Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.6.x
Author Message
webservant
Worker
Worker


Joined: Feb 26, 2006
Posts: 206
Location: Springfield, MA

PostPosted: Wed Nov 26, 2008 10:27 am Reply with quote

Well, this is really strange. I just upgrade my development site on my private network behind my FW. It's a 192.x.x.x network.

I have been working well for about a day, reboots included.
Today, I went to upgrade IP2Country using the nsnst.php script.
Everything was going smootly, and after page 4, I get a NS blocked message:

Code:
NukeSentinel(tm)

You have attempted to access this site with an invalid IP.

If you think this is a mistake you can contact the site webmaster at feedback(at)XXXXXXXX(dot)org.

Be SURE to include the following information in any email!
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4
Remote Address: 192.X.X.X
Client IP: none
Forwarded For: none
PLEASE: bear in mind that even if you have done nothing wrong, you may be getting this page due to someone's misuse of the site in your ip range


First thing I did was empty the nsnst_ip2country table and load it using the sql files.

Testing the site from EVERY PC on my private network - I'm blocked with the same message.

I emptied the nsnst_blocked_ips and nsnst_blocke_ranges tables, and I'm still blocked.

I changed the two Sentinel flags in rnconfig.php from false to true, but I'm still blocked.

I cleared my browser cache, and tried different browsers. But I can't get access.

There is no deny from statements in the .htaccess

I'm out of ideas, and totally weirded out, and out of ideas.

_________________
Awaiting His Shout
Webservant - GraciousCall.org
Romans 8:28-39 
View user's profile Send private message Visit poster's website AIM Address
webservant
PostPosted: Wed Nov 26, 2008 10:31 am Reply with quote

OK. I just rebooted the server again, and now it's working Can someone explain this one to me? Bang Head
 
webservant
PostPosted: Wed Nov 26, 2008 10:33 am Reply with quote

Nevermind - I'm obviously too tired. It worked because I went to my production domain name. The problem still persists on my development machine. Embarassed
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Wed Nov 26, 2008 10:59 am Reply with quote

Search "Invalid IP" - this has been covered many times.

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
webservant
PostPosted: Wed Nov 26, 2008 11:35 am Reply with quote

OK, I found a post that had me comment this
Code:
// Invalid ip check

if($nsnst_const['remote_ip']=="none") { die(_AB_INVALIDIP); }


out of includes/nukesentinel.php, and I'm working now.

What I don't understand is why the bypassNukeSentinelInvalidIPCheck variable didn't work? Also, why do I have this initialized both in mainfile.php (from RN 2.02.02) and in rnconfig.php?
 
Palbin
Site Admin


Joined: Mar 30, 2006
Posts: 2583
Location: Pittsburgh, Pennsylvania

PostPosted: Wed Nov 26, 2008 12:30 pm Reply with quote

Now I am not sure if the $bypassNukeSentinelInvalidIPCheck was supposed to be depreciated in the latest PN 2.3 or not, but it appears that when NS was updated in the latest release the $bypassNukeSentinelInvalidIPCheck variable was not readded to /includes/nukesentinel.php.

From a development stand point this is not that big a deal because sentinel has a new "Test Mode" switch now. When test mode is enalbed a "Test Mode" image will appear at the top of your site. When test mode is enabled the invalid IP Check will be bypassed. Since some people are forced to use this on a production site for several factors it is not really a practical solution because of the big TEST MODE at the top of your site. This is why I believe that it was just an oversight in not including this optional bypass. If you would like/need to use it again see the code below.

Find lines 116-122 of /includes/nukesentinel.php
Code:


// Invalid ip check
if($ab_config['test_switch'] != 1) {
  if($nsnst_const['remote_ip']=="none") {
    echo abget_template("abuse_invalid.tpl");
    die();
  }
}

Change to:
Code:


// Invalid ip check
if($ab_config['test_switch'] != 1 || !$bypassNukeSentinelInvalidIPCheck) {
  if($nsnst_const['remote_ip']=="none") {
    echo abget_template("abuse_invalid.tpl");
    die();
  }
}
 
View user's profile Send private message
Palbin
PostPosted: Wed Nov 26, 2008 12:34 pm Reply with quote

On why it is defined in both mainfile.php and rnconfg.php. I believe it was a security concern. The value set in the rnconfig .php will supersede the setting in mainfile.php
 
Palbin
PostPosted: Wed Nov 26, 2008 12:36 pm Reply with quote

After rereading your post I am not sure your using RN 2.3 but the general idea of what I said above should apply.
 
webservant
PostPosted: Wed Nov 26, 2008 8:26 pm Reply with quote

I am on RN23 - just upgraded. Perhaps I have remnants of RN2.02.02 that need to be removed. And you are correct, rnconfig.php does override what is in mainfile.php.

Thanks for the response, and the code snippet.
 
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Sat Jan 17, 2009 7:08 pm Reply with quote

I think the operator should be AND (&&) instead of || since you only want to test invalid IP address if you're NOT in test mode and NOT bypassing invalid IP address check.

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Sat Jan 17, 2009 9:42 pm Reply with quote

The original logic was:
Code:
// Invalid ip check

if(isset($bypassNukeSentinelInvalidIPCheck) AND $bypassNukeSentinelInvalidIPCheck) {;}
elseif($nsnst_const['remote_ip']=="none") {
  echo abget_template("abuse_invalid.tpl");
  die();
}


Then Bob changed it to:
Code:
// Invalid ip check

if($ab_config['test_switch'] != 1) {
  if($nsnst_const['remote_ip']=="none") {
    echo abget_template("abuse_invalid.tpl");
    die();
  }
}


Somehow he dropped our test switch. So, to accommodate his new logic and our old logic, I believe we need the following to keep those who do not use RavenNuke(tm) from seeing a Warning/Notice about an uninitialized setting:
Code:
// Invalid ip check

if ($ab_config['test_switch'] == 1) {;} //Site is in TEST Mode so skip the ipCheck
elseif (isset($bypassNukeSentinelInvalidIPCheck) AND $bypassNukeSentinelInvalidIPCheck===true) {;} //Site is NOT in TEST mode but $bypassNukeSentinelInvalidIPCheck is set to TRUE so skip the ipCheck
else { //Site is NOT in TEST Mode and $bypassNukeSentinelInvalidIPCheck is either not set or it is set to FALSE so do the ipCheck
  if($nsnst_const['remote_ip']=="none") {
    echo abget_template("abuse_invalid.tpl");
    die();
  }
}


Technically this is faster although we won't even notice it. Using ! (NOT) is always more expensive.

With the new logic, I am intentionally not checking for "$ab_config['test_switch'] == 1" AND "$bypassNukeSentinelInvalidIPCheck" as I don't see any purpose/value in it.
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.6.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©