Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x
Author Message
Dauthus
Worker
Worker


Joined: Oct 07, 2003
Posts: 211

PostPosted: Mon Jul 10, 2006 3:45 pm Reply with quote

I take it all I have to do is

1. Overwrite the files with the ones in the new download
2. Update the includes/javas cript.php file
3. Update the mainfile.php file
3. Run the install file "nsnst.php
4. Update the IP2Country tables

I didn't see any update instructions.

The only thing I see to change in the includes/javascript.php file is to remove the following:

Code:
global $sentineladmin;

if($sentineladmin > 0) {
  echo "<script type=\"text/javas cript\" src=\"includes/overlib.js\"><!-- overLIB (c) Erik Bosrup --></s cript>\n";
  echo "<s cript type=\"text/javas cript\" src=\"includes/overlib_hideform.js\"><!-- overLIB (c) Erik Bosrup --></s cript>\n";
}


The only thing I see to change in the mainfile.php is to remove the following:

Code:
if(!file_exists('includes/nukesentinel.php')) {

  if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
    $queryString = $_SERVER['QUERY_STRING'];
    if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
      die('Illegal Operation');
    }
  }
}


I do have a question about this line of code in the mainfile.php. I added it in an earlier version of sentinel and haven't seen where it should be removed in any of the upgrades. There is no mention of this code in the new install, so should it stay or go?

Code:
//Union Tap

//Copyright Zhen-Xjell 2004 http://nukecops.com
//Code to prevent UNION SQL Injections
if(!file_exists('includes/nukesentinel.php')) {
  unset($matches);
  unset($loc);
  if(isset($_SERVER['QUERY_STRING'])) {
    if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER['QUERY_STRING']), $matches)) {
      die('Illegal Operation');
    }
  }
}

_________________
Only registered users can see links on this board! Get registered or login!
Vivere disce, cogita mori

Last edited by Dauthus on Mon Jul 10, 2006 4:13 pm; edited 2 times in total 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Mon Jul 10, 2006 6:18 pm Reply with quote

1. Overwrite the files with the ones in the new download
2. Remove all NukeSentinel(tm) from includes/javascript.php file. The needed code is now in the admin folder.
3. Run the install file "nsnst.php"
4. Update the IP2Country tables

I was not aware of any changes to mainfile.php but have asked Bob to comment on it.
 
View user's profile Send private message
BobMarion
Former Admin in Good Standing


Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)

PostPosted: Mon Jul 10, 2006 7:08 pm Reply with quote

This section should not be removed only commented out as shown:
Code:
#

#-----[ FIND ]------------------------------------------
#
//Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 3 Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
if(isset($_SERVER['QUERY_STRING'])) {
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER['QUERY_STRING']), $matches)) {
    die('Illegal Operation');
  }
}

#
#-----[ COMMENT OUT ]------------------------------------------
#
//Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Code to prevent UNION SQL Injections
//unset($matches);
//unset($loc);
//if(isset($_SERVER['QUERY_STRING'])) {
//  if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER['QUERY_STRING']), $matches)) {
//    die('Illegal Operation');
//  }
//}


Even though this section is designed to shut off when nukescripts is detected I recommend commenting it out to prevent conflicts.
Code:
#

#-----[ FIND ]------------------------------------------
#
if(!file_exists('includes/nukesentinel.php')) {
  if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
    $queryString = $_SERVER['QUERY_STRING'];
    if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
      die('Illegal Operation');
    }
  }
}

#
#-----[ COMMENT OUT ]------------------------------------------
#
//if(!file_exists('includes/nukesentinel.php')) {
//  if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
//    $queryString = $_SERVER['QUERY_STRING'];
//    if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
//      die('Illegal Operation');
//    }
//  }
//}


This is the only real code change suggested for mainfile.php:
Code:
in function function online() {

#
#-----[ FIND ]------------------------------------------
#
function online() {
  global $user, $cookie, $prefix, $db;
  $ip = $_SERVER['REMOTE_ADDR'];

#
#-----[ CHANGE TO ]------------------------------------------
#
function online() {
  global $nsnst_const, $user, $cookie, $prefix, $db;
  if(!file_exists('includes/nukesentinel.php')) {
    $ip = $_SERVER['REMOTE_ADDR'];
  } else {
    $ip = $nsnst_const['remote_ip'];
  }

This will then cause the sessions table to have the true ip not a false one.

On that last section you talked about, you can leave it as is or comment it out like so:
Code:
//Union Tap

//Copyright Zhen-Xjell 2004 http://nukecops.com
//Code to prevent UNION SQL Injections
//if(!file_exists('includes/nukesentinel.php')) {
//  unset($matches);
//  unset($loc);
//  if(isset($_SERVER['QUERY_STRING'])) {
//    if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER['QUERY_STRING']), $matches)) {
//      die('Illegal Operation');
//    }
//  }
//}


if(!file_exists('includes/nukesentinel.php')) { will stop it from using it when it finds the includes/nukesentinel.php file.

_________________
Bob Marion
Codito Ergo Sum
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website
Dauthus
PostPosted: Tue Jul 11, 2006 12:02 am Reply with quote

Thanks for the information. Update went without a single problem.
 
frisp
Hangin' Around


Joined: Apr 02, 2005
Posts: 29
Location: Penicuik, Scotland

PostPosted: Tue Jul 11, 2006 7:23 am Reply with quote

Thanks from me also, all went painlessly.

_________________
Regards

[_]frisp 
View user's profile Send private message Visit poster's website
utssace
Worker
Worker


Joined: Feb 18, 2006
Posts: 155
Location: Virginia

PostPosted: Mon Jul 24, 2006 8:05 pm Reply with quote

I just installed RavenNuke 2.02.02. Is Sentinel 2.5 solid/stable enough to use at this point, or would it be prudent to wait a little longer?

Where can I find updated Sentinel for RavenNuke?
 
View user's profile Send private message Visit poster's website
Raven
PostPosted: Mon Jul 24, 2006 10:00 pm Reply with quote

Yes on the stability and RavenNuke(tm) uses standard NukeSentinel(tm).
 
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Tue Jul 25, 2006 9:05 am Reply with quote

... and NukeSentinel(tm) can be downloaded from nukescripts.net
 
View user's profile Send private message Visit poster's website
utssace
PostPosted: Sat Jul 29, 2006 7:37 pm Reply with quote

The upgrade went good. No problem with that.

Two other questions please:

Is the Sentinel default settings in the admin sufficient. I don't quite understand what they all do?

Is it ok to delete the nsnst_installer folder after upgrading?

Thanks Cool
 
Raven
PostPosted: Sat Jul 29, 2006 8:09 pm Reply with quote

Delete that folder and the nsnst.php file. See the Only registered users can see links on this board! Get registered or login! for an explanation of the different settings. The manual is not up to date, but I believe it will provide you with what you need.
 
utssace
PostPosted: Tue Aug 01, 2006 4:46 pm Reply with quote

One more thing to be clear on something:

I have RavenNuke 2.02.02 installed. I have followed the steps above to install Sentinel 2.50. I also made the mainfile edits suggested by BobMarion above.

I have NOT made any of the Core Edits mentioned in the NS Guide or the readme file. I am assuming that these edits are not necessary since I'm running RN.

Am I right on this?
 
Raven
PostPosted: Tue Aug 01, 2006 6:06 pm Reply with quote

Partly. In 2.5.0 we made some changes to files in the includes folder and it seems one more place. You need to read the instructions to see which files to remove.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©