blocked IP : none..

Posted: Sun Apr 15, 2007 7:27 am

one member is beeeing blocked bij sentinel (2.5.05 had no time to upgrade)

Only there is no IP
this is from Sentinel :

Blocked IP: none...
User: Anoniem
Agent: Opera/8.52 (Windows NT 5.1; U; en)
Blocked on: 2007-04-06 02:04:34
Notes: Added by NukeSentinel(tm)
Reason: Abuse-Filter

Query String:
Get String:
Post String:
Forwarded For: none
Client IP: none
Remote Address: 65.110.43.33
Remote Port: 53196
Request Method: GET

Query string = [ Only registered users can see links on this board! Get registered or login! ]

Get string = [ Only registered users can see links on this board! Get registered or login! ]

Post string = [ Only registered users can see links on this board! Get registered or login! ]

what can i do to prevent this block.

the remote adres is not the IP from the user.

Sells PC To Pay For Divorce Joined: Posts: 5661

and where comes the intel address comes from ?

Posted: Sun Apr 15, 2007 1:28 pm

thats the question..

the member getting blocked is a respected and valued member.

Why he is beeing blocked....
When unblocked, a few days no problem.

could he have a trojan on his PC which enters this??

Posted: Sun Apr 15, 2007 1:34 pm

no...but i dont have a clue where it comes from...and the total url doesnt make any sense either.
i suggest you take a closer look in your statistics and sentinel...

Posted: Sun Apr 15, 2007 1:51 pm

Code:

OrgName:    Sago Networks


OrgID:      SAGO


Address:    4465 W. Gandy Blvd.


Address:    Suite 800


City:       Tampa


StateProv:  FL


PostalCode: 33611


Country:    US





NetRange:   65.110.32.0 - 65.110.63.255


CIDR:       65.110.32.0/19


NetName:    SAGO-20030401


NetHandle:  NET-65-110-32-0-1


Parent:     NET-65-0-0-0-0


NetType:    Direct Allocation


NameServer: NS1.SAGONET.COM


NameServer: NS2.SAGONET.COM


Comment:    


RegDate:    2003-04-07


Updated:    2003-10-13





RTechHandle: ZS203-ARIN


RTechName:   Sago Networks


RTechPhone:  +1-866-510-4000


RTechEmail:  65.110.43.33&email=0' border='0' align='middle'>





OrgTechHandle: TECHN20-ARIN


OrgTechName:   Technical Support


OrgTechPhone:  +1-866-510-4000


OrgTechEmail:  





CustName:   Alexej Valer'evich


Address:    Vostok 36


City:       Minsk


StateProv:  8. Customer Postal Code: 220020


PostalCode:


Country:    BY


RegDate:    2006-10-24


Updated:    2006-10-24





NetRange:   65.110.43.30 - 65.110.43.39


CIDR:       65.110.43.30/31, 65.110.43.32/29


NetName:    SAGO-65-110-43-30


NetHandle:  NET-65-110-43-30-1


Parent:     NET-65-110-32-0-1


NetType:    Reassigned


Comment:    NOCWorx SWIP Interface v1.5 - http://interworx.info


RegDate:    2006-10-24


Updated:    2006-10-24





RTechHandle: ZS203-ARIN


RTechName:   Sago Networks


RTechPhone:  +1-866-510-4000


RTechEmail:  





OrgTechHandle: TECHN20-ARIN


OrgTechName:   Technical Support


OrgTechPhone:  +1-866-510-4000


OrgTechEmail:  





# ARIN WHOIS database, last updated 2007-04-14 19:10


# Enter ? for additional hints on searching ARIN's WHOIS database.

this is from a whois.

still checking.

Posted: Sun Apr 15, 2007 9:44 pm

I've seen this too. I believe it is a hacker looking for exploitable sites.
It does not mean your user is initiating this, though I wonder why Sentinel has given that username if the user is indeed not doing this.

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Client IP: none

Are you using the $bypassNukeSentinelInvalidIPCheck=TRUE? Otherwise you will get that error. If you are not using RavenNuke(tm), then search the forums for what line to comment out in includes/nukesentinel.php.

Posted: Mon Apr 16, 2007 10:49 am

For those who are not using RavenNuke, you can add

$bypassNukeSentinelInvalidIPCheck = true;

to your config.php file.

Posted: Mon Apr 16, 2007 5:42 pm

This latest post is true only with the later NukeSentinel releases, but if you are NOT on the latest release, you SHOULD BE. Wink