Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
Muffin
Client


Joined: Apr 10, 2004
Posts: 649
Location: UK

PostPosted: Sun Jul 25, 2004 7:03 am Reply with quote

Can someone explain what each of the groups are that Sentinel protects us from

I know Authors are people trying to hack into our sites either via Admin or other ways, and Harvesters are bots that go round sites getting email addresses and things to use for companies to send us spam for their products (I think), but I dont have a clue what the others are or what they do.

Anyone want to educate me please? Thanks.
 
View user's profile Send private message
BobMarion
Former Admin in Good Standing


Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)

PostPosted: Sun Jul 25, 2004 9:29 am Reply with quote

A quick run down:
Admin Blocker: attacks that target the nuke_authors table.
CLIKE Blocker: Comment Like attacks that use / * to inject into your database.
UNION Blocker: Attavcks that use the union command to inject into yoru database.
Filters Blocker: Primarily for XSS attacks.
Harvester Blocker: Blocks the use of selected user agents, like you pointed out bots that harvest email addresses, graphics, and other data they can get to.
Referer Blocker: Block selected sites from referering visitors to yoru site, I person wrote this to block the use of Anonymizers that use porno site as referers.
Scripting Blocker: Blocks the use of many html tags that could be used to breach your site.
Request Method Blocker: Allows you to prevent the use of request methods such as HEAD, SEARCH, but do not use it to block POST or GET since you will crash you site on those two.
String Blocker: Allows a webmaster to block any string that they feel could be hack attempts from the query string.

_________________
Bob Marion
Codito Ergo Sum
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website
sixonetonoffun
Spouse Contemplates Divorce


Joined: Jan 02, 2003
Posts: 2496

PostPosted: Sun Jul 25, 2004 9:30 am Reply with quote

Bob beat me to it lol

_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 
View user's profile Send private message
BobMarion
PostPosted: Sun Jul 25, 2004 9:38 am Reply with quote

Smile
 
Muffin
PostPosted: Sun Jul 25, 2004 9:50 am Reply with quote

Many thanks I understand now.

So with the Request Method Blocker does that have to be set to ON even tho there is nothing in the text box where you can put request methods, or is it best to leave this switched off?

Thats the one that confuses me the Request Method Blocker lol
 
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Sun Jul 25, 2004 9:52 am Reply with quote

I really like the pop-up help in 2.0. Thanks! Why not take the info Bob provided and put similar help for the various settings / group? Beyond that and the existing installation guide and the current help, additional documentation may not be necessary.

Also, (VERY low priority) check the spelling of "strings" in the help text for string list in the String Blocker settings.
 
View user's profile Send private message
GeekyGuy
Client


Joined: Jun 03, 2004
Posts: 302
Location: Huber Heights Ohio

PostPosted: Sun Jul 25, 2004 5:01 pm Reply with quote

kguske

The spelling of strings can be corrected in the /language/sentinel/lang-english.php file. It's on line 119
Code:
define("_AB_HELP_22","22) Enter 1 string per line.<br />Here you may block any <b>String</b> you want.<br />Strings will be matched against the <b>Query String</b> so use caution when blocking strings.");


Just make the changes and save them and you can correct it yourself

_________________
"The Daytona 500 is ours! We won it, we won it, we won it!", Dale Earnhardt, February 15th, 1998, Daytona 500 
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger MSN Messenger ICQ Number
BobMarion
PostPosted: Sun Jul 25, 2004 5:22 pm Reply with quote

kguske wrote:
I really like the pop-up help in 2.0. Thanks! Why not take the info Bob provided and put similar help for the various settings / group? Beyond that and the existing installation guide and the current help, additional documentation may not be necessary.

Also, (VERY low priority) check the spelling of "strings" in the help text for string list in the String Blocker settings.


I have been doing some prelim work on RC 5 and I was planing on adding the mouseovers to the admin menu to help clairify what each link is for.
 
sixonetonoffun
PostPosted: Sun Jul 25, 2004 5:44 pm Reply with quote

Its a lot of work but it sure makes for a great help hints system!
 
Muffin
PostPosted: Sun Jul 25, 2004 6:18 pm Reply with quote

The mouseover idea is great, especially for people with poor memories like myself lol

There's so much to learn and remember.
 
newbie
Regular
Regular


Joined: May 03, 2004
Posts: 62
Location: USA

PostPosted: Sun Jul 25, 2004 6:35 pm Reply with quote

BobMarion wrote:
Request Method Blocker: Allows you to prevent the use of request methods such as HEAD, SEARCH, but do not use it to block POST or GET since you will crash you site on those two.


Hi Bob,

I really appreciate your work and the help you provide.

The comment above got my interest, since I still have the Protector on my site. I am probably going to remove it to cut down on the resources used, since Sentinel 2 seems to provide everything that Protector had that Sentinel 1.2 didn't yet have.

But my question is about the blocking POST and GET methods. I had that enabled through Protector. Now I'm curious if I may have set myself up for crashes by doing so.

Is this a "standard" risk or something that is specific to settings in Sentinel?

Thanks much.

_________________
Darla
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
BobMarion
PostPosted: Sun Jul 25, 2004 7:05 pm Reply with quote

In NukeSentinel(tm) blocking POST or GET will trigger the IP being blocked if you have it set for that. This means that 90% of your site traffic that uses one of your forms would be blocked from coming back and in certian cases it will put your site into and endless loop of POST or GET triggering the blocker. This is primarily for Protected admins as anyone else would only be able to trigger the blocker once.
 
southern
Client


Joined: Jan 29, 2004
Posts: 591
Location: Texas

PostPosted: Tue Jul 27, 2004 1:41 pm Reply with quote

What I'd like is an explanation of the admin auth setting. I turned this on, thinking there'd be no problem, but the Sentinel admin doesn't accept the password I have for admin auth... it appears I'm now locked out of both the Sentinel admin and my site admin. Sad

_________________
Computer Science is no more about computers than astronomy is about telescopes.
- E. W. Dijkstra 
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Tue Jul 27, 2004 1:47 pm Reply with quote

Try using your nuke admin id and password the first time.
 
View user's profile Send private message
southern
PostPosted: Tue Jul 27, 2004 3:22 pm Reply with quote

I did. The thing is my nuke admin password is different from my admin auth password, and Sentinel expects the admin auth one. When I click the admin.php shortcut the admin auth window opens and I enter the admin auth md5 password and after three tries it's Get out of here! No access to the nuke admin area or Sentinel admin.
 
Raven
PostPosted: Tue Jul 27, 2004 3:36 pm Reply with quote

Make sure that you have disabled my old http auth hack if you were using it. Then, Sentinel should be defaulting to your nuke admin id/pass. After you get in then you can change the Sentinel id/pass and that will not affect your nuke admin/pass.
 
southern
PostPosted: Tue Jul 27, 2004 3:50 pm Reply with quote

Ok... now how to disable the admin auth? The 'old' one that is.
 
southern
PostPosted: Tue Jul 27, 2004 4:11 pm Reply with quote

OK, turned off admin auth, 'old' one, and now I can access my nuke admin and the Sentinel admin... so I turned off the admin auth setting for now. I kind of like your 'old' admin auth so I'm going to keep using it. Smile
 
Raven
PostPosted: Tue Jul 27, 2004 4:36 pm Reply with quote

I'm confused. To turn off my other one you comment out the 2 lines in auth.php. That's all you need to do. It is the same script, just administered in another way. But, do what makes you happy Smile
 
southern
PostPosted: Tue Jul 27, 2004 5:38 pm Reply with quote

You're confused? What's that make me?! Smile As soon as I figure out the admin http auth in Sentinel I'll use it but for now I'm going to continue to use your 'old' admin auth scripts. I commented out those lines in admin.php so I could access my nuke admin. I thot the admin auth in Sentinel is the same as the 'old' admin auth but it seems it's different- it uses my nuke admin name and password, not the md5 password in the 'old' admin auth scripts.
 
Raven
PostPosted: Tue Jul 27, 2004 6:31 pm Reply with quote

Raven wrote:
Make sure that you have disabled my old http auth hack if you were using it. Then, Sentinel should be defaulting to your nuke admin id/pass. After you get in then you can change the Sentinel id/pass and that will not affect your nuke admin/pass.
You have to set it up the first time. Select the List Admins and then Click on the admin name and then change the http auth id and password.
 
BobMarion
PostPosted: Tue Jul 27, 2004 7:32 pm Reply with quote

And once you update the admin HTTP Auth login and password it will email it to them so you don't have to yourself Smile
 
southern
PostPosted: Tue Jul 27, 2004 8:39 pm Reply with quote

That's great, peeps. I'll do it first thing this time. I just had to turn off the 'old' admin auth so I could even get into my nuke admin. Everything is fine now, I just ran into a security feature that works as you intended. Smile At least I didn't ban myself from the whole site this time.
 
Sugs
New Member
New Member


Joined: Dec 23, 2004
Posts: 9

PostPosted: Thu Dec 23, 2004 11:23 am Reply with quote

When you use CGIAuth Setup it gives you a script to place in your .HTACCESS file.

There is a line

Code:
AuthName "Restricted by NukeSentinel(tm)"



I had to change mine to

Code:
AuthName "my admin.php login name"



Before it never worked properly........Before I did this all i got was three attempts to log in then a 401 error.



By the way.........I am totally confused about setting up PC Killer.

Think I'll just give up Sad


Last edited by Sugs on Thu Dec 23, 2004 4:00 pm; edited 1 time in total 
View user's profile Send private message
kguske
PostPosted: Thu Dec 23, 2004 12:26 pm Reply with quote

You went through the trouble to register here, then post this message, but you're not going to try to resolve this problem? That's really unfortunate, because admin authentication is critical to securing your PHP-Nuke site.

Using PC Killer isn't critical, so let's focus on the authentication. The AuthName is just text that describe why you're entering a user ID and password. I'm pretty sure changing that had nothing to do with the success or failure of your effort.

CGIAdminAuth provides server-level security on Apache servers only for your admin.php file. It does this using the .htaccess file and an authentication file (NukeSentinel calls it .staccess). Once you go through that level of security, you must go through the PHP-Nuke security.

Since it prompted you for a user ID and password (i.e. your htaccess is probably configured correctly) and you did not make it through the admin security, It sounds like there may be a problem with the authentication file. Several things could cause what you're describing. Among others, these come to mind:
  • the .staccess file isn't where it's defined in htaccess
  • the password in .staccess isn't encrypted
  • the user id and / or password is different that what you're entering

How did you create / update htaccess and staccess? If you post either or both, please remove the sensitive info (your root directory, user ID, encrypted or unencrypted passwords, etc.).
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©