Question on .htacess file

New Member Joined: Jun 05, 2005 Posts: 22 Location: USA

I have one of those dumb questions that everyone says doesn't exist.

I have my phpNuke installation in a directory (nuke) off my main HTML directory as:

mydomain.com/mynuke/index.p h p

The default in NukeSentinel suggests I place the file in /mynuke/ and chmod 666 of course.

I was wondering why I would not direct the deny access to the root directory instead as it would protect the entire domain ? Would this be advisable? Right now I have one in each directory but only the /mynuke/.htacess file is being updated by NukeSentinel 2.4.2 The .htacess file in the root is being updated by my server control panel banning and redirects. Which of these two files should I really have Sentienl directed to update?

Thanks for guidance....

Posted: Mon Oct 31, 2005 9:29 pm

Although I am no security expert and will defer to other admins/mods/posters in these forums to elaborate, my preference is to balance security and flexibility. To me, I would prefer to let Sentinel manage my NUKE domain only and let me control the higher level and other potential subdomains individually as well.

But, that is just me.

Regards,
montego

Posted: Mon Oct 31, 2005 10:07 pm

Thanks for the reply Montego. Good to hear from you again. I may have the settings too tight in NSentinel. I have flaged and banned about 70 IPs since July. More than I expected. I am sure they are not all evil doers. I wonder if there is a suggested configuration that some of the security experts here at this site recommend that helps avoid throwing the baby out with the bathwater? I know there is nothing foolproof, but I wonder if I am risking banning useful search engines with some of my settings.

As for the .htacess question, thanks much. I may set it back to the subdirectory where I have my nuke installation as opposed to the root directory the nice thing about having it in the root is that if I have a spammer on one of my other sites, I can just go into my Nuke app and ban the IP there for my entire domain. I wonder if others find that preferable?

Thanks for the feedback... Smile

Posted: Tue Nov 01, 2005 6:25 am

zzb, good to talk to you again too. Hope the newsletter tool is working out well for you. I have started with 1.3 development.

Regarding Sentinel, I have mine locked down pretty tight, but just out of a lack of experience with hackers... don't want to chance it. I don't have time to re-do a site! So, I will have to defer to the others here to answer more specifically to that question.

Regarding .htaccess, as I said, it really is a balance and really a personal preference. If it is working well for you to be able to ban this way for your entire web space, then go for it. I am a firm believer in doing what make sense and works best for you.

Regards,
montego

Posted: Tue Nov 01, 2005 9:07 am

The HTML Newsletter is working great in my Platinum Nuke ap and keeps the newsletters well organized and the templates are a good variety. Thanks for asking and for your work on making the stock Newsletter module more robust and more practical for the site owners. Also -- thanks for your insight on the access file.

Posted: Tue Nov 01, 2005 7:39 pm

zzb - do you have an IP tracking module installed?
I only ask as I find it particularly useful to view what pages a specific IP has viewed and how many times/ how often etc.
Today for example, I spotted a new IP with 66 page views. Nothing new there but when I see it has been visiting the same page everytime and got 66 hits in 2 minutes I am thinking, hmm, better check this IP, so SamSpage tells me it come from Russia and because my site is for the UK and there is no need for a Russian IP to visiting, he got banned LOL

Posted: Tue Nov 01, 2005 8:48 pm

Yes... I check my logs and the IP tracking module on my server. Between that and Nuke Sentinel.... I nail most of them !! I have one that I will be reporting to the hosting service tommorow, called their 800# and the email node they gave me is consistent with the abuse info in WhoIs. ! Time to fight back !