Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.6.x
Author Message
bcracing
New Member
New Member


Joined: Jan 09, 2010
Posts: 6

PostPosted: Thu May 27, 2010 7:03 pm Reply with quote

In the last 7 days Sentinel seems to have gone crazy. I am running Platinum Nuke 7.6.b4 with Sentinel 2.6.0.1 and suddenly in the last few days it has tsrated blocking a LOT of my regular members simply as they switch pages from one downlod to another. What could be causing this?
 
View user's profile Send private message
sixonetonoffun
Spouse Contemplates Divorce


Joined: Jan 02, 2003
Posts: 2496

PostPosted: Fri May 28, 2010 6:46 am Reply with quote

Seriously you can't ask for help and expect to get any without supplying the info sentinel gives you and/or your members. The filter blocking ect... it will usually say what request triggered the block and we can work the issue back from there.

_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 
View user's profile Send private message
sixonetonoffun
PostPosted: Fri May 28, 2010 6:55 am Reply with quote

Side note its more important then ever to keep it active as my sites only been up since the 11th and its stopped 8 verified exploits.
 
bcracing
PostPosted: Fri May 28, 2010 9:23 am Reply with quote

It keeps claiming script attacks when a user completes a download and then tries to go to a new download. Here's a sample:

User Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; en)
AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7 Query String: name=Downloads GET String: name=Downloads POST String:
Remote Address: 122.106.149.23
Client IP: none
Forwarded For: none
Date Blocked: 2010-05-26 @ 13:17:18 MST GMT -0700 Block expires: Permanent

Another:

You have been blocked from entering this site.
You have attempted a Scripting attack on this site.
All of the following information has been gathered to assist the webmaster should this need to be reported to local or federal law enforcement.
If you think this is a mistake you can contact the site webmaster at bc(at)bcracingdesigns(dot)com.
Be SURE to include the following information in any email!
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.21022; .NET CLR 3.0.30729; OfficeLiveConnector.1.4; OfficeLivePatch.1.3; .NET CLR 3.5.30729; Creative AutoUpdate v1.40.01)
Query String: name=Downloads&d_op=viewdownloaddetails&cid=87&lid=402&ttitle=24_Jeff_Gordon_-_National_Guard_FaceBook
GET String: name=Downloads&d_op=viewdownloaddetails&cid=87&lid=402&ttitle=24_Jeff_Gordon_-_National_Guard_FaceBook
POST String:
Remote Address: 72.218.207.116
Client IP: none
Forwarded For: none
Date Blocked: 2010-05-25 @ 09:02:07 MST GMT -0700
Block expires: Permanent
________________________________________
PLEASE: bear in mind that even if you have done nothing wrong, you may be getting this page due to someone's misuse of the site in your ip range

I re-uploaded all my Sentinel files last night, and haven't gotten any new complaints yet today.
 
sixonetonoffun
PostPosted: Fri May 28, 2010 9:44 am Reply with quote

Just a quick guess but is this only on files with dashes in the name? -name
Also in Sentinel if you look at the blocked IP menu there is a pop up with the name of the blocker thats been triggered.
 
bcracing
PostPosted: Fri May 28, 2010 10:01 am Reply with quote

I'll check the files for dashes, that may very well be it. I have also noticed little things mesing up over time after a few hundred blocks where I may have to reupload the code for certain modules and this may be one of those cases - it seems to have cleared up at least partially since I reuploaded.

I'll talk to my other admins about removing the dashes...should we remove the underscores as well, or are those safe?
 
sixonetonoffun
PostPosted: Fri May 28, 2010 7:29 pm Reply with quote

If I remember underscores should be ok.
 
bcracing
PostPosted: Sat May 29, 2010 12:16 pm Reply with quote

It all seems to be that one download involving the number 33. We're going to completely remove it and do it over from scatch.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.6.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©