Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ Bug Reports
Author Message
shotokan
Worker
Worker


Joined: Aug 27, 2006
Posts: 172

PostPosted: Wed May 23, 2007 5:52 pm Reply with quote

After i have installed the NS and setup all the blockers i notice that the flood blocker is actually blocking at least 10 members a day which is very bad and they have been complaining a lot.

So i try increasing the number of seconds up to a point that i said... why should a have that with something more than 10 seconds or so, then i decided to ask for the real NS knowledge people which are the blockers that really make sense to have it on and ther is a couple of them that i really don't quite get why and if i would need to turn them on.

1. Flood - What is really this one intended and what is the risk i am running leaving this off?
2. Harvester - What is really this one intended and what is the risk i am running leaving this off?
3. Referer - What is really this one intended and what is the risk i am running leaving this off?
4. String - What is really this one intended and what is the risk i am running leaving this off?
5. Filters - What is really this one intended and what is the risk i am running leaving this off?
6. Clike - What is really this one intended and what is the risk i am running leaving this off?

The other I think i got the idea but i really want make sure i am ot overdoing the blockers by understanding the real meaning of those above. I did read the little explanation on the FAQ but i guess that was not quite enough for me to decide which one to use.

Thanks,

_________________
Shotokan 
View user's profile Send private message
Gremmie
Former Moderator in Good Standing


Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA

PostPosted: Wed May 23, 2007 9:14 pm Reply with quote

I never use flood. My impression is that it is something you turn on when you are getting a flood attack, otherwise it is too intrusive.

_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module 
View user's profile Send private message
shotokan
PostPosted: Thu May 24, 2007 8:23 am Reply with quote

Gremmie wrote:
I never use flood. My impression is that it is something you turn on when you are getting a flood attack, otherwise it is too intrusive.
That's a good advice Gremmie thanks.

But what about the others? Have turn them on?
 
Susann
Moderator


Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Thu May 24, 2007 9:08 am Reply with quote

Yes, turn the blockers on and use the search function for "flood blocker" maybe your settings for the flood blocker aren´t correctly.
 
View user's profile Send private message
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Thu May 24, 2007 9:10 am Reply with quote

Flood stops fast reloading of pages within a certain timeframe from one user... a flood. Really it may stop some traffic, but your server is still doing work. A proper Denial of Service flood will use many many connections, from many different users. Flood protection here is much more effective on the server level. Keeping it off won't hurt your site.

Harvester protection is used to stop robots from scanning your site. It most useful in preventing known harvesters of email addresses.. ala for spammers. Keeping it off won't hurt your site.

Referer protection is used to stop spam through referral messages. This is to add URLs into your stat logs. If those are published publically, then they are indexed and used to draw traffic for the spammers site. Keeping it off won't hurt your site.

String protection is used to stop specific strings from being posted. This is most effective for known spammer texts, URLs, etc. Keeping it off won't hurt your site.

Filters protection is used to block known abuses, much like the phpNuke's own protection. Code such as JavaScript should be properly filtered. Keep this on - it replaces the default phpNuke protection and could potentially increase your site's vulnerability if its off.

Clike protection is used to block known abuses, specifically the usage of C-like strings - comment code, etc. These are mainly used in SQL injection attacks. Keep this on - it replaces the default phpNuke protection and could potentially increase your site's vulnerability if its off.

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
shotokan
PostPosted: Thu May 24, 2007 9:24 am Reply with quote

evaders99 wrote:
Flood stops fast reloading of pages within a certain timeframe from one user... a flood. Really it may stop some traffic, but your server is still doing work. A proper Denial of Service flood will use many many connections, from many different users. Flood protection here is much more effective on the server level. Keeping it off won't hurt your site.

Harvester protection is used to stop robots from scanning your site. It most useful in preventing known harvesters of email addresses.. ala for spammers. Keeping it off won't hurt your site.

Referer protection is used to stop spam through referral messages. This is to add URLs into your stat logs. If those are published publically, then they are indexed and used to draw traffic for the spammers site. Keeping it off won't hurt your site.

String protection is used to stop specific strings from being posted. This is most effective for known spammer texts, URLs, etc. Keeping it off won't hurt your site.

Filters protection is used to block known abuses, much like the phpNuke's own protection. Code such as JavaScript should be properly filtered. Keep this on - it replaces the default phpNuke protection and could potentially increase your site's vulnerability if its off.

Clike protection is used to block known abuses, specifically the usage of C-like strings - comment code, etc. These are mainly used in SQL injection attacks. Keep this on - it replaces the default phpNuke protection and could potentially increase your site's vulnerability if its off.
That's was really great evaders. Thanks a lot.
 
shotokan
PostPosted: Sat May 26, 2007 2:15 am Reply with quote

Should "DOS Protection" be activated?

What is the "Santy Worm Protection" for?

What is teh "Site Swtich" for?
 
Susann
PostPosted: Sat May 26, 2007 1:06 pm Reply with quote

Well, SantyWorm was active before you registered here. It was in the year 2004 the hole was found in version 2.0.10 and Santy defaced 100.000 of sites but with the search function you´ll find a lot of topics about this problem or use google. The site switch is self explaining I think.
Its your decision to activate the Dos protection but I would use the option.
I also have activated Santy Worm protection that won't hurt.
 
Gremmie
PostPosted: Sat May 26, 2007 3:09 pm Reply with quote

DOS is denial of service. I think it is another one of those things that you turn on if you are currently under a DOS attack, otherwise it is fairly intrusive. If you are under a DOS it is better to have protection at the server level anyway, but there isn't a lot you can do really. It hopefully won't be a common occurrence for you. Wink Mine is off.

Santy Worm: Only registered users can see links on this board! Get registered or login!

I leave it off since it tripped up someone trying to register on my site with rush in his name I think. phpBB has been patched so it should not be a problem on a recent Nuke.

Site switch allows you to disable your site so that you can do maintenance, upgrades, or whatever. Only admins can access the site if it is disabled. It is very handy.
 
shotokan
PostPosted: Sun May 27, 2007 10:29 pm Reply with quote

Thanks gremmie

Now i got the site exchnge thing and agree with you.
I will leave the other off like you said.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ Bug Reports

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©