Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
zzb
New Member
New Member


Joined: Jun 05, 2005
Posts: 22
Location: USA

PostPosted: Mon Oct 31, 2005 9:16 pm Reply with quote

I have one of those dumb questions that everyone says doesn't exist.

I have my phpNuke installation in a directory (nuke) off my main HTML directory as:

mydomain.com/mynuke/index.p h p

The default in NukeSentinel suggests I place the file in /mynuke/ and chmod 666 of course.

I was wondering why I would not direct the deny access to the root directory instead as it would protect the entire domain ? Would this be advisable? Right now I have one in each directory but only the /mynuke/.htacess file is being updated by NukeSentinel 2.4.2 The .htacess file in the root is being updated by my server control panel banning and redirects. Which of these two files should I really have Sentienl directed to update?

Thanks for guidance....
 
View user's profile Send private message Visit poster's website
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Mon Oct 31, 2005 9:29 pm Reply with quote

Although I am no security expert and will defer to other admins/mods/posters in these forums to elaborate, my preference is to balance security and flexibility. To me, I would prefer to let Sentinel manage my NUKE domain only and let me control the higher level and other potential subdomains individually as well.

But, that is just me.

Regards,
montego

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
zzb
PostPosted: Mon Oct 31, 2005 10:07 pm Reply with quote

Thanks for the reply Montego. Good to hear from you again. I may have the settings too tight in NSentinel. I have flaged and banned about 70 IPs since July. More than I expected. I am sure they are not all evil doers. I wonder if there is a suggested configuration that some of the security experts here at this site recommend that helps avoid throwing the baby out with the bathwater? I know there is nothing foolproof, but I wonder if I am risking banning useful search engines with some of my settings.

As for the .htacess question, thanks much. I may set it back to the subdirectory where I have my nuke installation as opposed to the root directory the nice thing about having it in the root is that if I have a spammer on one of my other sites, I can just go into my Nuke app and ban the IP there for my entire domain. I wonder if others find that preferable?

Thanks for the feedback... Smile
 
montego
PostPosted: Tue Nov 01, 2005 6:25 am Reply with quote

zzb, good to talk to you again too. Hope the newsletter tool is working out well for you. I have started with 1.3 development.

Regarding Sentinel, I have mine locked down pretty tight, but just out of a lack of experience with hackers... don't want to chance it. I don't have time to re-do a site! So, I will have to defer to the others here to answer more specifically to that question.

Regarding .htaccess, as I said, it really is a balance and really a personal preference. If it is working well for you to be able to ban this way for your entire web space, then go for it. I am a firm believer in doing what make sense and works best for you.

Regards,
montego
 
zzb
PostPosted: Tue Nov 01, 2005 9:07 am Reply with quote

The HTML Newsletter is working great in my Platinum Nuke ap and keeps the newsletters well organized and the templates are a good variety. Thanks for asking and for your work on making the stock Newsletter module more robust and more practical for the site owners. Also -- thanks for your insight on the access file.
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Tue Nov 01, 2005 7:39 pm Reply with quote

zzb - do you have an IP tracking module installed?
I only ask as I find it particularly useful to view what pages a specific IP has viewed and how many times/ how often etc.
Today for example, I spotted a new IP with 66 page views. Nothing new there but when I see it has been visiting the same page everytime and got 66 hits in 2 minutes I am thinking, hmm, better check this IP, so SamSpage tells me it come from Russia and because my site is for the UK and there is no need for a Russian IP to visiting, he got banned LOL
 
View user's profile Send private message Send e-mail
zzb
PostPosted: Tue Nov 01, 2005 8:48 pm Reply with quote

Yes... I check my logs and the IP tracking module on my server. Between that and Nuke Sentinel.... I nail most of them !! I have one that I will be reporting to the hosting service tommorow, called their 800# and the email node they gave me is consistent with the abuse info in WhoIs. ! Time to fight back !
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©