Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Ant
New Member
New Member


Joined: Dec 08, 2005
Posts: 24
Location: Sweden

PostPosted: Mon Aug 28, 2006 6:30 am Reply with quote

1 of my clan members tried to send me a script via PM and Sentinel blocked him, well sort off. He got the black screen of death telling him he was blocked from the site for an "Unknown Attack" on my site, but he was able to press the back button and he could get back onto the site. Now I know Sentinels working as a German tried to hack me last nite (i'll send the details shortly when I find where to send em too!!) I just wondered, can I stop this from happening again, I mean pressing the back button?

_________________
ONLY THE DEAD HAVE SEEN THE END OF WAR....PLATO 
View user's profile Send private message Visit poster's website
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Mon Aug 28, 2006 6:48 am Reply with quote

The back button isn't the issue. Check the blocker settings for unknown attacks and make sure it's set to block, instead of just warn. Also, if the member is authorized / protected, (s)he'll get the warning without being blocked.

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
Ant
PostPosted: Mon Aug 28, 2006 7:05 am Reply with quote

Hi thx for the very quick reply.

No hes not protected i've double checked to make sure. As for the Blocker Settings, do you mean in "Blocker Configuration"? If you do I don't have "Unknown Attacks". I've gone down the list and they're all set to "Block Duration: Permanent"

I'm using Version 2.4.2pl9, but after last nights attempt i'll be upgrading shortly
 
kguske
PostPosted: Mon Aug 28, 2006 7:19 am Reply with quote

Was the IP blocked - and showing in the blocked IP list?

That's very strange - shouldn't have been a problem in 2.4.2pl9.
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Mon Aug 28, 2006 8:41 am Reply with quote

Take a look at your blockers, as kguske has suggested, namely the "Activate" option. There are several options in this drop down. If you don't have "Block" anywhere in the option that you selected, NS will not write it to the DB.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Ant
PostPosted: Tue Aug 29, 2006 7:27 am Reply with quote

Thanks for the replies guys,

No the IP was'nt added to the banned list and hes still able to get access to the site as before!!

Just looked at the Activate Settings for all the "Blocker Settings" and most of them are set to Email, Block and Default Page, Scripting Blocker was set to Email Admin. Do you think its wise to make them all the same apart from Admin?
 
montego
PostPosted: Tue Aug 29, 2006 10:03 am Reply with quote

Quote:

No hes not protected i've double checked to make sure

There are two ways to do this, by the way: 1) if they are set up as an Admin (author) and they are "Protected" in the Admin Auth List page, and 2) via the Protected Range Menu -> Add Protected Range. Both places need to be checked.

In addition, are you certain that in NukeSentinel's General Settings page that you do not have the "NukeSentinel(tm) Status:" switch set to "Disabled".

Quote:

Just looked at the Activate Settings for all the "Blocker Settings" and most of them are set to Email, Block and Default Page, Scripting Blocker was set to Email Admin. Do you think its wise to make them all the same apart from Admin?

IMO, the following should be set for full block: ADMIN, AUTHOR, CLIKE, UNION, Filters and Scripting. The others are more by personal preference.
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Wed Aug 30, 2006 3:04 am Reply with quote

If your user hit the 'back' button in the browser, surely he would have been looking at a cached page in any event?
So your saying he can still get access?
 
View user's profile Send private message Send e-mail
Ant
PostPosted: Wed Aug 30, 2006 4:05 am Reply with quote

Thx for the info montego, i'm going to have a look shortly. 1 thing I do know is I have checked the admins and theres only me listed, as for the other things i'm gonna look shortly, thx

Guardian, yes mate he hit the back button after receiving the "black screen of death" with the "Unknown Attack" warning on and is still visiting my site. He is a clan mamber and has been for some time now, otherwise i'd have banned him.
 
Ant
PostPosted: Wed Aug 30, 2006 4:11 am Reply with quote

Ive just tried to put the script in here for you to see and I get the same "black screen of death"!!! I also pressed the back button and, well i'm typing this now!! If you want to look at the coding i'll gladly email it to you guys, but it won't let me put it on here!!

Will you please let Raven know its me!!!

ANT
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©