Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x
Author Message
p17blo
Regular
Regular


Joined: Jul 27, 2007
Posts: 77

PostPosted: Sun Aug 26, 2007 3:30 am Reply with quote

I am subscribed in to a programme called Hacker Safe by Scan Alert. They use bots to find exploits on sites and then notify the owners that fixes are required.

As my site was live over night my Scan Alert bot started scanning my site which generated a couple of hundred Abuse emails to me. I am glad to see that sentinel is working but as this scan happens daily is there anyway to stop it generating emails?

I obviously don't want to stop sentinel blocking, neither do I want to turn email notifications of in entirety other I will miss other abuse attempts.

Paul
 
View user's profile Send private message
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Sun Aug 26, 2007 8:17 am Reply with quote

The first thing to do would be to verify exactly what is causing the block in NS. In the blocker configuration you could turn off the admin blocker. That's just one of a number of protections NS gives you and this way you could verify whether that makes the problem go away. If it does you have the option of leaving that off (with the attendant risks that you've noted).

There is only one small section of code in NS that says it explicitly deals with admin protection. And it doesn't look to me that is what's causing your problem. There is another section that deals with XSS exploits and it is more likely your problem lies there. If you are into code hacking look under the comment: //check for XSS attack. You might be able to code an exemption into that if you can confirm what the problem is. Or ditch the tool you are using.

To do any of this you are going to have to capture some "diagnostic" variables as NS is executed so you can isolate the problem. If this isn't your cup of tea you are kind of stuck.
 
View user's profile Send private message Visit poster's website
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9457
Location: Arizona

PostPosted: Sun Aug 26, 2007 9:44 am Reply with quote

Yeah, you are the first person to even mention this type of service. I don't think it is necessary for your RavenNuke site (way overkill), but that is just my opinion. Unfortunately, what you are asking and what NukeSentinel is doing (its job) are in conflict. I don't know how you could possibly fix it unless you can somehow modify includes/nukesentinel.php (up top) to ignore all the checks for this particular service of yours. However, you would need to be VERY careful and keep in mind that others can SPOOF just about anything with the HTTP Headers (e.g., referrer, user agent, etc...).

Yes, you might be stuck. If so, I would suggest keeping the protection of NukeSentinel and turn off the auto-security check for your domain.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
p17blo
PostPosted: Sun Aug 26, 2007 10:12 am Reply with quote

I want to keep the sentinel protection on as if I were to turn it off and a vulnerability were found I would loose my hacker safe certification. This was one of the reasons I finally opted for RN over any other form of Nuke.

I need hacker safe as part of the greater offerings from my site which include handling large sums of money.

What I was essentially asking for was a way to stop notifications being send to me when alerts are generated by certain ip addresses. Just the notification ONLY.

In the mean time I will just set up a rule in my mail client.

Thanks

Paul
 
fkelly
PostPosted: Sun Aug 26, 2007 10:24 am Reply with quote

Others might know better than I, but I would never handle large amounts of money on a shared web server using any version of PHPnuke. I pass that part off to Paypal on my site. Unless you have https running anyone with the right tools in the server factory or really anywhere along the path your data takes can access it easily.

edit: and it really doesn't have anything to do with PHPnuke. If someone can stick a line monitor on and capture your data and it's not encrypted they can figure out account codes, amounts and the like. It just ain't safe. Maybe you do have a dedicated and physical secure server and HTTPs but most of use don't.
 
p17blo
PostPosted: Sun Aug 26, 2007 10:51 am Reply with quote

To clarify, I am not using NUKE for any commercial transactions. Nuke is a migration for me from PHPBB to something that has more than just forum.

The money transactions are handled through SSL on another server but to be Hacker Safe compliant my entire site needs to meet certain criteria.

Paul
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Sun Aug 26, 2007 7:51 pm Reply with quote

If its from one set IP or IP range, you can add those into Sentinel's protected or excluded region

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
p17blo
PostPosted: Mon Aug 27, 2007 1:41 am Reply with quote

evaders99 wrote:
If its from one set IP or IP range, you can add those into Sentinel's protected or excluded region


Yes it is, would adding this into protected or excluded ranges actually stop sentinel's protection or just the notification?

Paul
 
montego
PostPosted: Mon Aug 27, 2007 6:17 am Reply with quote

It would only just allow Hacker Safe process from getting banned. I don't recall if the emails still go out. I think that they might. I hadn't thought of that earlier. Thanks Evaders!
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©