Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x
Author Message
Serafim
Worker
Worker


Joined: Mar 25, 2006
Posts: 109
Location: Delaware Usa

PostPosted: Sun May 28, 2006 7:14 pm Reply with quote

Ok lets start with this. Sentinel version 2.4.2pl6

Here is the issue I tried this admin cookie session time change from default to 3 hours. I know this was not wise to do now. What I thought the cookie did was when I leave the site it only stays active for three hours. Well this does not seem to be the case. What happens is after three hours on the site it ques me to log in.. If I am on the admin.php page I get banned instantly.. This really sucks too.. The problem I have is that my ip is added to protected ranges. and also to excluded so sentinel doesn't track me anymore.. Where did I screw up and how do I fix it. LOL I do want my admin cookie to stay active until I leave the site but how can this be done.. Ok so I guess I have alot of issues but the biggest is why sentinel is banning me.. HELP

_________________
Image 
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6793
Location: Ha Noi, Viet Nam

PostPosted: Sun May 28, 2006 8:41 pm Reply with quote

Just a thought but if your IP is in 'excluded range' and therefore not being tracked or logged, how does Sentinel know you are legitimately using admin.php if it has nothing to compare with what is 'protected'?

Try taking your IP out of the excluded range (remove it from htacess also if it is in there) and let me know what happens.
Might also be worth checking your current IP is actually still the one listed in the protected range.
 
View user's profile Send private message Send e-mail
Serafim
PostPosted: Sun May 28, 2006 10:03 pm Reply with quote

Ok I had already removed my ip from .htaccess and I removed it from excluded ranges as well. The ip is in protected ranges. I readded it just to be sure but after the alloted time if I am on the admin page when the cookie ends I get da boot lol

Is there a better way to do the whole cookie session thing or is that a bust I got the info from a post at php nuke .org. Would you suggest putting the cookie time back to default?? Thanks for the guidance
 
Guardian2003
PostPosted: Mon May 29, 2006 2:49 am Reply with quote

To be honest, it shouldnt matter what the cookie length time is. If your IP is in the protected range you should not be getting banned, period!

I think this might have to be answered by Raven or one of the other Nuke Sentinel developers.

As far as I am aware session hijacking can only occur whilst your are logged in as an admin so provided you log out from admin when you have finished whatever you needed to do, using the default setting should be fine.
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9456
Location: Arizona

PostPosted: Tue May 30, 2006 6:43 am Reply with quote

No, I think what is happening is that you also need to kill your browser. It is banning you because you really are NOT logged in as admin, therefore, it "does not know you", and assumes you are attempting an Admin or Author exploit. You can keep your timeout small, BUT, you MUST kill your browser OR click on "Home" first and then come back and enter in admin.php as you normally would.

Fortunately or unfortunately, NukeSentinel is doing exactly what it was designed to do... Wink

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Guardian2003
PostPosted: Tue May 30, 2006 9:16 am Reply with quote

Good catch!
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©