HTTP Authentication question

New Member Joined: Jan 22, 2005 Posts: 7

Ok, Thank you very much. I've tried a lot of codes from this site, and I've been blocked by sentinel every time. RavensScripts

I'm searching a way to protect admin.php for those of us with this 'Apache 2.0' issue... If I find a way I'll post for all...

Thanks a lot for your help. Cheers

Posted: Sun Jan 23, 2005 9:14 pm

I've found a solution for me... I used the code posted by Raven to find the real path of my .htaccess. The problem was that this doesn't show the real complete path (maybe because the Apache 2.0). I found the real path protecting a directory from my hosting Admin Panel... Raven's one only shows this part: /var/www/html/.htaccess but creating htaccess from my hosting Panel I found that the real path was something like that: /home/virtual/site76/fst/var/www/html/.htaccess

Whit this path, Sentinel Admin http Auth works.

So, if you have this problem, check the path of your htaccess (if you can, make one htaccess from CPanel, or the one used in your hosting)

Hope this could help someone.

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Sometimes I overlook the obvious questions I should ask. Sorry!

Posted: Mon Jan 24, 2005 9:30 am

That is an interesting turn in finding the solution to this matter.
I used raven's script too to find the .htaccess path. Going asap ,to see if i can find the path with another way so i will see if it is the correct one in deed.

Quote:

Sometimes I overlook the obvious questions I should ask. Sorry!

That is human.
Sorry??!! Well ,knowledge is power and i am so weak, and glad to have powerfull human allies such as raven Cool

(Crowd's voice--> But, but..you mean.. he is not a dragon as shown in his avatar? Wink

)

Also glad to see high-standard users in this forum such as muzzy that come and post the solution and are not around only when they have the problem worship

.

Thx.

Posted: Mon Jan 24, 2005 9:47 am

nikits72 wrote:

Glad to see high-standard users in this forum such as muzzy that come and post the solution and are not around only when they have the problem worship

.

Thx.

Thanks, but just a newbie here (in nuke security)... I think the better way to help myself is helping the others if I can. Post your results. It will be usefull for those with our same problem.

Regards.

Posted: Mon Jan 24, 2005 10:18 am

Unfortunatelly ,i cannot find out from inside my control panel (plesk) if the path is the one raven's script shows.

Also my hoster gives support specific hours of the day which i work too and i cannot contact them by phone Bang Head

.
Although i will try to explain them by mail it is very douptfull if they will support me.
That is a problem i couldn't possibly imagine (or maybe i could?) when i was searching for hosting company .
(Crowd's voice--> We told you you will say this line many times ROTFL

)

So ,is there any other way i can tell for sure my real path to the .htaccess?

Thx.

Subject Matter Expert Joined: Feb 23, 2004 Posts: 358

There are some 'test attack' URLs floating around the Forums here.. search and ye shall find.

Sentinel is a 2 layer approach to banning. The IP is banned via database, and if possible is doubled up by being banned server-side via htaccess. If the htaccess route won't work for you, then your database bans should still work.

The common mistake is to be logged in as God Admin when you test an attack. God Admins are automatically given 'protected' status, so even tho you see the 'you've been banned' page, your IP is not added to the DB or htaccess (which leads many Admins to think their Sentinel is not working). To test and make sure IP's are in fact being added to the DB, log out as a God or a protected Admin, and throw a test URL at your site. Then use phpMyAdmin or similar to browse the banned IPs table to see if you were added. If you were, simply drop that entry and you'll be able to access your site again.

PHrEEk

Posted: Mon Jan 24, 2005 7:27 pm

nikits72 wrote:

So ,is there any other way i can tell for sure my real path to the .htaccess?

You can try this:

copy this code into a text editor and name get_cwd.php

Code:

<?php





$_cur_dir = getcwd();


echo"My web root dir is: $_cur_dir";





?>

Upload it to your public_html (www) folder, open a browser and add to the address bar: [ Only registered users can see links on this board! Get registered or login! ]

It should spit out a page that says something like:

My web root dir is: /home/your_sitename/public_html

In that case, your htaccess path is:

/home/your_sitename/public_html/.htaccess

Not sure if sentinel is picky about the leading forward slash... if it doesn't work, try it without it.

PHrEEk

New Member Joined: Jan 25, 2005 Posts: 4

Hello, i seem to be having the same issues, i have installed the sentinel, correct version for 7.60... as far as i know...new to phpnuke and loving it

i think the problem i have i dont know how to set the original username and password to the .stacess file....

when i check it is empty

the .htacess file has the information the site gives me to put on it...

which as far i can see it place admin.php where only set users can use it...and it finds the list of users from the .stacess (sorry if i misspelled it) file. but i just can get my username to be in that file...

is there a way to manually put the username and password in the file..

now in the options on sentinel it asks me for the username and i set it...and then i click on resend, but nothing changes.

i would really appreciate all and any help...

thank you.

Posted: Tue Jan 25, 2005 2:11 am

Ok, i think i got it....its like 2:00 AM on the morning, but i could not leave it alone...

ok figure what i was doing wrong...

Once the setup is done for nuke sentinel

ftp your sample.htaccess and sample.stacess to your root directory...

then rename the sample.stacess to .stacess and chmod 666

ok...i hope i dont misss a step cause by this time i am tired, but i got it to work....thank you for cafeine in coke

ok go to your nuke sentinel admistraction

down by the adminstration settings :
select Admin CGI

enter the path to sample.htacess file

now, in the sentinel i was using it gave a normally the link will be..and that was the link...except i added 'sample' in front .htacess

and the link to .stacess use the one provided unless you find out that the root is diferent.

Now save settings

now next the the area where you enter .stacess url...there is a setup link
click on it and it will give you a file ...change that in your sample.htacess

go to your admin auth user

make your user what ever you want, but i guess is recommended that it matches your main admin user

now i click resend....
and then i click build cgi file right on top of the user name

that build the .stacess file with the user name and password

now go back to ftp and change the name of your sample.htacess to only .htacess

and go back to your adminstration and change the url...remove the word sample

this time it will ask your for the login...the username and password should be accepted this time...

i hope this works...it work on me...

thank you for your time.

Posted: Tue Jan 25, 2005 10:50 am

Well PHrEEkie,
i tried your code too and the result path is the same as from raven's script.
So it seems i use the correct path to the .htaccess file already.
Probably i wont be so 'lucky' as muzzy was.

I am stuck Sad

Thx.

Posted: Tue Jan 25, 2005 12:07 pm

I just tryed the way i did it last night on other site and it work the method...

the problem is that when we upload .htacess it automatically starts looking for the users and passwords, but we never had a chance to set them up...

that is why you must upload it as sample.htacess so the nuke sentinel will recognize is there, but not the server...

then it will let you chose the option to build the .stacess file so you can set the passwords and username..

i found that the path that the nukesentinel gives me is correct...so i just paste that up there, but on htacess add the word sample in front on it..

the save settings

then go set up your passwords and username

something like that....it has worked twice already with me...so i think i got the steps down, it is just that i am not very well in communicating the steps...

Posted: Tue Jan 25, 2005 12:36 pm

thx eltioloco,

although i think you are reffering to the cgi auth since you are using the .staccess file

If you read at the start of the thread this is a topic for http auth only.
TheosEleos says (at his 2nd post in this thread,pls read it) there is no need for an
.staccess (for the http auth ,except if i though wrong untill now).

Though i will read what you suggest.

Thx.

Posted: Tue Jan 25, 2005 12:56 pm

I see, goes to show you how well i read too...lol

Posted: Wed Jan 26, 2005 10:15 am

Maybe you could find a solution here

(Posted by Raven here)

Posted: Sun Feb 13, 2005 7:22 am

For who ever it may/if concerncs the http auth now works well for me too.
Trying to figure out why is that there are 2 significant changes in conjuction with the previous time:

1.My provider told me (and did) an upgrade to my webspace and changed (as i was told) the server.
2.I had to reinstall phpnuke.The difference between this install and the previous one is that i installed phpnuke inside a directory and not directly to the root of my web space.

Thx...

New Member Joined: Oct 29, 2005 Posts: 12

You are getting further then I am. I have no Admins listed in the Admin Auth List. I have 2 admins listed in the general site admins with a seperate generic nickname for the God admin. Cannot get any changes I make to save. When I refresh always back to default.