| Author |
Message |
Sfinxs
Client
Joined: Mar 09, 2005
Posts: 157
|
 Posted:
Sun May 01, 2005 9:43 am |
|
I banned someone from my site but I can still see him there. I'm pretty sure its his ip too. What's the problem? |
| |
|
|
|
djmaze
Subject Matter Expert
Joined: May 15, 2004
Posts: 727
Location: http://tinyurl.com/5z8dmv
|
| Posted:
Sun May 01, 2005 10:59 am |
|
Nothing, you can't ban someone unless you deny access from any IP which makes the site only visible to you. |
| |
|
|
|
Sfinxs
|
| Posted:
Sun May 01, 2005 1:05 pm |
|
can you clarify that.... What's the purpose of IP ban. Unless he's using another comp it should work right? |
| |
|
|
|
|
djmaze
|
| Posted:
Sun May 01, 2005 1:20 pm |
|
no, you ever heard of:
- anonymous proxies
- aol
- dial-up
Someone can use proxy servers that don't tell their real ip to the domain they are browsing, if the proxy server is banned they just use another
AOL changes customer IP each minute which makes banning of an IP useless unless you ban everyone which results in banning 100.000 potential visitors
Dial-up same as AOL but then the visitor has to re-dial the ISP
Then there's also something called "spoofing" this is a way to send fake ip's to the website.
In all cases if you ban the IP you are actualy banning more people then the attacker.
The only real option is to run a website that isn't hackable thru PHP by using a different CMS then PHP-Nuke.
If you want to stay with PHP-Nuke then you must live with the fact that you:
- have enough knowledge to setup your website properly
- make backups every day
- check this site for security fixes each day
- have a restore plan when the day comes that you get hacked
- have a second restore plan for the second day that you get hacked
By point 1 i realy meen enough knowledge, i bet that if i hack into your PHP-Nuke the config.php has the same login details for MySQL as the one you use for your cPanel/FTP
This meens if i read your config.php the $dbuname is your FTP loginname and $dbpass is your FTP password |
| |
|
|
|
|
Sfinxs
|
| Posted:
Sun May 01, 2005 3:23 pm |
|
lol I don't care about hackers. The guy has dsl so I figure it's just 1 ip unlike AOL and such. |
| |
|
|
|
|
CurtisH
Life Cycles Becoming CPU Cycles
Joined: Mar 15, 2004
Posts: 638
Location: West Branch, MI
|
| Posted:
Sun May 01, 2005 3:27 pm |
|
| Sfinxs wrote: | | lol I don't care about hackers. |
Yikes, you should. Seems like everytime I see a comment like that, the poor guy's site gets trashed within 48 hours. |
_________________
Those who dream by day are cognizant of many things which escape those who dream only by night. ~Poe |
|
|
|
Susann
Moderator
Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support
|
| Posted:
Sun May 01, 2005 7:17 pm |
|
@sfinx
I thought you are looking now for an other CMS after all the facts about nuke 
| djmaze wrote: |
- make backups every day
- have a restore plan when the day comes that you get hacked
- have a second restore plan for the second day that you get hacked
|
Don´t forget this, that´s really necassary.
You can ban user names, ISP and the e-mail through the phpBB forums administration, but of course the came back with an other name and e-mail. |
| |
|
|
|
|
Sfinxs
|
| Posted:
Sun May 01, 2005 7:23 pm |
|
lol hi Susan. I still didn't install google tap believe it or not. It just seems like such a long installation. However my site is listed 18 on yahoo when i type nba live league. That's cool isn't it. |
| |
|
|
|
|
Susann
|
| Posted:
Sun May 01, 2005 7:32 pm |
|
That´s very good . I like the sounds on your site very cool.
But don´t forget the daily backups. |
| |
|
|
|
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6432
|
| Posted:
Sun May 01, 2005 10:07 pm |
|
Just to clarify something - IP banning works IF the attacker is using a real IP address (i.e. not a proxy) that doesn't change. But with spoofing, anonymous proxies, etc., you might consider a temporary ban, redirecting the attacker to another site or the PC killer approach (load a Flash or other file that requires all the attacker's system resources). These approaches punish the attacker when (s)he attacks, not the next unfortunate person who gets that IP address.
The important thing is to realize that you can never take security for granted - no matter what CMS or security tools you use, you should follow DJMaze's suggestions above. |
_________________
I search, therefore I exist...
nukeSEO - nukeFEED - nukePIE - nukeSPAM - nukeWYSIWYG |
|
|
|
|
Sfinxs
|
| Posted:
Mon May 02, 2005 12:04 am |
|
thanks you guys and I appreciate the suggestions. It's just so time consuming to install nuke sentinel. And the chance of me messing up doing all those steps is very likely. Anything quick and easy? |
| |
|
|
|
|
kguske
|
| Posted:
Mon May 02, 2005 5:16 am |
|
Unfortunately, quick and easy usually means inadequate when it comes to security. But the default installation is fairly quick and provides good protection. You really only need to decide and change how you want to treat attacks (i.e. permanent ban, temporary ban, redirect, PC killer).
I'd also recommend you research HTTP Admin Authentication in these forums and set that up. You can play the game of renaming the admin.php file, but in my view that's inconveniencing yourself whereas HTTP Admin Authentication inconveniences the would-be attacker.
As an option, you might find someone to set it up for you, but I think it's better to understand these issues and the configuration of your security software so there are no surprises. Too many people have posted messages here like "I've locked myself out of my site" which is disappointing considering how much effort went into creating a useful user guide / manual. |
| |
|
|
|
|
Sfinxs
|
| Posted:
Mon May 02, 2005 5:42 pm |
|
so you're saying i can just rename admin.php to somehing else and that is adequate for now? |
| |
|
|
|
|
kguske
|
| Posted:
Mon May 02, 2005 6:35 pm |
|
Not exactly. If you're using version 7.6 or later, you can change the configuration and rename your admin.php, and that will stop certain types of attacks AS LONG AS no one else knows the name of your renamed admin.php file.
Unfortunately, there are other ways to attack sites that don't involve the admin page. That's why I strongly recommend that you use a security tool like NukeSentinel with HTTP Admin Authentication. NukeSentinel contains an optional HTTP Admin Authentication function (available on Apache servers - not IIS) that is very effective at stopping attacks on the Nuke admin function if used properly. Used properly means using different passwords for http admin than for the admin login and a third password for your user login.
NukeSentinel also stops most other attacks, too. It will not, however, be able to stop attacks on non-Nuke modules / functions or Nuke modules that don't use standard database access methods (most Nuke modules use standard methods).
It would probably be worthwhile to check the online manual for NukeSentinel. |
| |
|
|
|
|
Sfinxs
|
| Posted:
Wed May 04, 2005 2:18 am |
|
Every 10 clicks or so at my site... it sent me to a HTTP 403 (Forbidden) where I get a dead link. Don't know if server is slow or if I'm getting hacked lol. This just started happening now so I dont' know what's going on. Any idea? |
| |
|
|
|
|
jonmcc33
Hangin' Around
Joined: May 17, 2004
Posts: 40
Location: Dayton, OH
|
| Posted:
Wed May 25, 2005 8:36 am |
|
| Sfinxs wrote: | | lol I don't care about hackers. The guy has dsl so I figure it's just 1 ip unlike AOL and such. |
DSL uses dynamic IPs unless they pay for business class dedicated IP addresses. |
| |
|
 |
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
