Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x
Author Message
Feelgood
New Member
New Member


Joined: Jul 07, 2006
Posts: 3

PostPosted: Thu Oct 18, 2007 8:21 pm Reply with quote

Ok, Im completely aggravated here, wish there was a way to uninstall NS! At any rate here is my problem.

For some reason, I and all the other admins are locked out. This just doesnt make any sense. I have checked to make sure were were not banned by IP or anything. I emptied the nuke authors and NS admins, and still doesnt let me in. After I empty out the nuke author, I was able to recreate a new super admin account. Logged on and got the admin menu, but then when I click on any button, I get blocked out by NS for an unknown hack attempt. I cant even get into admin my forums or anything, this is so frustrating. Can anyone help? This is the message I get after clicking an admin button after logging in. I keep checking the blocked sections with phpmyadmin, and there is nothing there. Help!


You have been blocked from entering this site.

You have attempted an unknown attack on this site.

All of the following information has been gathered to assist the webmaster should this need to be reported to local or federal law enforcement.

If you think this is a mistake you can contact the site webmaster at feelgood(at)clanjyd(dot)com.

Be SURE to include the following information in any email!
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7
Query String: op=CenterBlocksAdmin
GET String: op=CenterBlocksAdmin
POST String:
Referer: Only registered users can see links on this board! Get registered or login!
Request Method: GET
Remote Address: xx.xxx.xxx.xxx
Client IP: none
Forwarded For: none
Date Blocked: 2007-10-18 @ 21:22:44 CDT GMT -0500
Block expires: Permanent
 
View user's profile Send private message
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Thu Oct 18, 2007 9:03 pm Reply with quote

You can disable the changes to your nuke files to uninstall Nuke Sentinel.
Sounds like your admin cookie is not sticking for some reason

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Feelgood
PostPosted: Thu Oct 18, 2007 9:58 pm Reply with quote

Ok, which files do I have to edit to disable NS? And why would all of a sudden the cookies stop working? Makes no sense. I was thinking it was a cookie issue as well. I even went in and cleared the cache, in my browser, to be sure. This problem is happening with all the admins, not just me. Just seems strange it happened all of a sudden. I just need to disable it long enough to regain control of the website. Then I will just grab the latest NS and re-install.
 
PHrEEkie
Subject Matter Expert


Joined: Feb 23, 2004
Posts: 358

PostPosted: Thu Oct 18, 2007 10:00 pm Reply with quote

In mainfile.php (in your web root), look for:

Code:
@require_once(INCLUDE_PATH.'includes/nukesentinel.php');


comment that line out:

Code:
// @require_once(INCLUDE_PATH.'includes/nukesentinel.php');


Sentinel should not bother you until you get it sorted...

PHrEEk

_________________
PHP - Breaking your legacy scripts one build at a time. 
View user's profile Send private message
jakec
Site Admin


Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom

PostPosted: Fri Oct 19, 2007 1:23 am Reply with quote

You haven't changed any Cookie settings recently in Security?

Also what browser are you using?

Have you tried it on a nother computer?

I'm not at home at the moment, but I believe there is a way of uninstalling Sentinel, possibly using the nsnst.php file, I'll have to check. The other option is to drop the NS tables and delete the NS files from your server, also don't forget the core file edits.
 
View user's profile Send private message
Feelgood
PostPosted: Sat Oct 20, 2007 10:02 pm Reply with quote

jakec wrote:
You haven't changed any Cookie settings recently in Security?


No.

jakec wrote:
Also what browser are you using?


Firefox latest version.

jakec wrote:
Have you tried it on a nother computer?


Yes. I and the other admins cannot get on. We all get the same error.

jakec wrote:
I'm not at home at the moment, but I believe there is a way of uninstalling Sentinel, possibly using the nsnst.php file, I'll have to check. The other option is to drop the NS tables and delete the NS files from your server, also don't forget the core file edits.


If I drop the NS tables and files, wont that stop everything from working? It seems NS integrates itself into EVERYTHING. Almost like a virus. Looks to me like trying to remove it will be a colossal nightmare. When I commented things out, like suggested above, the site stopped working entirely. I deleted all the nuke authors, and recreated the Super Admin account. I can log into the website admin, but when I click on anything in the admin menu, I get booted out with an unknown attack by NS.

Any help or ideas is greatly appreciated.
 
Gremmie
Former Moderator in Good Standing


Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA

PostPosted: Sat Oct 20, 2007 10:14 pm Reply with quote

I suggest you comment out that one line that Phreekie mentioned, then temporarily move or rename the file includes/nukesentinel.php.

Commenting out that one line will stop Sentinel from running. However some additional functions, mainly in mainfile.php and Your_Account, check for the presence of that file, and if it is there, look up stuff in global variables that sentinel maintains. (That is, if you did the core edits as per the instructions). So renaming that file should also be done.

_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module 
View user's profile Send private message
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9456
Location: Arizona

PostPosted: Mon Oct 22, 2007 5:26 am Reply with quote

NukeSentinel 2.5.x also lets you switch it on/off right in the NS admin panel...

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Mon Oct 22, 2007 8:05 am Reply with quote

The fact that you are getting this message:

Quote:
You have attempted an unknown attack on this site.


has been bugging me. I've been looking around inside of NukeSentinel and you only get that message from the /abuse/abuse_default.tpl file (I believe). There are about a dozen reasons for blocking ips and these are listed in the table nsnst_blockers and loaded into a blocker array in NS. Only if the reason for blocking is a zero (which has the block_name of "other") will you load the abuse_default.tpl file. So most of the reasons for blocking: filters, referers, script attacks, even admin attacks would not result in your seeing what you are seeing.

I can't quite figure out under what conditions NS triggers the "unknown" attack message. One thing that you might want to check is your /abuse directory and make sure that there are a bunch of files there for the various attack types. I think that if these files are missing you might be seeing what you are seeing.

The other thing you could do is backup the Sentinel code and then put some echoes into the block_ip function of the /includes/nukesentinel.php file to trace what it is doing. Of course if you aren't familiar with programming php this isn't an option. Or you could just go thru and install NS 2.5.13 again and make sure everything is set up right. A lot of other people are using this with success.
 
View user's profile Send private message Visit poster's website
madfanmike
New Member
New Member


Joined: Oct 30, 2007
Posts: 2

PostPosted: Tue Oct 30, 2007 3:43 am Reply with quote

Hi everybody, my first post here

Sorry if I sound dumb as I am new to NS, but I found this topic doing a search after being locked out by Sentinel as an Admin as well

I wanted to ask you - did you have NS writing the banned IPs to .htaccess?

And if so, did you make sure you edited them out from the file?

That's what I did (cleared IPs from database and .htaccess) and I was able to get in again
 
View user's profile Send private message
jakec
PostPosted: Tue Oct 30, 2007 6:48 am Reply with quote

Yes that is the usual drill. Also add your IP to the Protected Range to stop it from happening again. Wink
 
PHrEEkie
PostPosted: Wed Oct 31, 2007 9:27 pm Reply with quote

Actually, unless something's changed in the last 6-12 months, you should make sure your Admin login is PROTECTED, and always keep your Admin name logged in. Sentinel will not write .htaccess bans or issue database bans against you, regardless of your IP. T'was designed this way to allow you to test attack URLs.

PHrEEk
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©