Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
defibber
Hangin' Around


Joined: Apr 17, 2006
Posts: 46
Location: Kansas City Area

PostPosted: Thu Jan 11, 2007 12:43 pm Reply with quote

First off I would like to say thank you for your hard work, I have had Raven nuke on my website and my fire department site for almost a year with little to no trouble. The site is hosted at Hostgator. About a month or so ago, I started getting comments from people saying that they could not access the site. I was able to view it from the Fire station and home, we were still getting lots of hits and interactions on the site so I didn't think much of it right away. Well I have started getting more and more people having the same problem. "You are using an invalid IP to access this site". Hostgator tried on thier end with no luck so I looked around here and tried the changing the config file to TRUE, that worked, but I figured it wasn't a permanent fix. So I tried updating IP2C then I get banned. I have looked in the mysql table under blocked ip, not there, I looked in the htaccess and other files and nothing there either. What exactly does the Overlap do?

Thanks
 
View user's profile Send private message
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Thu Jan 11, 2007 2:27 pm Reply with quote

Quote:
So I tried updating IP2C then I get banned. I have looked in the mysql table under blocked ip, not there, I looked in the htaccess and other files and nothing there either. What exactly does the Overlap do


thats doesnt make any sense....

what sentinel version do you have?
 
View user's profile Send private message
defibber
PostPosted: Thu Jan 11, 2007 2:53 pm Reply with quote

I think it is 2.4.2pl5. Sorry about the confusion, I have a lot of things going on at once. Let me try this again.

1) People were getting "You are trying to access this site with an invalid IP" (something like this).

2) Cleared all of the banned/blocked IP addresses (People originally said they were banned)

3) Checked .htaccess , .staccess and there was nothing there about banned IP's.

4) Tried importing/updating IP2C

5) Nothing effected

6) looked around and saw a post talking about changing in the config.php file
Code:
$bypassNukeSentinelInvalidIPCheck = FALSE;
to
Code:
$bypassNukeSentinelInvalidIPCheck = True;

But from what I could tell that was a local machine fix and this was on a web host.

7) It worked, some of the people we able to see the site again. But I fugured this was a band-aid so I tried to keep working on it.

Cool Updated IP2C again and I was banned, people at the fire station are banned, other people can access the site.

9) I have looked into the Mysql for my IP address but in the blocked IP db it is empty. So I don't know what I did or what I need to do.
 
hitwalker
PostPosted: Thu Jan 11, 2007 3:01 pm Reply with quote

well maybe its better to just uninstall the old version and install the newest with all new ip2country...
then atleast you can be sure all will be fine...
 
defibber
PostPosted: Thu Jan 11, 2007 3:03 pm Reply with quote

How do you uninstall? All of Raven Nuke or just Nuke Sentinel. If there is already a post please point me to one. Thanks again.
 
Tao_Man
Involved
Involved


Joined: Jul 15, 2004
Posts: 252
Location: OKC, OK

PostPosted: Thu Jan 11, 2007 3:06 pm Reply with quote

To answer your question the overlap just checks to make sure you don't have an IP address registered to more then one country. It should have nothing to do with being banned. I guess if the IP2Country table got really messed up it could, You may want to blow that table away in phpmysql, since you have bypassNukeSentinelInvalidIPCheck = True it shouldn't be using it really anyway.

What is the message you are getting saying you are banned when you try to access the site, that may help narrow it down to server or Sentinel.

_________________
------------------------------------------
To strive, to seek, to find, but not to yield!
I don't know Kara-te but I do know cra-zy, and I WILL use it! 
View user's profile Send private message Visit poster's website
hitwalker
PostPosted: Thu Jan 11, 2007 3:09 pm Reply with quote

you can uninstall it by taking out the sentinel tables and its files....
 
defibber
PostPosted: Thu Jan 11, 2007 3:10 pm Reply with quote

You have been blocked from entering this site.

You have attempted an unknown attack on this site.

All of the following information has been gathered to assist the webmaster should this need to be reported to local or federal law enforcement.

If you think this is a mistake you can contact the site webmaster at webmaster(at)kearneyfire(dot)org.

User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1
Remote Address: 65.30.54.75
Client IP: none
Forwarded For: none
Date Blocked: 2007-01-11 @ 15:11:50 CST GMT -0600
Block expires: Permanent
NukeSentinel(tm) 2.4.2pl5 by: NukeScripts.net
 
defibber
PostPosted: Thu Jan 11, 2007 4:57 pm Reply with quote

All I can find are patch and updates for Sentinel.
 
Tao_Man
PostPosted: Thu Jan 11, 2007 5:12 pm Reply with quote

If I were you, (which I am not of course). I would download the full install on Nuke Sentinel 2.5.04 Only registered users can see links on this board! Get registered or login!

then just reinstall Sentinel from the top, delete the tables and files and reinstall the files and tables.

I would do this instead of running all the upgrade patches since 2.4.2pl5 came out.

Again this is me not you....but you are running an old version on Sentinel and it is Sentinel that is banning you from your site. I woulid upgrade to the newest version and see if that fixes the problem.

p.s. just saw a newer version of ip2c is out 1.5.07 so after reinstalling Sentinel download the diff file Only registered users can see links on this board! Get registered or login!
and run that also. I am going to run that myself right now.


Last edited by Tao_Man on Thu Jan 11, 2007 5:15 pm; edited 1 time in total 
defibber
PostPosted: Thu Jan 11, 2007 5:15 pm Reply with quote

Ok, thanks, that's what I was thinking about doing. I had already started the process
 
defibber
PostPosted: Thu Jan 11, 2007 6:06 pm Reply with quote

Ok, I droped the tables, but they did not come back.. did I miss something? Other than the the website is up and running I just don't know how secure it is.

PS DO I do the NSTN Installer?
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Thu Jan 11, 2007 9:40 pm Reply with quote

Yes you need the installer script that comes with Sentinel to reinstall the tables

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
defibber
PostPosted: Thu Jan 11, 2007 10:44 pm Reply with quote

Ok, I think I got it. I delete all the extra files right?
 
Gremmie
Former Moderator in Good Standing


Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA

PostPosted: Fri Jan 12, 2007 11:55 am Reply with quote

Personally I would also keep the $bypassNukeSentinelInvalidIPCheck = True; in my config.php file. I tried going without it, but even after keeping the IP2C tables up to date I was getting too many complaints from legit users about getting blocked.

_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module 
View user's profile Send private message
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Wed Jan 24, 2007 7:54 pm Reply with quote

I think maybe we have an "urban legend" going on in these Forums with respect to the invalid IP issue. After a user at my test site complained, I started looking at reimporting the IP2country data because that seems to be the solution recommended here. But I'm not sure.

I have tried tracing back thru Nukesentinel.php to determine the origin of this message. The immediate kick off for the message being generated (and I'm using the latest 2.5.05 code) is this:

Code:
// Invalid ip check

if(isset($bypassNukeSentinelInvalidIPCheck) AND $bypassNukeSentinelInvalidIPCheck) {;}
elseif($nsnst_const['remote_ip']=="none") {
  echo abget_template("abuse_invalid.tpl");
  die();
}


That's at line 118. So then we'd need to see how 'remote_ip' gets set to "none". It's tracing this that leads into a labyrinth of functions starting with get_ip. I have to confess that I can't follow all the logic in there. I know that at one point there is a get_remote_addr function that in turn calls a get_env function which should be returning the $_SERVER(remote_addr) which according to the documentation for PHP should be the IP of the client. So if that's missing I guess we could get an invalid IP. But looking at the logic in get_ip has me baffled and I'm just not sure what conditions would lead to this error.

Perhaps at some point we can get Bob or Gaylen to offer us an explanation, or perhaps someone else who knows about this can assist because it does seem to be a very common and vexing problem that's leading knowledgeable folks to just turn off the feature. Does this problem have any relation to IP2country and IP addresses that might be missing from there? Or is it somehow the client's failure to send a valid IP that's causing this? Or something else entirely?

It's also probably worth noting that the import IP2country feature in Sentinel now imports all the countries automatically contrary to the appearance of the screen where it leads you to think you have to pick the countries one by one. At least I think it's importing IP2country data but some clarification on that might be in order too.
 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©