Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
wv1973
New Member
New Member


Joined: Jul 20, 2004
Posts: 18

PostPosted: Tue Feb 08, 2005 11:04 am Reply with quote

Hi I've been using nuke for a little whils and have used sentinel before.. but blindly to tell you the truth.

Can someone please explain to me what the different sort of attacks are??

like
Admin:
Author
Clike
Union
Filters
Harvesters
Referer
Scripting blocker
request method
string blocker

I am not looking for a detailed explanation just a brief idea as to whether I need to activate it or not. some sound a bit obvious but you know what they say about assuming something.....

Any explanation would be greatly appreciated.

Wade
 
View user's profile Send private message
sixonetonoffun
Spouse Contemplates Divorce


Joined: Jan 02, 2003
Posts: 2496

PostPosted: Tue Feb 08, 2005 11:24 am Reply with quote

These are the ones I'd call optional the others are all in response to valid attacks of one sort or another the harvester list could argueably be addressed better at the server level with rewrites either in httpd.conf or htaccess IMO.

request method < See http requests TRACE, PUT would be candidates to block >
string blocker <This is handy for on the fly custom rules for instance MeG attacks using adminpath= >

_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 
View user's profile Send private message
wv1973
PostPosted: Tue Feb 08, 2005 11:54 am Reply with quote

Ok in my case I mainly want to protect my site from being hijacked. I don't have downloads so people soaking up my bandwith is not a prob... Have not had to ban anyone from my site yet. It's a pretty civil bunch I have. They are work colleagues all part of the same labour union. What you recommend I acvitate and what should I just leave turned off?
 
sixonetonoffun
PostPosted: Tue Feb 08, 2005 12:29 pm Reply with quote

With respect to my previous mention of the harvestor list. The harvestor list if not addressed else where.
Use the HTTP Auth or CGI Auth for prevent admin exploits. (Most important feature really)
Use force nuke url if your not on a subdomain.
Use the DoS blocker.
Do not use the proxy blocker.

Admin
Author
Clike
Union
Filters
Referer
Scripting blocker

Remove the duplicated filters from mainfile.php and admin.php as mentioned in the readme and in a couple of threads on the forums here it will make a noticable difference in page loads but only do this once the Sentinel Blockers are active above.
 
wv1973
PostPosted: Tue Feb 08, 2005 1:00 pm Reply with quote

sixonetonoffun wrote:

Use the HTTP Auth or CGI Auth for prevent admin exploits. (Most important feature really)


I'm actually having alot of trouble with this right now. I've been searching on your forum but i'm quite confused.

Let me try and explain as best I can as to what I did.

in .htaccess I have

Code:
<Files .backup>

  deny from all
</Files>

<Files admin.php>
   <Limit GET POST PUT>
      require valid-user
   </Limit>
   AuthName "Restricted"
   AuthType Basic
   AuthUserFile /.backup
</Files>
I named my staccess to .backup

I copied over the staccess file which was blank.

Before doing so I entered in the setninel config
htaccess Path: was /.htaccess ----> I put it in root for now
staccess path: wad /.staccess
I set admin password
admin auth set to cgiauth

grumbles....

I've tried just about everything and am sure it's something stupid.. The .staccess presently empty, I thought I read in one of the other posts that this is where the password is stored...

Thanks for the help

Wade
 
wv1973
PostPosted: Wed Feb 09, 2005 12:49 am Reply with quote

You know what I think I finally got it working Smile so nevermind about my last question. Thanks again for the response on my earlier questions.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©