does sentinal work?

New Member Joined: Apr 01, 2005 Posts: 3

hi i been using sentinal for few weeks now but i having one problem i think sential not even working,

before i use to use protector but decided to go for sentinal this on a new site i build.

with sentinal activate i managed to do 3 hacks a search module, downloads module and weblinks and none of the hacks i did blocked me where protector did,

i even managed to get in admin through the weblinks module on patch 7.6 3.0b

any idears how i could test this out guys or something i may of setup wrong

project overseer productions

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

In General, NukeSentinel(tm) is not designed to replace nor fix bad code. Chatserv has issued patches for the three modules that you mention and that is not a function of NukeSentinel(tm). NukeSentinel(tm) is designed and written to protect against admin hacking, XXS, and other exploits like UNION, CLIKE, etc. I would remove all of your NukeSentinel files and tables and get the latest and install it. If you are able to hack those 3 modules with Chatserv's 3.0 patches applied, then we need to see the exploits you used because to our knowledge, all known exploits are fixed in Chat's patch level series.

Posted: Fri May 20, 2005 1:31 pm

i do have latest version of sentinal and nuke 7.7 from nsnscripts.com with chatserv patch 3.0b i not going to post any code here but who would be the best person to tell on how to do this, any why does not sentinal block me with union or sql hack attempts where protector did.

the reason i used sentinal is becuase it was easy to install and i not sure if protector would work with 7.7

thanks

Posted: Fri May 20, 2005 3:59 pm

It does block those if installed correctly, no offense. Thousands are using it, including this site, and I get several blocks every day. Please go over the installation instructions very carefully. There's got to be something that you have missed.

Posted: Fri May 20, 2005 5:15 pm

i have installed it how it says i even turn on all the different hacker protect settings ,

how i do i know if its working how it should as with protector i use to run test hack scripts that i do myself but these dont seem to block me link i can insert weblinks etc without admin approvel with the hack

any idears would be greatfull?

Posted: Fri May 20, 2005 5:34 pm

The inserting web links w/o admin approval is not governed by NukeSentinel(tm). Comment out the NukeSentinel(tm) code in mainfile.php and see if you can add web links w/o admin approval. If you can, NukeSentinel(tm) is not the issue. PM me the code you are using to bypass your admin approval and I will test it. Make sure you surround the code in bbcode tags.

New Member Joined: May 20, 2005 Posts: 1

Nuke sentinel has been working a lot fot the security of my site.
thousands of attacks were block by sentinel.. the santy worm for example.
(that one that attacks php-sites or forums).
SQl injections... is not the only security add on (and a lot of pathces!) hat i have installed, but sentinel stopped a lot!

New Member Joined: Mar 25, 2005 Posts: 3

Hey Overseer, if you really want to know if Sentinal is doing its job, get one of your admins to enter a wrong password in the admin login a few times. If Sentinal is working he/she will have their IP banned.

Of course, make sure the admin you pick has a dynamic IP address and that they are only a casual admin who can wait for their ip to change.

I've had more bans as a result of my admin's then with any kind of attack..lol.

New Member Joined: Jul 20, 2006 Posts: 7

Sentinel seems to be working a little too well for us. It's blocked us from a site we're setting up and developing. But we are kind of noobs to the whole PHP Nuke ring. Bang Head