Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
welshmark
New Member
New Member


Joined: Mar 27, 2009
Posts: 6

PostPosted: Fri Mar 27, 2009 3:08 pm Reply with quote

Hi I am having a great deal of trouble accessing my site using my mobile phone.
When I try I get "Your Attention Please! You have attempted to access this site with an invalid User Agent."
Then it says
Be sure to include the following information in any email.
User Agent: none
Remote Access: 212.183.134.209
Client IP:none
Forwarded for:none"

I have no idea where to start resolving this issue.

The strange thing is I am using a Samsung F480V on the Vodafone network in the UK. Others with the same phone, network can access it fine.

Confused

Any help would be appreciated
 
View user's profile Send private message
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Fri Mar 27, 2009 7:00 pm Reply with quote

Suggest you disable the NukeSentinel Harvester blocker or find the correct User Agent line that is blocked and remove it

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
welshmark
PostPosted: Sat Mar 28, 2009 4:12 am Reply with quote

Thanks for your reply.
I tried disabling the Harvestter Blocker but it made no difference. I this disabled each in the list one at a time. Still no difference. I then disabled NukeSentinel and I could get in.
So Im stuck
 
nuken
RavenNuke(tm) Development Team


Joined: Mar 11, 2007
Posts: 2024
Location: North Carolina

PostPosted: Sat Mar 28, 2009 4:18 am Reply with quote

Does NukeSentinel show your mobile IP as blocked? if so, remove it from the blocked list and try it again.

_________________
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website
welshmark
PostPosted: Sat Mar 28, 2009 10:16 am Reply with quote

No it doesnt. And its not in any blocked ranges

Thanks
 
floppydrivez
Involved
Involved


Joined: Feb 26, 2006
Posts: 340
Location: Jackson, Mississippi

PostPosted: Sat Mar 28, 2009 3:09 pm Reply with quote

What mobile browser are you using? Any different from what others are using that can access it?

Could we protect the ip your phone uses from sentinel (if we know it)?

_________________
Only registered users can see links on this board! Get registered or login!, Only registered users can see links on this board! Get registered or login!, Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger
welshmark
PostPosted: Sat Mar 28, 2009 5:33 pm Reply with quote

I am using a Samsung F480V. I have no idea what the browser is. Strangely other F480Vs work perfectly well. I seem to have a dynamic IP address on it so presumably so does everyone else on the vodafone network. The guys at Vodafone have tried it and they have no problem either. It seems MY phone is disliked by NukeSentinel (or am I getting paranoid Wink )

I did try protecting the IP that I was using and then refreshing (Like i did when I disabled NukeSentinel) but that didn't work either Sad

Thanks
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9453
Location: Arizona

PostPosted: Sun Mar 29, 2009 8:47 am Reply with quote

Sounds like there is some program on your phone that is masking your user agent. It is showing as "none", so I suspect that is why it is throwing this message. I know that there are PC based anonymizers which do this. Is there an equivalent running on your phone?

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
welshmark
PostPosted: Sun Mar 29, 2009 12:34 pm Reply with quote

No nothing like that. This is a new phone. I have not added any software to it yet.

Is there a way to set NukeSentinel to accept none in the User Agent?

Thanks
 
montego
PostPosted: Tue Mar 31, 2009 6:40 am Reply with quote

Although I do not advocate this change as the issue is with your phone or provider and not NukeSentinel, but it is up to you. You can comment out the following code within includes/nukesentinel.php and probably get rid of that problem for you (but essentially get no "invalid user agent" checking any longer... period.):

Code:


// Invalid user agent
if(($nsnst_const['user_agent']=="none" AND !stristr($_SERVER['PHP_SELF'], "backend.php") AND ($nsnst_const['remote_ip'] != $nsnst_const['server_ip'])) || $nsnst_const['user_agent']=="-") {
  echo abget_template("abuse_invalid2.tpl");
  die();
}
 
welshmark
PostPosted: Tue Mar 31, 2009 3:27 pm Reply with quote

That sounds like the thing I was looking for. Before I do it though it sounds like there are some risks involved with this method. Could you tell me what the problim is and what the likely effect of doing this would be.

Many Thanks

Welshmark
 
montego
PostPosted: Thu Apr 02, 2009 6:41 am Reply with quote

The problem is that something is blanking out your User Agent on either the phone end or somehow with the provider. That is the bottom line.

The likely effect of the above change is that you will no longer have this check done any longer, so basically any user agent at all can access your site, including one without. This check helps to reduce the number of automated programs checking your site for exploits. However, how much is that worth these days? I would suspect that most hackers/spammers have wised up by now and are providing valid (faked) user agents, so just how much is it stopping? Not sure.

Although I haven't checked out all the related code, I suspect that this will not stop the Harvestor Blocker's functionality, so you may not lose that.
 
horrorcode
Involved
Involved


Joined: Jan 17, 2009
Posts: 272
Location: Missouri

PostPosted: Fri Apr 17, 2009 5:51 pm Reply with quote

I have a question along these lines. This is the user agent:
Quote:
Mozilla/3.0 (compatible; WebCapture 2.0; Auto; Windows)


Is Mozilla/3.0 really a known harvester? I would assume it has to be correct but, is there any chance of users running under this agent?

Same goes for WebCap, botsvsbrowsers.com says it is not a bot, sentinel says it is. Tested the agent and sure enough sentinel is blocking IPs under that agent.

Reason I ask is I get hits like this one that look valid:

Quote:
User Agent: Mozilla/3.0 (compatible; WebCapture 2.0; Auto; Windows)
Query String: name=Forums
Get String: name=Forums
Post String: Not Available


But dont want to allow all harvesters, for example some are libwww-perl... Any suggestions?
 
View user's profile Send private message
bluerace
Regular
Regular


Joined: Apr 04, 2009
Posts: 85
Location: Behind you

PostPosted: Fri Apr 17, 2009 6:07 pm Reply with quote

I had had similar experience.
In my memory, I changed my mobile and it worked.
I guess the firm ware on your mobile should be upgraded or changed.

I couldn't figure out my similar problem but it works now.

_________________
Make stupid PHP-NUKE Smart, that's my favorite chore in Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
spasticdonkey
RavenNuke(tm) Development Team


Joined: Dec 02, 2006
Posts: 1693
Location: Texas, USA

PostPosted: Sat Apr 18, 2009 8:25 am Reply with quote

if you end up disabling user agent checking in nukesentinel, you could add some blocking in htaccess to regain some protection. This is not a current list so you might want to reseach, but heres the basic idea:

Code:
RewriteEngine on

RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.* - [F,L]
 
View user's profile Send private message Visit poster's website
horrorcode
PostPosted: Sat Apr 18, 2009 1:53 pm Reply with quote

For now I have the harvester blocker set to 1 day instead of permanent, and disabled it saving to htaccess. I've been trying to watch close enough and it seems 99% of the agents/IPs that are blocked are one time visits, so it might not be much of an issue, still curious though.

spasticdonkey, If I were to go that route, would that mean using the above by montego? Or would I remove all the harvesters, or just disable the harvesters blocker?

What does the last line do,

Quote:
RewriteRule ^.* - [F,L]
 
spasticdonkey
PostPosted: Sat Apr 18, 2009 8:18 pm Reply with quote

adding that to your htaccess will block those user agents before they even get to sentinel. so you can use it either way, but i think it's a good idea if you use montego's edit.

and the last line blocks access for the above agents Smile

this is a good site with examples of things you can do with htaccess Only registered users can see links on this board! Get registered or login!
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©