Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x
Author Message
john_mar
New Member
New Member


Joined: Nov 14, 2005
Posts: 15

PostPosted: Sat Jan 14, 2006 3:57 pm Reply with quote

Hi just started running a Nuke7.8 + 3.1 patch and last week installed Sentinel 2.4.2. (must do that pl3 patch) as was using the old Protector system before.

2 AOL users have now complained they are being blocked.

Assuming its the "Proxy block" thats stopping them.

Only thing is, I have the "Block Proxies" setting in Sentinel Admin set to off !

So a bit confused! Searched various forums but not found similiar issue posted 9though could have missed soemthing)

Any ideas??


john_mar
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Wed Jan 18, 2006 6:14 am Reply with quote

I don't think it's NS. See this post for the probable cause Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
john_mar
PostPosted: Wed Jan 18, 2006 5:28 pm Reply with quote

Errr, thanks Raven... think you are telling me I haven't used an upto date patch...

...and looking at the files....I now have this really horrible sinking feeling I have somehow applied the 3.1 patch for Nuke7.5 over the top of Nuke7.8... Embarassed

need to investigate properly 2moro evening as must get to bed ... an early start in the morning

Oh goodness... wot a nightmare.
 
john_mar
PostPosted: Sat Jan 21, 2006 6:38 pm Reply with quote

Well. I've just spent last two long nights on this Crying or Very sad

Have downloaded and reinstalled patch3.1
...then reinstalled Sentinel 2.4.2 over the top
...and put the 2.4.2pl3 patch on that.

And removed all traces of Protector (which I'd been using before Sentinel) by stepping backwards through the install.

Commented out the rouge mainfile.php code as per link in Ravens posting above. (code is still in the 7.8 - 3.1 patch)

And after all that.................... I still have users with problems.

*Some* users when, it appears, when they download files. This could be to do with that code that needs commenting out in mainfile.php. Haven't had this prob since I commented out the code... but might just be coincidence.

But AOL users particular problem. It seems all AOL users are getting blocked. (somthing to do with Proxies??)

They get a Sentinel Black screen "Blocked" message saying that
"You have attempted an unknown attack on this site." and they are blocked. Interestingly, these blocks are not registered in the "Blocked IP" logs within Sentinel.

Am really at a loss, any more pointers....

JohnMar
 
Raven
PostPosted: Sun Jan 22, 2006 1:31 am Reply with quote

Go through each of the Blockers in NukeSentinel(tm) admin. Are there any blockers that are activated where the Default Page is set to Default and/or the Activate is set to Default?
 
john_mar
PostPosted: Sun Jan 22, 2006 12:44 pm Reply with quote

Hi Raven - thanks for reply.

Just checked them all. All the Blockers are set to:

Activate = Email, Block and Default.
Default Page = (the matching blocker mode eg Admin for Admin blocker etc)
 
Raven
PostPosted: Sun Jan 22, 2006 2:51 pm Reply with quote

Can you post one of the emails but mask out your real path info?
 
john_mar
PostPosted: Sun Jan 22, 2006 3:21 pm Reply with quote

Thanks for looking at this Raven

Just in case I haven't been clear, I think I have two distinct problems (thou may be linked)

Problem 1. Some users are getting blocked when they click on specific links - I haven't kept every single notification email - but which I think are all related. See the email below for an example.

(Note some bots are also triggering blocks too - a google bot hit the site 230 times yetserday then triggered a similiar error report to below)

Problem 2. Several (three) AOL users are reporting they are getting blocked all the time! They get the black screen but this generates NO emial report - or are they IP tracked. I wouldn't know about it only they are emailing me. After all the updates I performed (see last posts), I have one AOL retesting for me and they are still get blocked. Even have a screen shot!

Here is the email generated by problem 1. above
Code:



-----Original Message-----
From: webmaster@*****.org [mailto:webmaster@***.org]
Sent: 19 January 2006 16:07
To: webmaster@***.org
Subject: Blocked abuse from 82.7.97.33


Date & Time: 2006-01-19 17:06:45 CET GMT +0100
Blocked IP: 82.7.97.33
User ID: Anonymous (1)
Reason: Abuse-Script
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ntlworld v2.0; .NET CLR 1.0.3705)
Query String: Only registered users can see links on this board! Get registered or login!
Get String: Only registered users can see links on this board! Get registered or login!
Post String: Only registered users can see links on this board! Get registered or login!
Forwarded For: 82.7.97.33
Client IP: none
Remote Address: 62.252.64.33
Remote Port: 15503
Request Method: GET

 
Raven
PostPosted: Sun Jan 22, 2006 4:15 pm Reply with quote

That's what I suspected Wink

It's the () in the titles. This is well documente in the forums here. Use phpMyAdmin and change all () to [] or whatever, but 86 the (). Also, on your script blocker, just set it to email the admin. That's all you really need.
 
john_mar
PostPosted: Sun Jan 22, 2006 4:33 pm Reply with quote

Thanks for that. Wasn't aware of the () issue Sad sorry. must surf the forums more generally rather than searching for key words which I think might throw up an answer. But when you don't know what your looking for Smile

Will do all your suggestions - many thanks RavensScripts

So will setting the email admin rather than email, block and default solve the AOL visitors problems? Can I ask why - so I can try to understand a little bit more.

johnmar
 
Raven
PostPosted: Sun Jan 22, 2006 4:39 pm Reply with quote

I'm not sure that the 2 are related. Let's peel the onion one skin at a time Wink By email only whoever was receiving a script blocker screen will no longer see that. But, you as admin will get notifications and can determine if it was a script hack attempt or something that you need to fix or just disregard.
 
john_mar
PostPosted: Sun Jan 22, 2006 4:45 pm Reply with quote

Raven - thats cool.

On the AOL users. Just got my (very non-technical but v/friendly) AOL user to try again with two links

Code:


Sue
 
Time for me to ask for another (yet another) test please... Only registered users can see links on this board! Get registered or login!
and try this is above doesn't work
http://www.***.org/modules.php?name=News&file=article&sid=78



And she's just replied to say the first gets blocked but the second link
worked! Yes - worked!!!!!

Have just asked her to reload/refresh her screen on the main URL in case there is a cache problem or something.
 
john_mar
PostPosted: Sun Jan 22, 2006 5:27 pm Reply with quote

Well.

When my AOL users clicks on Only registered users can see links on this board! Get registered or login! It shows a Sentinel "Blocked" screen.
Refresh gets same problem.

But when she clicks on Only registered users can see links on this board! Get registered or login! - it works fine!

and these links I emailed her worked too! Only registered users can see links on this board! Get registered or login! Only registered users can see links on this board! Get registered or login! Only registered users can see links on this board! Get registered or login! Only registered users can see links on this board! Get registered or login!

So, there you go. I'd like to know why this is. But I don't think I'm going to fret too much more over this.

And have taken the brackets out of all my download titles (which was nearly 20 of them - I had (PDF) or (Word) in every document title.

Raven - thank-you on behalf of the specific UK Childrens Charity this website is for. Solving this was a big deal. They (I as volunteer for the charity ) am rolling out a new pre-registration system (forms and stuff) via the website in 2 days time for their upcoming charity event which gets them most of their donated money. So solving these blocking problem before 100's of people start hitting the site on Weds was really quite important. i might sleep tonight.

many thanks my friend Cheers
johnmar
 
Raven
PostPosted: Sun Jan 22, 2006 11:31 pm Reply with quote

Quote:
And she's just replied to say the first gets blocked but the second link


I need to see the email. Thanks!
 
john_mar
PostPosted: Sun Jan 29, 2006 4:49 pm Reply with quote

Hi Raven

Sorry, been away from town with work stuff Sad

Anyways. Still have problem with AOL users accessing my site as posted above.

If they type Only registered users can see links on this board! Get registered or login! into their browser - it gets a default blocked message.

But if they type in the full URL Only registered users can see links on this board! Get registered or login! .... it works ok. And all other pages on the site then works for the AOL visitor.


Here is cut from my raw access logs which shows an AOL user
(1) trying Only registered users can see links on this board! Get registered or login! which gives the
(2) second line abuse message.
(3) Then they try the full URL wityh index.php and they get the site ok

[the IP address changes are to do with AOL proxy IP addressing I guess]

Code:


195.93.21.66 - - [29/Jan/2006:21:40:44 +0100] "GET / HTTP/1.0" 200 761 "-" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1)"
195.93.21.38 - - [29/Jan/2006:21:40:45 +0100] "GET /abuse/logo.png HTTP/1.0" 200 3707 "http://www.******.org/" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1)"
195.93.21.72 - - [29/Jan/2006:21:41:01 +0100] "GET /index.php HTTP/1.0" 200 8918 "-" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1)"


Looking at the first line above that generates the abuse message, there is nothing after the "GET". I don't undertand what 200 761 means - stretching my IT knowledge here!

As a workaround...I've hacked the /abuse/default.tpl file and added a message to the blocked warning message telling AOL users to try the full link, and that seems to be working.
 
Raven
PostPosted: Sun Jan 29, 2006 6:10 pm Reply with quote

200 means the document was found and 761 is the number of bytes.

I need to see the EMAIL, no the log.
 
john_mar
PostPosted: Mon Jan 30, 2006 3:32 pm Reply with quote

Raven

have sent you a PM with the email.

Johnmar
 
Raven
PostPosted: Mon Jan 30, 2006 6:50 pm Reply with quote

Something isn't jiving. In that email you sent me, it mentions this line:
If you are an AOL user - please try this link to access the site

That line of code is not in the current NukeSentinel(tm) release. Did you upgrade from an older release? I'm wondering if you have some leftover code somewhere or if your FTP is working correctly to overwrite files?

Please delete the Abuse folder completely.
Delete includes/nuksentinel.php and includes/sentinel.php (if it exists).
Delete language/nukesentinel folder and sentinel folder if it exists.
Delete admin/nukesentinel folder and sentinel folder if it exists.
Delete admin/modules/nukesentinel.php and admin/modules/sentinel.php if it exists.

Then reftp the NukeSentinel(tm) v2.4.2.
 
lilc420
New Member
New Member


Joined: Feb 02, 2007
Posts: 24

PostPosted: Thu Mar 01, 2007 5:19 pm Reply with quote

I am having the same issue with AOL users.

PS...
john_mar wrote:
As a workaround...I've hacked the /abuse/default.tpl file and added a message to the blocked warning message telling AOL users to try the full link, and that seems to be working.
 
View user's profile Send private message
lilc420
PostPosted: Thu Mar 01, 2007 7:34 pm Reply with quote

I found this and it fixed my issue. Maybe it will help you.
Only registered users can see links on this board! Get registered or login!
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©