Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
Gabe
Regular
Regular


Joined: Oct 30, 2005
Posts: 62

PostPosted: Fri Dec 23, 2005 4:13 pm Reply with quote

Ok well I've been getting these abuse emails from sentinel 2.4.2 for about a week now, it happend like twice the first day, and has'nt happend since untill today. I've gotten I think 2 or 3 abuse emails today from sentinel, heres two emails from today:

Quote:
Date & Time: 2005-12-23 15:11:52 CST GMT -0600 Blocked IP: 66.173.241.225 User ID: Anonymous (1)
Reason: Abuse-Filter
--------------------
User Agent: lwp-trivial/1.35
Query String: Only registered users can see links on this board! Get registered or login! bugado Get String: Only registered users can see links on this board! Get registered or login! bugado Post String: Only registered users can see links on this board! Get registered or login!
Forwarded For: none
Client IP: none
Remote Address: 66.173.241.225
Remote Port: 38940
Request Method: GET


Quote:
Date & Time: 2005-12-23 11:50:33 CST GMT -0600 Blocked IP: 202.226.224.67 User ID: Anonymous (1)
Reason: Abuse-Filter
--------------------
User Agent: lwp-trivial/1.35
Query String: Only registered users can see links on this board! Get registered or login! bugado Get String: Only registered users can see links on this board! Get registered or login! bugado Post String: Only registered users can see links on this board! Get registered or login!
Forwarded For: none
Client IP: none
Remote Address: 202.226.224.67
Remote Port: 48527
Request Method: GET


Also I would like to mention that the IPs dont get baned on the "display blocked IPs" menu page in the sentinel admin. They dont get added there at all. I wanted to know why and I wanted to know if these really are attacks and what could happen if one does'nt get blocked?

Thanks.


Last edited by Gabe on Fri Dec 23, 2005 5:20 pm; edited 1 time in total 
View user's profile Send private message
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Fri Dec 23, 2005 4:27 pm Reply with quote

are you settings correct so they should be banned and not automaticaly flushed ?
And this is btw a script kiddy attack,i already maild the belgium website.
 
View user's profile Send private message
Gabe
PostPosted: Fri Dec 23, 2005 4:34 pm Reply with quote

hitwalker wrote:
are you settings correct so they should be banned and not automaticaly flushed ?
And this is btw a script kiddy attack,i already maild the belgium website.

i have it set to email, block, & default page

what do you mean you emailed the belgium website? what site is that?
 
hitwalker
PostPosted: Fri Dec 23, 2005 4:49 pm Reply with quote

Thats this site :http://www.sanicentrum.be
But they dont know anything about this...their server was probably vunerable so ...
As for sentinel,i cant imagine it doesnt ban or ads the ip....better check again...,specially all settings.
 
Gabe
PostPosted: Fri Dec 23, 2005 5:00 pm Reply with quote

hitwalker wrote:
Thats this site :http://www.sanicentrum.be
But they dont know anything about this...their server was probably vunerable so ...
As for sentinel,i cant imagine it doesnt ban or ads the ip....better check again...,specially all settings.

I dont know what else to check, I have it set to admin, block, goto default page
 
hitwalker
PostPosted: Fri Dec 23, 2005 5:01 pm Reply with quote

Have you tried to attack yourself and see what happens?
 
Gabe
PostPosted: Fri Dec 23, 2005 5:02 pm Reply with quote

hitwalker wrote:
Have you tried to attack yourself and see what happens?

attack my own site? no
 
hitwalker
PostPosted: Fri Dec 23, 2005 5:04 pm Reply with quote

Well try it and see what happens....unbanning yourself is easy so no worries..
 
Gabe
PostPosted: Fri Dec 23, 2005 5:07 pm Reply with quote

i dont know how to attack my site, a week ago I clicked one of the urls in the sentinel abuse email and I got that ban message when I went to that url on my site, I could browse the rest of the site and I never got added to the baned ips
 
hitwalker
PostPosted: Fri Dec 23, 2005 5:09 pm Reply with quote

ok..message between...
can you edit your first post please and delete the website lines...before someone is going to abuse it...
 
hitwalker
PostPosted: Fri Dec 23, 2005 5:19 pm Reply with quote

ok found a nice injection,got banned but still could visit your site aterwards...
 
Gabe
PostPosted: Fri Dec 23, 2005 5:22 pm Reply with quote

Ok I edited my post.

So what should I do? why isn'nt it banning you?
 
hitwalker
PostPosted: Fri Dec 23, 2005 5:25 pm Reply with quote

well i mean..take out the belgium url to...
and are you sure you edited all files as specified in the install?
 
Gabe
PostPosted: Fri Dec 23, 2005 5:30 pm Reply with quote

hitwalker wrote:
well i mean..take out the belgium url to...
and are you sure you edited all files as specified in the install?

yea iam sure
 
hitwalker
PostPosted: Fri Dec 23, 2005 5:47 pm Reply with quote

Have you looked at this?
Only registered users can see links on this board! Get registered or login!
 
Gabe
PostPosted: Fri Dec 23, 2005 5:54 pm Reply with quote

hitwalker wrote:
Have you looked at this?
Only registered users can see links on this board! Get registered or login!

I'll look at it in a minute. did they find a fix for my problem?
 
Gabe
PostPosted: Fri Dec 23, 2005 7:41 pm Reply with quote

so am I supose to enable that cgi auth, the sentinel readme doesnt even explain what it is or does. i think it might be time to remove sentinel. I dont even know the passwords that my other admins use to login so Im not sure if I could do that admin auth whatever it is
 
Gabe
PostPosted: Sat Dec 24, 2005 8:00 pm Reply with quote

Well i set passwords for all the admins(do they need to know the passwords i set for them?) and I set them to protected. do their passwords need to be the same as the ones they use to log into the site?

next question is what is cgi auth and do I need to mess with it? also when type in the path get the .htaccess file in the sentinel admin it says it does not exist, what about a .staccess file? I have one but its named sample.staccess and I have a sample.htaccess
 
thebishop
Worker
Worker


Joined: Aug 30, 2005
Posts: 243
Location: Flying to close to the sun

PostPosted: Sun Dec 25, 2005 6:33 pm Reply with quote

gabe, you should rename the sample.staccess to just .staccess and make sure all your admin usernames and encrypted passwords are in it.

as for your .htaccess, it should be in the root directory of your nuke installation and chmod the file permissions to 666. some control panels seem to change the chmode setting, so make sure you use an ftp client to change the permissions on the .htaccess before uploading it to your nuke root folder so it will stay at 666.


then make sure you go here and download the pc killer and ip to country files. the ip to country will let you block certain countrys from even coming to your site. the countrys i have blocked are russia,brasil,netherlands and indonesia. you may want to block belgium.
the PC killer templates will block and forward the offender to a page that will give them a mass of popups and disable the ctrl ALT del keys so they will have to reboot there PC. this is a headache for script kiddies to keep having to deal with time and time again. especialy if they have to renew there ip too.
Only registered users can see links on this board! Get registered or login!

after you upload the PC killer templates go to your NS administration panel/blocker settings and in ADMIN,AUTHOR,UNION,CLIKE & FILTERS,
type in the Forword to: box. Only registered users can see links on this board! Get registered or login!
were "yoururlhere" will be the name of your site.
that url will be the url that script kiddie gets forworded too.

make sure to tick the write to .htaccess box. and under the Activate box, choose email,block & Forword. this blocks the ip,emails you,and forwords the attacker to the abuse.html file that will then give them a headache.

on the NS administrations page, make sure you have the correct pathes to both of the .htaccess & .staccess files on your site.

remember the .staccess file holds your admins information username PW ect. the .htaccess file controls who has access to it and your site by denying them or allowing them access.


this is what you should have in your .htaccess file.

{EDIT}

if you respond to this post ill get an email, so if you have any other questions, just post back. i hope this helps ya man.


Last edited by thebishop on Tue Dec 27, 2005 6:28 pm; edited 1 time in total 
View user's profile Send private message
Gabe
PostPosted: Sun Dec 25, 2005 8:31 pm Reply with quote

thebishop wrote:
gabe, you should rename the sample.staccess to just .staccess and make sure all your admin usernames and encrypted passwords are in it.

as for your .htaccess, it should be in the root directory of your nuke installation and chmod the file permissions to 666. some control panels seem to change the chmode setting, so make sure you use an ftp client to change the permissions on the .htaccess before uploading it to your nuke root folder so it will stay at 666.


then make sure you go here and download the pc killer and ip to country files. the ip to country will let you block certain countrys from even coming to your site. the countrys i have blocked are russia,brasil,netherlands and indonesia. you may want to block belgium.
the PC killer templates will block and forward the offender to a page that will give them a mass of popups and disable the ctrl ALT del keys so they will have to reboot there PC. this is a headache for script kiddies to keep having to deal with time and time again. especialy if they have to renew there ip too.
Only registered users can see links on this board! Get registered or login!

after you upload the PC killer templates go to your NS administration panel/blocker settings and in ADMIN,AUTHOR,UNION,CLIKE & FILTERS,
type in the Forword to: box. Only registered users can see links on this board! Get registered or login!
were "yoururlhere" will be the name of your site.
that url will be the url that script kiddie gets forworded too.

make sure to tick the write to .htaccess box. and under the Activate box, choose email,block & Forword. this blocks the ip,emails you,and forwords the attacker to the abuse.html file that will then give them a headache.

on the NS administrations page, make sure you have the correct pathes to both of the .htaccess & .staccess files on your site.

remember the .staccess file holds your admins information username PW ect. the .htaccess file controls who has access to it and your site by denying them or allowing them access.


this is what you should have in your .htaccess file.

[CODE]
# deny most common except .php
<FilesMatch "\.(inc|tpl|h|ihtml|sql|ini|conf|class|bin|spd|theme|module)$">
deny from all
</FilesMatch>

<Limit GET POST>
Order Allow,Deny
Allow from all
</Limit>
[CODE]

if you respond to this post ill get an email, so if you have any other questions, just post back. i hope this helps ya man.

yea it helps alot, I'll try and do all this in an hour or two. thanks

ok, well i started to do the first thing but i already have a .htaccess file, should i delete it then change my sample.htaccess and sample.staccess and remove the "sample" from the two files?
 
thebishop
PostPosted: Sun Dec 25, 2005 9:24 pm Reply with quote

i believe the sample.staccess file is blank with no sample code.
i dont use the sample code from the sample.htaccess file so i dont believe you will need that either. what verson of nuke are you running.

no you dont have to delete the .htaccess file you already have, you can just use that one. just make sure you that code i posted is in it.


also make sure its chmode is set to 666.
if your using APACHE make sure that theres one empty line space at the bottom of the .htaccess file so it can be written too by NS.

if for some reason you get locked out of your site while doing this, go to your phpMYadmin and then to nsnst_blocked_ips and remove your ip address. then try to get back to your site. you should be fine.

for the sample.staccess file, just rename it .staccess and it should store all of your admins usernames and passwords in there.

post back if you need any more info. or contact me by MSN.


Last edited by thebishop on Sun Dec 25, 2005 9:32 pm; edited 1 time in total 
Gabe
PostPosted: Sun Dec 25, 2005 9:31 pm Reply with quote

thebishop wrote:
no you dont have to delete the .htaccess file you already have, you can just use that one. just make sure you that code i posted is in it.

also make sure its chmode is set to 666. and that theres one empty line space at the bottom of the .htaccess file so it can be written too by NS.

if for some reason you get locked out of your site while doing this, go to your phpMYadmin and then to nsnst_blocked_ips and remove your ip address. then try to get back to your site. you should be fine.

for the sample.staccess file, just rename it .staccess and it should store all of your admins usernames and passwords in there.

post back if you need any more info. or contact me by MSN.

Im not sure how to set the file to chmode 666
 
thebishop
PostPosted: Sun Dec 25, 2005 9:34 pm Reply with quote

in your FTP client you should have a place to change the file permissions.
its best to do it there. if you cant find it or dont have it thne youll have an option somewere on your web panel.

what web control panel are you using.
 
Gabe
PostPosted: Sun Dec 25, 2005 9:35 pm Reply with quote

thebishop wrote:
in your FTP client you should have a place to change the file permissions.
its best to do it there. if you cant find it or dont have it thne youll have an option somewere on your web panel.

what web control panel are you using.

iam using cPanel, and my ftp client is ws ftp pro

edit::I think i figured it out, i right clicked on the file though my ftp client and went to properties and then it has a numeric value field. it was set to i think 644 and i just set it to 666, hopefully iam changing the right thing, does staccess also need to be set to 666?
 
thebishop
PostPosted: Sun Dec 25, 2005 9:47 pm Reply with quote

if you open up wsftp pro and right click on the file you want to change permissions for, you should be given the option to change its attributes.
e.g 666,644,755 and so on. some ftp software calls this a custom command instaed of change file permissions.
yes both of the accessfiles need to be set to 666.

btw what version of nuke areyou running.


Last edited by thebishop on Sun Dec 25, 2005 9:51 pm; edited 1 time in total 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©