Send private message
eltioloco
PostPosted: Tue Jan 25, 2005 2:11 am Reply with quote

Ok, i think i got it....its like 2:00 AM on the morning, but i could not leave it alone...

ok figure what i was doing wrong...

Once the setup is done for nuke sentinel

ftp your sample.htaccess and sample.stacess to your root directory...

then rename the sample.stacess to .stacess and chmod 666

ok...i hope i dont misss a step cause by this time i am tired, but i got it to work....thank you for cafeine in coke

ok go to your nuke sentinel admistraction

down by the adminstration settings :
select Admin CGI

enter the path to sample.htacess file

now, in the sentinel i was using it gave a normally the link will be..and that was the link...except i added 'sample' in front .htacess

and the link to .stacess use the one provided unless you find out that the root is diferent.

Now save settings

now next the the area where you enter .stacess url...there is a setup link
click on it and it will give you a file ...change that in your sample.htacess

go to your admin auth user

make your user what ever you want, but i guess is recommended that it matches your main admin user

now i click resend....
and then i click build cgi file right on top of the user name

that build the .stacess file with the user name and password

now go back to ftp and change the name of your sample.htacess to only .htacess

and go back to your adminstration and change the url...remove the word sample

this time it will ask your for the login...the username and password should be accepted this time...

i hope this works...it work on me...

thank you for your time.
 
nikits72
PostPosted: Tue Jan 25, 2005 10:50 am Reply with quote

Well PHrEEkie,
i tried your code too and the result path is the same as from raven's script.
So it seems i use the correct path to the .htaccess file already.
Probably i wont be so 'lucky' as muzzy was.

I am stuck Sad

Thx.
 
eltioloco
PostPosted: Tue Jan 25, 2005 12:07 pm Reply with quote

I just tryed the way i did it last night on other site and it work the method...

the problem is that when we upload .htacess it automatically starts looking for the users and passwords, but we never had a chance to set them up...

that is why you must upload it as sample.htacess so the nuke sentinel will recognize is there, but not the server...

then it will let you chose the option to build the .stacess file so you can set the passwords and username..


i found that the path that the nukesentinel gives me is correct...so i just paste that up there, but on htacess add the word sample in front on it..

the save settings

then go set up your passwords and username

something like that....it has worked twice already with me...so i think i got the steps down, it is just that i am not very well in communicating the steps...
 
nikits72
PostPosted: Tue Jan 25, 2005 12:36 pm Reply with quote

thx eltioloco,

although i think you are reffering to the cgi auth since you are using the .staccess file

If you read at the start of the thread this is a topic for http auth only.
TheosEleos says (at his 2nd post in this thread,pls read it) there is no need for an
.staccess (for the http auth ,except if i though wrong untill now).

Though i will read what you suggest.

Thx.


Last edited by nikits72 on Tue Jan 25, 2005 1:10 pm; edited 1 time in total 
eltioloco
PostPosted: Tue Jan 25, 2005 12:56 pm Reply with quote

I see, goes to show you how well i read too...lol
 
muzzy
PostPosted: Wed Jan 26, 2005 10:15 am Reply with quote

Maybe you could find a solution Only registered users can see links on this board! Get registered or login!

(Posted by Raven Only registered users can see links on this board! Get registered or login!)
 
nikits72
PostPosted: Sun Feb 13, 2005 7:22 am Reply with quote

For who ever it may/if concerncs the http auth now works well for me too.
Trying to figure out why is that there are 2 significant changes in conjuction with the previous time:

1.My provider told me (and did) an upgrade to my webspace and changed (as i was told) the server.
2.I had to reinstall phpnuke.The difference between this install and the previous one is that i installed phpnuke inside a directory and not directly to the root of my web space.

Thx...
 
Sinestr
New Member
New Member


Joined: Oct 29, 2005
Posts: 12

PostPosted: Sun Oct 30, 2005 2:10 pm Reply with quote

You are getting further then I am. I have no Admins listed in the Admin Auth List. I have 2 admins listed in the general site admins with a seperate generic nickname for the God admin. Cannot get any changes I make to save. When I refresh always back to default.
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©