Sentinel works fine .... but VERY confusing

Hangin' Around Joined: Nov 11, 2004 Posts: 25

I have no real problem to solve, since everything works fine. At least seems to work fine. I tried to attack my site with [ Only registered users can see links on this board! Get registered or login! ] Sentilnell blocked my IP and also wrote my IP into the .htaccess file and not only into the database table.

BUT what is confusing me and makes me wonder if I did anything wrong is the fact, that I don't have have any combo of USERID/cryptedPASSWORD in the secret .staccess file. And still everything works fine.

In the Administative Settings for Sentiniel i have following
Admin Aufth: Admin HTTPAuth
htaaccess path: correct path added here
left empty the stacess path for CGIAuth Setup

i can log into my admin-section without any problem. first the password check with the password that i initally had set in the Admin Auth List for my God account .... then the regular phpnuke login procedure. i suppose this is the way it is supposed to work.

alllthough .htaccess file points with a correct path to .staccess file and should demand a password in there ....but it obviously does not. what did i do wrong?

where is the password stored then? in the database? everthing works fine then ... what is the advantage of having the password in the .staccess file then?

ALSO (a small problem): i could not get this CRYPT.php script to work .... just copied the text and loaded it as [ Only registered users can see links on this board! Get registered or login! ] .... but it does not generate any code .... what did i do wrong here?

THANKS IN ADVANCE FOR HINTS

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Admin Auth: Admin HTTPAuth
is not the same as CGIAuth logic wise, but is operationally. CGIAuth requires the use of .staccess but HTTPAuth uses the id/pass that is stored in the database. Thete is no need to use both, although you could, but it would then require 3 logins instead of 2. See if this helps [ Only registered users can see links on this board! Get registered or login! ]

Posted: Wed Feb 16, 2005 7:09 am

thanks raven!

yes, i understand that there is no need to use both methods.

if i understood you correctly, i don't need the .staccess file if i use HTTPAuth ?

the link to post2950 did confuse me, so i keep my eyes off it for a while. i guess i will remove the .staccess file then and just stay with HTTPAuth which obviously seems to work fine here on my end.

does HTTPAuth need the .htaccess file then?
and if so .... what is it supposed to contain then?

i guess this part can be remoed if there is no need for the secret file when using HTTPAuth
<Files .mysecretfile>
deny from all
</Files>

SO I JUST KEEP THAT PART
but remove the line marked with the arrow -------- speedtype

<Files admin.php>
<Limit GET POST PUT>
require valid-user
</Limit>
AuthName "Restricted"
AuthType Basic
------ speedtype

> AuthUserFile /home/USERNAME/public_html/.mysecretfile <<<<<<<---------
</Files>

Posted: Wed Feb 16, 2005 7:14 am

.htaccess is needed for NS to write banned IP's to, Bad Bots, Santy Worm protection, GT rewrites, etc. It is NOT needed for HTTPAuth as that is a function of the HTTP protocol and the browser invokes it. You can remove

<Files .mysecretfile>
deny from all
</Files>

<Files admin.php>
<Limit GET POST PUT>
require valid-user
</Limit>
AuthName "Restricted"
AuthType Basic
AuthUserFile /home/USERNAME/public_html/.mysecretfile
</Files>

Posted: Wed Feb 16, 2005 7:43 am

ok ... thanks for all that useful help !

so .htaccess can in my case be completely empty to start with

THANKS AGAIN !

Posted: Wed Feb 16, 2005 8:08 am

Yes.

New Member Joined: Mar 11, 2005 Posts: 2

well, first of all, forgive my 'newbeness' Embarassed

and, probably, my english Embarassed

. The problem is that i can't get sentinel to effectively ban an IP. I have tried a UNION attack on my own site and i get the sentinel page informing that the ip has been blocked, i get an e-mail telling me the ip has been blocked, and i can see the ip in the blocked list BUT i can acces from that ip normally to my site. Am I doing something wrong or missing anything? I'm running nS 2.2.0, on a IIS 5.1 server. Thanks in advance.

Posted: Fri Mar 11, 2005 2:38 pm

Ok, I'll answer myself, in case it's useful for anyone:
I had this in nukesentinel.php:

Code:

// Check if ip is blocked





$blocked_row = abget_blocked($nsnst_const['$remote_ip']);


if($blocked_row) { blocked($blocked_row); }

More or less obviously, this should have read:

Code:

// Check if ip is blocked





$blocked_row = abget_blocked($nsnst_const['remote_ip']);


if($blocked_row) { blocked($blocked_row); }

Note there's no $ before remote_ip

Why i had this file wrong, i don't know.

Posted: Fri Mar 11, 2005 5:06 pm

I'll patch the downloads for this. I test and test but I don't catch everything Sad

Posted: Fri Mar 11, 2005 6:13 pm

So if we already downloaded this, should we all replace this code, Bob or Raven? This is a guaranteed bug and should be fixed?

Posted: Fri Mar 11, 2005 10:28 pm

Check for it first, if you don't have the $ then your fine if you do remove the $ from that part Smile