Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.4.x
Author Message
erisds
New Member
New Member



Joined: Sep 07, 2005
Posts: 11

PostPosted: Sun Sep 03, 2006 3:22 am Reply with quote

Hi Everyone,

I'm sorry, but I have a really n00bie question to ask Embarassed

I am totally new to Sentinel although I've been using and abusing phpnuke for years. Truth is, I'm pretty clueless to what its does, why and how it does it and I know I really need to do some reading up.

BUT my site has gone live and since one of the members of the game clan the site was made for has had trouble with being banned from part of the site, and I'm hoping someone will give me a hand so I can get it sorted quickly Rolling Eyes

So I have RavenNukes latest distro freshly installed with a custom theme and some nice extras like Gallery 2 and vWar: [ Only registered users can see links on this board! Get registered or login! ]

This particular member was rooting around in the FAQ and got banned and is since not allowed to access the FAQ.

There are no banned IP's at the moment and I have no idea where this information that he is banned is stored so I can unban him? I have told him to delete cookies and cache but that didn't seem to work.

So my question is. Why did Sentinel ban him, and how do I undo it?

Here is the orignal email I got sent from Sentinel (sensitive info hashed out):

Quote:
Date & Time: 2006-09-01 14:57:27 PDT GMT -0700
Blocked IP: ##.###.###.42
User ID: ####### (11)
Reason: Abuse-Script
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; YPC 3.2.0; .NET CLR 1.1.4322; yplus 5.3.02b) Query String: [ Only registered users can see links on this board! Get registered or login! ]
Get String: [ Only registered users can see links on this board! Get registered or login! ] Clan Post String: [ Only registered users can see links on this board! Get registered or login! ]
Forwarded For: none
Client IP: none
Remote Address: ##.###.###.42
Remote Port: 3482
Request Method: GET
--------------------
Who-Is for IP
##.###.###.42


Any help will be greatly appreciated,
Thanks,
Eris the N00b
 
View user's profile Send private message
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam

PostPosted: Sun Sep 03, 2006 5:43 am Reply with quote

If he can still see the site, then he was not banned - just got the warning message.
If his IP is not in the blocked IP table, then he didnt get banned - just got the warning.
Something in the url was not allowed, which is why he got the error warning - it might be the use of illegal characters - (PFB)+Clan.
You shouldnt be using vWar it is one of the most frequent scripts that hackers use to gain unauthorised access to your site.

Update you Sentinel version.
Are your forums up to date?
 
View user's profile Send private message Send e-mail
FireATST
RavenNuke(tm) Development Team



Joined: Jun 12, 2004
Posts: 654
Location: Ohio

PostPosted: Sun Sep 03, 2006 7:25 am Reply with quote

I believe there is a standalone version of Vwar that is outside of nuke that should help protect your site.
 
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number
fkelly
Former Moderator in Good Standing



Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Sun Sep 03, 2006 8:17 am Reply with quote

Just to clarify about where banned IP's go. The most convenient place to look for them is right in the NS administration screen. There is a blocked IP menu and then on that a command to display blocked IP's. There are also functions to unban them if you want. Then as Hitwalker mentioned there is a table whose name is $prefix_nsnst_blocked_ips where prefix is usually "nuke". There's also a blocked ranges table but that's probably not in play here. Finally, you can look right at the .htaccess file. There should be a list of "deny from" IP addresses. Most of the IP addresses that Sentinel bans get written there. That gives you a few places to check if the person keeps having problems.
 
View user's profile Send private message Visit poster's website
erisds







PostPosted: Sun Sep 03, 2006 8:33 am Reply with quote

Right,

Forums are up-to-date.
Sentinel is 2.4.2pl5 is there an update?

As for my problem it happens to everyone including me once i've logged out of admin. I haven't got sentinel set to ban them so they aren't being banned, however, Sentinel keeps stopping them from accessing pages which are auto-generated by standard Nuke.
So sentinel has a problem with URLs which are generated by the FAQ which is included in standard Nuke. Basically, sentinel doesn't like me having brackets in my category names???? So whats the point of having Sentinel if it stops me from using parts of nuke?

Also the block is for reason "abuse script" not "abuse string" ??
 
fkelly







PostPosted: Sun Sep 03, 2006 10:22 am Reply with quote

Looking at the code for Sentinel it appears that yes, Sentinel doesn't like you having brackets in your get string. The author would have to address the security reasons for that. I believe that the line in question is:

Code:
(eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||


from the section of Sentinel where it validates get strings. You could either modify the code or get rid of the brackets in your categories. Your choice of poison. Or you could get rid of Sentinel and get hacked. Another choice of poison.

As to updates, look on Nukescripts.net. There are a number of updates available. Read the download area closely because I believe you have to update in stages.

The next release of Ravennuke will have a current release of Sentinel built in and you might also want to consider waiting for that.
 
erisds







PostPosted: Sun Sep 03, 2006 12:14 pm Reply with quote

Thanks V. much for the info.

Removed my brackets from my categories. Slightly annoying but i'd like to keep the protection of Sentinel!
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.4.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©