Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
Diego
Hangin' Around


Joined: Nov 28, 2004
Posts: 29

PostPosted: Sun Nov 28, 2004 3:40 pm Reply with quote

Hello, Im not quite sure about what all the options in sentinel are, so is there somewhere I can find a guide to the optimum settings to have? A master list of bad IPs , bad IP ranges, or something of that sort? Any help would be greatly appreciated.

Thanks,

Diego
 
View user's profile Send private message
Diego
PostPosted: Sun Nov 28, 2004 5:02 pm Reply with quote

bumpzors ;]
 
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Sun Nov 28, 2004 5:20 pm Reply with quote

For help with settings, check out the Only registered users can see links on this board! Get registered or login!.

As for a master list of bad IPs, ranges, there is no clear choice. You could try copying the posted list here, at Nukescripts.net, or other Sentinel sites that posted bad IPs. I think beetraham posted a list here (search the news) with a utility for loading a list into Sentinel.

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
PHrEEkie
Subject Matter Expert


Joined: Feb 23, 2004
Posts: 358

PostPosted: Sun Nov 28, 2004 7:13 pm Reply with quote

It's hard to define 'optimum' settings, because they vary from server environment to server environment and depend a great deal on what you expect Sentinal to do for you... the downfall to any program this robust and feature-rich is that it requires you to know a thing or two about how your server environment is setup.

I'll say that most of the default settings should get you a basic protection scheme up and running. Your main concern with protections will lie in Sentinal Configuration and the Blockers section. That's where all of the filters work which will stop the harvesters and script kiddeez. The other stuff, like the Admin protection areas (which takes Sentinal into another universe compared to other protection systems) aren't mission-critical and do require you to be armed with a little info up front. You can play around in there a bit, but be prepared with a good FTP client and phpMyAdmin in case you lock yourself out accidentally Wink

If your server environment won't let you get the Admin protection working 100%, then at the very least use .htaccess to add a second-level user/pass protection to admin.php in the Nuke root, and index.php in the folder {nuke-root}/modules/Forums/admin. I've been doing that since around 2 years ago and haven't been Admin hacked yet.

PHrEEk
 
View user's profile Send private message
Diego
PostPosted: Sun Nov 28, 2004 7:33 pm Reply with quote

Is there a way to import settings? I tried looking for that thing mentioned above but to no avail.
 
kguske
PostPosted: Sun Nov 28, 2004 7:42 pm Reply with quote

When you install it, default settings are created. You should review the User Guide to determine if you need to change the settings to be appropriate for your site. If you aren't sure about a specific setting, post a message here.
 
Diego
PostPosted: Sun Nov 28, 2004 8:38 pm Reply with quote

alright, how about importing IP list and ranges?
 
PHrEEkie
PostPosted: Sun Nov 28, 2004 10:00 pm Reply with quote

I believe kguske is trying to direct you to this page:
Only registered users can see links on this board! Get registered or login!

That will allow you to quickly add entire country ranges, although I'm not sure that's what you're trying to do... can you be more specific as to what IP ranges you want to block? You can add them one by one through Sentinal Config, but this would only be necessary if right off the bat you want a particular block or range banned and a good reason why. Other than that, leave all that stuff alone and Sentinal will start building the banned IP list in your DB depending on who is trying to jack up or scan/harvest your site. I have always had South America banned (200.*.*.*) through .htaccess for years now, but have never needed to ban any other region (knock on wood). Make sure you understand the differences between:

-> an individual IP
-> a range of IP's
-> a block of IP's

All 3 are different things, and if you don't completely understand these differences, just don't mess with it and let Sentinal handle it on its own.

PHrEEk
 
kguske
PostPosted: Sun Nov 28, 2004 10:35 pm Reply with quote

Thanks, PHrEEkie, that was what I was looking for, but got distracted. Beetraham's article about this is Only registered users can see links on this board! Get registered or login!.
 
Diego
PostPosted: Mon Nov 29, 2004 4:29 pm Reply with quote

I meant like for example,. taking this sites list of bad IP's and ip ranges and importing them to my Sentinel
 
kguske
PostPosted: Mon Nov 29, 2004 4:51 pm Reply with quote

That's up to the site owner, Raven. You might send him a PM requesting an extract, or you could copy and paste the public list and format it into SQL statements before importing. But I'm not sure what the benefit of that will be - if you have Sentinel running and someone tries to access your site improperly, Sentinel will ban them at that time, assuming you have it configured to do that.
 
PHrEEkie
PostPosted: Mon Nov 29, 2004 7:10 pm Reply with quote

Diego, if the confusion lies in you thinking that you need to add IP's up front, you don't! Sentinal adds them as it detects suspicious activity! Raven may very well have added a few by hand, but most of what you see his block showing were added by Sentinal over the past months. It takes time for that fill up on its own (in a best-case scenario, it wouldn't fill up at all! hehe ok, one could wish for a script-kiddee free environment!) Like I said in an earlier post, if you have a REASON to block a particular IP, range or block, then Sentinal allows you to add them by hand. That is not the usual way to do things... just let Sentinal add them as necessary..

PHrEEk
 
Diego
PostPosted: Mon Nov 29, 2004 7:15 pm Reply with quote

Alright I understand. Also, is there anyway to increase the number under the banner saying the board is protected? IE

"we have caught 10 shameful hackers" I jsut want to make it so it seems the system works to prevent people from trying
 
PHrEEkie
PostPosted: Mon Nov 29, 2004 7:35 pm Reply with quote

LOL... sure, just go into Sentinal Config IP blocker and hand add in some stuff... you could use some inside-LAN ip's that would never appear on the internet. Just make sure not to block out your localhost (typically 127.0.0.1). There's thousands of IP's you could use which will not intefere with your site vistors.
 
PHrEEkie
PostPosted: Mon Nov 29, 2004 7:44 pm Reply with quote

Here's a more permanent fix:

Go into blocks/block-Hacker_Beware.php

Find:
Code:
$total_ips = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_nsnst_blocked_ips" ));


Underneath, add:
Code:
$total_ips = intval($total_ips) + 10;


Save changes and refresh your site.

You will always have the total number of true hackers caught plus 10 (which in the case of 0, would be 10). Once you have enough hack attemtps to satisfy you, you can delete that new line.

PHrEEk
 
Diego
PostPosted: Mon Nov 29, 2004 8:07 pm Reply with quote

<3
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©