Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
Serafim
Worker
Worker


Joined: Mar 25, 2006
Posts: 109
Location: Delaware Usa

PostPosted: Fri Apr 14, 2006 11:13 am Reply with quote

I have a question regarding blocking ip addys.. I was reviewing my server logs which I do on a daily basis and I saw a few ips I did not recognize. One was from the uk and was a site view as they only viewed my index.php.. The other was from Vienna Virginia and they viewed the index.php and Admin.php.. Why weren't they blocked?? Anyways I added them manually.. Is this a bad practice?? Am I being over protective?? As I am a newbie Im not sure what is really a legit issue and what is not.. I gain all my knowledge from veteran Nukers

_________________
Image 
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9456
Location: Arizona

PostPosted: Fri Apr 14, 2006 12:30 pm Reply with quote

You don't have a link to your admin.php from your main index page do you? Regardless, with HTTPAuth they should not get in AND if they had tried to go "deeper" than admin.php by providing a "op" command, then, yes, they would have been blocked!

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Serafim
PostPosted: Fri Apr 14, 2006 5:06 pm Reply with quote

Thanks I will take that as I should have blocked them then.. There i no link to my Admin page.. So this person knew what to look for..
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Fri Apr 14, 2006 9:25 pm Reply with quote

Usually robots.. you can ignore them. Or like I do on some sites, rename the admin script and make the admin.php autoban anyone that even tries to hit it Smile

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6793
Location: Ha Noi, Viet Nam

PostPosted: Sat Apr 15, 2006 6:44 am Reply with quote

Out of curiosity, what do you have in your robots.txt file ?

What I tend to do is view my tracked IP's via Sentinel - anything showing more than 50 hits gets investigated and if I find that more than 50 hits were logged during one day AND they were only hitting index.php I lookup there whois data.
If I dont 'feel' that IP has a legitimate reason for hitting index.php like that I ban it.
 
View user's profile Send private message Send e-mail
Serafim
PostPosted: Sat Apr 15, 2006 8:56 am Reply with quote

Here is the contents of my robots.txt. I believe you helped me with this subject as well.

User-agent: *
Disallow: /modules.php?name= [Edited by Guardian]
Disallow: /abuse/
Disallow: /admin/
Disallow: /blocks/
Disallow: /cgi-bin/
Disallow: /db/
Disallow: /images/
Disallow: /includes/
Disallow: /language/
Disallow: /modules/
Disallow: /themes/
Disallow: /admin.php
Disallow: /config.php
Disallow: /conf/
Disallow: /chat/
Disallow: /other/
Disallow: /scripts/

I hve been looking around a few search engines and I was amazed to see exactly what has been crawled prior to my updating the robots.txt I had to manually add a bot called inktomi slurp to my harvester list. They have crawled my site several times using various ips
 
guidyy
Worker
Worker


Joined: Nov 22, 2004
Posts: 208
Location: Italy

PostPosted: Sat Apr 15, 2006 12:00 pm Reply with quote

well, you kicked out yahoo.... Very Happy
 
View user's profile Send private message Visit poster's website MSN Messenger
Guardian2003
PostPosted: Sat Apr 15, 2006 12:01 pm Reply with quote

Robots.txt is good.
inktom/Slurp/inktomisearch.com can be a real pain.
Adding 'Slurp' (without the single quotes) to Sentinels referer blocker should banish the majority.
 
Serafim
PostPosted: Sat Apr 15, 2006 4:19 pm Reply with quote

LOL thanks for editting that line of code Gaurdian I never even thought about editing out that line.. Will add the slurp and pay close attention to high volume hits that are not trusted members.. Thanks for all the guidance everyone I guess Im a bit ban happy.. But I will say its far better to be safe than sorry.. My question has once again been answered thanks again.....
 
Guardian2003
PostPosted: Sat Apr 15, 2006 5:06 pm Reply with quote

No problem.
For the sake of completeness, Slurp and Intomi are bots associated with Yahoo.
The main issue arises because Yahoo makes its bots available for others to use, so therefore they can be quite bandwidth hungry at times.
 
guidyy
PostPosted: Sat Apr 15, 2006 11:38 pm Reply with quote

Guardian2003 wrote:
Robots.txt is good.
inktom/Slurp/inktomisearch.com can be a real pain.
Adding 'Slurp' (without the single quotes) to Sentinels referer blocker should banish the majority.


You are right, it can be a pain.. but since 60% of my traffic comes from yahoo seach i'm more than happy to have a dozen of inktomi bots hanging around 24/7 Very Happy
Guido
 
Serafim
PostPosted: Sun Apr 30, 2006 9:52 am Reply with quote

I do not have issue with yahoo. But there bots are not following the robots text so they will get the boot. I was amazed to see just what info they had posted when I searched my site in there search engine. I do offer yahoo search though. I may remove that as well kinda seems unfair lol. But if they complied with the robots text this would not be an issue..
 
Adrenalizer3
Regular
Regular


Joined: Jun 22, 2003
Posts: 54

PostPosted: Fri Dec 01, 2006 8:41 pm Reply with quote

Quote:
What I tend to do is view my tracked IP's via Sentinel - anything showing more than 50 hits gets investigated and if I find that more than 50 hits were logged during one day AND they were only hitting index.php I lookup there whois data.
If I dont 'feel' that IP has a legitimate reason for hitting index.php like that I ban it.


My question is this:

I have someone who is staying on my site for long periods of time but I cant tell who it is because their IP address shows as none () in Sentinel.

When I view display tracked IPs in one day I had 153 hits. This makes me suspicious but obviously when I do a who-is there is no information on this person sitting at my site. Maybe he's enjoying the music? LOL How do I pin point this IP and ban them? I am assuming it's a guest and not a registered user? If a user how do I find out. Please help.

Thanks guys!
 
View user's profile Send private message
evaders99
PostPosted: Fri Dec 01, 2006 10:37 pm Reply with quote

I'm surprised the tracked IP isn't working. There is an IP Tracking module that I've seen, also I believe MS_Analysis can give you that data. Perhaps some other security addons to.

Besides that, you'd have to go to the server level.. access logs that may or may not be provided by your host
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©