Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff
Author Message
Sfinxs
Client


Joined: Mar 09, 2005
Posts: 157

PostPosted: Sun May 01, 2005 9:43 am Reply with quote

I banned someone from my site but I can still see him there. I'm pretty sure its his ip too. What's the problem?
 
View user's profile Send private message
djmaze
Subject Matter Expert


Joined: May 15, 2004
Posts: 719
Location: http://tinyurl.com/5z8dmv

PostPosted: Sun May 01, 2005 10:59 am Reply with quote

Nothing, you can't ban someone unless you deny access from any IP which makes the site only visible to you.
 
View user's profile Send private message Visit poster's website
Sfinxs
PostPosted: Sun May 01, 2005 1:05 pm Reply with quote

can you clarify that.... What's the purpose of IP ban. Unless he's using another comp it should work right?
 
djmaze
PostPosted: Sun May 01, 2005 1:20 pm Reply with quote

no, you ever heard of:
- anonymous proxies
- aol
- dial-up

Someone can use proxy servers that don't tell their real ip to the domain they are browsing, if the proxy server is banned they just use another

AOL changes customer IP each minute which makes banning of an IP useless unless you ban everyone which results in banning 100.000 potential visitors

Dial-up same as AOL but then the visitor has to re-dial the ISP

Then there's also something called "spoofing" this is a way to send fake ip's to the website.

In all cases if you ban the IP you are actualy banning more people then the attacker.

The only real option is to run a website that isn't hackable thru PHP by using a different CMS then PHP-Nuke.
If you want to stay with PHP-Nuke then you must live with the fact that you:
- have enough knowledge to setup your website properly
- make backups every day
- check this site for security fixes each day
- have a restore plan when the day comes that you get hacked
- have a second restore plan for the second day that you get hacked

By point 1 i realy meen enough knowledge, i bet that if i hack into your PHP-Nuke the config.php has the same login details for MySQL as the one you use for your cPanel/FTP
This meens if i read your config.php the $dbuname is your FTP loginname and $dbpass is your FTP password
 
Sfinxs
PostPosted: Sun May 01, 2005 3:23 pm Reply with quote

lol I don't care about hackers. The guy has dsl so I figure it's just 1 ip unlike AOL and such.
 
CurtisH
Life Cycles Becoming CPU Cycles


Joined: Mar 15, 2004
Posts: 638
Location: West Branch, MI

PostPosted: Sun May 01, 2005 3:27 pm Reply with quote

Sfinxs wrote:
lol I don't care about hackers.


Yikes, you should. Seems like everytime I see a comment like that, the poor guy's site gets trashed within 48 hours.

_________________
Those who dream by day are cognizant of many things which escape those who dream only by night. ~Poe 
View user's profile Send private message Visit poster's website Yahoo Messenger
Susann
Moderator


Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Sun May 01, 2005 7:17 pm Reply with quote

@sfinx
I thought you are looking now for an other CMS after all the facts about nuke Rolling Eyes


djmaze wrote:


- make backups every day
- have a restore plan when the day comes that you get hacked
- have a second restore plan for the second day that you get hacked


Don´t forget this, that´s really necassary.

You can ban user names, ISP and the e-mail through the phpBB forums administration, but of course the came back with an other name and e-mail.
 
View user's profile Send private message
Sfinxs
PostPosted: Sun May 01, 2005 7:23 pm Reply with quote

lol hi Susan. I still didn't install google tap believe it or not. It just seems like such a long installation. However my site is listed 18 on yahoo when i type nba live league. That's cool isn't it.
 
Susann
PostPosted: Sun May 01, 2005 7:32 pm Reply with quote

That´s very good . I like the sounds on your site very cool.

But don´t forget the daily backups.
 
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Sun May 01, 2005 10:07 pm Reply with quote

Just to clarify something - IP banning works IF the attacker is using a real IP address (i.e. not a proxy) that doesn't change. But with spoofing, anonymous proxies, etc., you might consider a temporary ban, redirecting the attacker to another site or the PC killer approach (load a Flash or other file that requires all the attacker's system resources). These approaches punish the attacker when (s)he attacks, not the next unfortunate person who gets that IP address.

The important thing is to realize that you can never take security for granted - no matter what CMS or security tools you use, you should follow DJMaze's suggestions above.

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
Sfinxs
PostPosted: Mon May 02, 2005 12:04 am Reply with quote

thanks you guys and I appreciate the suggestions. It's just so time consuming to install nuke sentinel. And the chance of me messing up doing all those steps is very likely. Anything quick and easy?
 
kguske
PostPosted: Mon May 02, 2005 5:16 am Reply with quote

Unfortunately, quick and easy usually means inadequate when it comes to security. But the default installation is fairly quick and provides good protection. You really only need to decide and change how you want to treat attacks (i.e. permanent ban, temporary ban, redirect, PC killer).

I'd also recommend you research HTTP Admin Authentication in these forums and set that up. You can play the game of renaming the admin.php file, but in my view that's inconveniencing yourself whereas HTTP Admin Authentication inconveniences the would-be attacker.

As an option, you might find someone to set it up for you, but I think it's better to understand these issues and the configuration of your security software so there are no surprises. Too many people have posted messages here like "I've locked myself out of my site" which is disappointing considering how much effort went into creating a useful user guide / manual.
 
Sfinxs
PostPosted: Mon May 02, 2005 5:42 pm Reply with quote

so you're saying i can just rename admin.php to somehing else and that is adequate for now?
 
kguske
PostPosted: Mon May 02, 2005 6:35 pm Reply with quote

Not exactly. If you're using version 7.6 or later, you can change the configuration and rename your admin.php, and that will stop certain types of attacks AS LONG AS no one else knows the name of your renamed admin.php file.

Unfortunately, there are other ways to attack sites that don't involve the admin page. That's why I strongly recommend that you use a security tool like NukeSentinel with HTTP Admin Authentication. NukeSentinel contains an optional HTTP Admin Authentication function (available on Apache servers - not IIS) that is very effective at stopping attacks on the Nuke admin function if used properly. Used properly means using different passwords for http admin than for the admin login and a third password for your user login.

NukeSentinel also stops most other attacks, too. It will not, however, be able to stop attacks on non-Nuke modules / functions or Nuke modules that don't use standard database access methods (most Nuke modules use standard methods).

It would probably be worthwhile to check the Only registered users can see links on this board! Get registered or login!.
 
Sfinxs
PostPosted: Wed May 04, 2005 2:18 am Reply with quote

Every 10 clicks or so at my site... it sent me to a HTTP 403 (Forbidden) where I get a dead link. Don't know if server is slow or if I'm getting hacked lol. This just started happening now so I dont' know what's going on. Any idea?
 
jonmcc33
Hangin' Around


Joined: May 17, 2004
Posts: 40
Location: Dayton, OH

PostPosted: Wed May 25, 2005 8:36 am Reply with quote

Sfinxs wrote:
lol I don't care about hackers. The guy has dsl so I figure it's just 1 ip unlike AOL and such.


DSL uses dynamic IPs unless they pay for business class dedicated IP addresses.
 
View user's profile Send private message Visit poster's website AIM Address ICQ Number
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©