Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x
Author Message
JoAnne
Worker
Worker


Joined: Oct 18, 2005
Posts: 127
Location: NYC

PostPosted: Sun Jan 14, 2007 10:01 am Reply with quote

I would like to block any IP that tries to access my site by entering this url in order to do so:

/modules.php?name=Forums&file=weblog&w=2

Is this possible?


....:::don't know if this question is in the right forum, I never seem to do that correctly Embarassed and I tried searching first Confused ::::.....


JoAnne ~
 
View user's profile Send private message Visit poster's website
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Sun Jan 14, 2007 10:19 am Reply with quote

chances are other will be blocked....
or is that the intention ?
 
View user's profile Send private message
JoAnne
PostPosted: Sun Jan 14, 2007 10:49 am Reply with quote

hitwalker wrote:
chances are other will be blocked....
or is that the intention ?


Thanks Hitwalker

Yes.... everyone who tries to access directly through that url

....seems to be the way for spammers to inject their lovely advertisements directly into the blogs Mad

I have been manually blocking each one.... but it would be great to automate it Wink
 
hitwalker
PostPosted: Sun Jan 14, 2007 10:57 am Reply with quote

i think its hard cause you cant put in any refer,and blocking by rule in sentinel or directly in the htaccess will lead to innocent banned people...
but how come that blog is easy to spam ?
 
JoAnne
PostPosted: Sun Jan 14, 2007 11:07 am Reply with quote

hitwalker wrote:
i think its hard cause you cant put in any refer,and blocking by rule in sentinel or directly in the htaccess will lead to innocent banned people...
but how come that blog is easy to spam ?


I have taken the blog down, but I get an average of 5-10 trying to access it directly each day. If they are trying to access the site directly through that url, then I want them blocked. If that IP can't add their spam that way, then they will be back with yet another way to try and spam, so why not block them now before they come up with another way. Confused
 
hitwalker
PostPosted: Sun Jan 14, 2007 11:51 am Reply with quote

well no rule will ban them automatically...
and the blog thing....yes now i understand...
there are a few scripts outhere that auto submit on certain scripts,phpbb is one of them ...
you can put a rewrite rule in the htaccess that sends them to japan if needed...
banning is useless cause they use millions of bogus ip's

you can use :

Redirect permanent /modules.php?name=Forums&file=weblog&w=2 Only registered users can see links on this board! Get registered or login!
 
jakec
Site Admin


Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom

PostPosted: Sun Jan 14, 2007 12:16 pm Reply with quote

I like that!!! Very Happy
If you really want them to get banned just changed the redirect to a page that Sentinel will ban them for accessing.
 
View user's profile Send private message
JoAnne
PostPosted: Sun Jan 14, 2007 3:00 pm Reply with quote

hitwalker wrote:

you can put a rewrite rule in the htaccess that sends them to japan if needed...banning is useless cause they use millions of bogus ip's

you can use :

Redirect permanent /modules.php?name=Forums&file=weblog&w=2 Only registered users can see links on this board! Get registered or login!


Laughing ..... that is funny as quite a few of the IPs are from Japan, not all of them, but quite a few ..... Laughing


Thanks Hitwalker
 
hitwalker
PostPosted: Sun Jan 14, 2007 3:06 pm Reply with quote

well put a nice irritating web address and that will do..
realise they will never notice that cause its automated junk...
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9456
Location: Arizona

PostPosted: Mon Jan 15, 2007 11:22 pm Reply with quote

JoAnne, just make sure that your normal users don't need that URL "string" to use the tool!

I have done a similar thing with Web Links as they were trying to spam them every chance they got. I happened to notice in the access logs that their referrer was always blank! I also noticed that a normal user would really only be able to reach the link from WiTHIN my site (so it would always have a referer) and the chances of a user bookmarking the exact URL to post into was just too remote a possibility.

Here is what I did:

Code:


RewriteCond %{HTTP_REFERER} ^$
RewriteCond %{QUERY_STRING} ^(.*)name=Web_Links(.*)
RewriteRule ^.*$ http://127.0.0.1 [R=301,L]


However, I had to make the "call" that I would not let anyone bookmark in their browser directly to the Web Links module. I can live with that...

But, keep in mind, this ONLY works if the HTTP_REFERER is blank.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
JoAnne
PostPosted: Fri Jan 19, 2007 7:44 am Reply with quote

Hey montego

No one should need to directly or indirectly access that weblog. Thanks, I will try your suggestion as well Cool


I have been manually blocking any IP that used that url string to try to gain access. One IP I banned 62.141.53.139 on 01/06/07 tried to access it again last night, shouldn't I not see that? How could they try to do it again if they were banned? Confused



JoAnne
 
hitwalker
PostPosted: Fri Jan 19, 2007 7:48 am Reply with quote

you have to stop them at server level, that means atleast in the htaccess file.
but to wake you up a bit.....
these are not people but forums and blog spambots...
when they run the script they automatically visit your site again...
they never refresh or renew their info....
 
JoAnne
PostPosted: Fri Jan 19, 2007 7:58 am Reply with quote

hitwalker wrote:
you have to stop them at server level, that means atleast in the htaccess file.
but to wake you up a bit.....
these are not people but forums and blog spambots...
when they run the script they automatically visit your site again...
they never refresh or renew their info....


Hey Hitwalker

I knew they were spambots, even though I do need to wake up a bit more ...... Image Laughing Wink

I thought by entering them into NukeSentinel, that I was stopping them. By banning an IP in NukeSentinel, what am I banning them from? Am I wasting my time by doing this?

Thanks for your help
 
hitwalker
PostPosted: Fri Jan 19, 2007 8:02 am Reply with quote

no your not wasting time but check if the ip's are also written to the htaccess..
 
JoAnne
PostPosted: Fri Jan 19, 2007 7:39 pm Reply with quote

hitwalker wrote:
no your not wasting time but check if the ip's are also written to the htaccess..


No.... the IPs that I add to NukeSentinel are not being written to the .htaccess file, should they be or do I have to them to that file manually? Am I doing something wrong?

Thanks

JoAnne
 
hitwalker
PostPosted: Fri Jan 19, 2007 7:42 pm Reply with quote

as far as i know of it should....
but check your settings in sentinel...!
that it writes to the htaccess file as well...
otherwise its indeed a bit useless...
 
JoAnne
PostPosted: Fri Jan 19, 2007 8:18 pm Reply with quote

hitwalker wrote:
as far as i know of it should....
but check your settings in sentinel...!
that it writes to the htaccess file as well...
otherwise its indeed a bit useless...


My Bad ...... I had a typo in the path to the .htaccess file... DUH!

I fixed it, tested it and it works fine now...

Sorry Embarassed

Thank you so much for your help!

JoAnne
 
hitwalker
PostPosted: Fri Jan 19, 2007 8:20 pm Reply with quote

happy banning.... killing me
 
Dauthus
Worker
Worker


Joined: Oct 07, 2003
Posts: 211

PostPosted: Fri Jan 19, 2007 9:17 pm Reply with quote

I know I may be a little late here, but why not just set the Reply permissions in the Blog CP to registered users. You can put the view permissions to Guests and then everyone can see it, but no one can reply (comment) unless they are a registered user.

You will have to watch the shout box though.

Afterthought: If you want to keep guests from accessing the shoutbox, (not displaying the shoutbox causes the page to break), you can open your weblog.php file and comment out line 250 and on the next line add:

Code:
message_die(GENERAL_ERROR, 'Guests are not allowed to post in the shoutbox');


Then guests can view the blog, but when they try to submit something to the shoutbox, they received the error.

_________________
Only registered users can see links on this board! Get registered or login!
Vivere disce, cogita mori 
View user's profile Send private message Visit poster's website
JoAnne
PostPosted: Sat Jan 20, 2007 2:16 am Reply with quote

Hey Dauthus

The ported Blog Mod/Weblogs for PHPNuke has alot of security holes. Naturally, I had started out with above settings of guests viewing and only registered users adding comments, etc. etc. I removed the shout boxes. No matter what I did, there was always a way for the hackers and spammers to find a way to get through.

I have removed the Blogs from my sites until someone ports the Blog Mog/Weblogs to PHPNuke and maintains it with the necessary upgrades for the latest vulnerabilities.

My reason for wanting to ban the IPs that are still trying to enter the Weblogs, even though I have them turned off, is that I feel they are malicious IPs and will not stop at the blogs and that they will continue to find ways to hack or spam in some way or another. I know I can not ever stop them all, but if I can stop just a few... who knows Rolling Eyes

.....:::::with a false sense of security::::......


JoAnne
 
Dauthus
PostPosted: Sat Jan 20, 2007 10:15 am Reply with quote

That's ok. I use the blog Mod, and had problems in the beginning with spammers in the shoutbox. Sure, bots will try to access any page they spider, but just because they attempt to visit doesn't mean they get through or they are attempting to hack a site. They are just doing their jobs.

Since I implemented the changes I gave to you, I have been able to use the blog without problems, and keep the bot spamming at bay.
 
JoAnne
PostPosted: Sat Jan 20, 2007 10:19 am Reply with quote

Dauthus wrote:
That's ok. I use the blog Mod, and had problems in the beginning with spammers in the shoutbox. Sure, bots will try to access any page they spider, but just because they attempt to visit doesn't mean they get through or they are attempting to hack a site. They are just doing their jobs.

Since I implemented the changes I gave to you, I have been able to use the blog without problems, and keep the bot spamming at bay.


Which version of the Blog Mod are you using and who ported it to PHPNuke?

Thanks

JoAnne
 
Dauthus
PostPosted: Sat Jan 20, 2007 10:32 am Reply with quote

As best as I can tell, this one:

Powered by the Blog Mod version 0.2.x by Hyperion
A port for PHP-Nuke by BBtoNukeMods with enhancements from NukeKorea Dev. Network © 2003-2005
 
JoAnne
PostPosted: Sat Jan 20, 2007 10:47 am Reply with quote

Dauthus wrote:
As best as I can tell, this one:

Powered by the Blog Mod version 0.2.x by Hyperion
A port for PHP-Nuke by BBtoNukeMods with enhancements from NukeKorea Dev. Network © 2003-2005


That is the one I have. The Blog Mod has been updated a few times since that as some security vulnerabilities had been found by Hyperion. I was going to update it myself, but have not had the time. I really wish Raven would take that project on, I would feel much better with a version from him Wink

JoAnne
 
guidyy
Worker
Worker


Joined: Nov 22, 2004
Posts: 208
Location: Italy

PostPosted: Sun Jan 21, 2007 12:21 am Reply with quote

Just my 2 cents:
In sentinel, also add in the string blocker the most used words used by spammers
cialis, viagra, phentermine, levitra etc...
mail.ru cachette.com are a "must" too...
Since I did, i saw spam going down by 80% and love it Smile
 
View user's profile Send private message Visit poster's website MSN Messenger
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©