Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x
Author Message
Dragonies
Hangin' Around


Joined: Mar 07, 2006
Posts: 45
Location: UK

PostPosted: Sat Apr 01, 2006 9:56 pm Reply with quote

Hi

Ok I have resolved that issue now of not being able to get onto my site.

However, is it possible please when you next upgrade the nuke sentinel to add something in there so that hackers can not link your IP to theirs if you put a ban on their IP? Just a thought.

I resolved the issue by asking my site hosts to help out going into admin but also I was able to delete my IP entry from the mysql table in the main site admin.

many thanks
dragonies
 
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Sat Apr 01, 2006 10:05 pm Reply with quote

You can exclude IP addresses today. Just add your IP address to the excluded range.

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9457
Location: Arizona

PostPosted: Sun Apr 02, 2006 7:28 am Reply with quote

Dragonies,

Quote:

However, is it possible please when you next upgrade the nuke sentinel to add something in there so that hackers can not link your IP to theirs if you put a ban on their IP? Just a thought.


My appologies, but I do not understand this statement. I may have missed another thread where you were talking in more detail about your issue. I am just not understanding your statement above. Can you explain it a bit more for me?

Thank you

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
montego
PostPosted: Sun Apr 02, 2006 7:32 am Reply with quote

Ah, never mind, just saw it here: Only registered users can see links on this board! Get registered or login!

You definitely needed to set your login as Protected as Kguske has said.

I think what may have happened is when you went to admin.php, you may have used a link that was "deeper" than just admin.php and you were not already logged in as admin. You cannot go directly to one of the administration modules without being logged in as admin first. Since there is no way NukeSentinel to know who you are, because you were not logged in first as admin, it has no other choice than to think you are doing an "admin exploit".
 
Dragonies
PostPosted: Sun Apr 02, 2006 8:45 am Reply with quote

Hi

Ahhh K.

I was already logged in as admin as I would have had to add in the IP in through the admin panel. I am just not sure what type of hack attempt it is.

I cant get in again today as I am asking my host to ban this IP address off my site, but it is blocking me again. Sigh. I got in again yesterday after we cleared it but I still do not understand about htaccess and find it very confusing being new to php and all.

The IP address is a USA one where as mine is a UK IP address but it still changes to mine when I try to block this IP in sentinel. It works ok in the IP ban in the phpnuke itself.

my log in is already protected by sentinel, however since I caught this person I am not sure that it is protected any longer.

many thanks Dragonies
 
kguske
PostPosted: Sun Apr 02, 2006 9:02 am Reply with quote

Several things could have happened:

The IP address could have been spoofed to be your IP address. But this wouldn't block you if you protected your IP address. It would redirect the attacker to a blocked page and the attack would still be unsuccessful.

A union attack may have been used to insert the block on your address. This is doubtful if you were using NukeSentinel, unless you have an addon module that circumvents Nuke database access (i.e. NukeSentinel can't protect against).

The last possibility is that attacker somehow has legitimate access to your site - i.e. he can load a file somewhere or knows your admin and / or control panel passwords.

Without seeing the logs (which you should definitely check), my guess is that either there is an unsecure module or the attacker has legitimate access. I would check for recent file changes on the server AFTER changing the control panel and Nuke admin passwords.

.htaccess is used in some cases to block access to a site at the server level. If this happens, you get an Apache error message instead of a NukeSentinel message that you are blocked.

It doesn't make sense that NukeSentinel changes a blocked IP address when manually adding. It simply stores it in the database.

It also doesn't make sense that the log is already protected by sentinel. NukeSentinel has no knowledge of or access to the log, unless you're referring to the history of banned IPs inside NukeSentinel.
 
Dragonies
PostPosted: Sun Apr 02, 2006 9:44 am Reply with quote

I believe they had registered as a legitamate user because it stated clearly on the site that it was sentinel protected.

This person then asked me to active their account for them when I had deleted their user name from our site. If they had nothing to hide they would have used a normal name like we all do etc. I then told them no I wont activate their account for them they can do it themselves, at which they replied I had just confirmed stuff for them in a reply email to me.

as a note to all other people new to this like me, do not reply to emails like this as it confirms details for that attacker Very Happy.

However, the good thing was, I was able to get their IP address from the email they sent to me and was trying to add it to sentinel but for some reason they had managed to do the attack so that when I tried to ban their IP it also banned mine.

We have now managed to ban that attacker successfully and I am able to access my site. But am thinking now might be a good idea to change my admin name and password.

To change my admin name and password, do I do this in the normal way or do I have to change in sentinel as well.

sorry to be a pain. Like I said I am completely new to all of this.

many thanks dragonies
 
kguske
PostPosted: Sun Apr 02, 2006 9:51 am Reply with quote

If you're using admin auth, you should change that password and your nuke admin password.
 
Dragonies
PostPosted: Sun Apr 02, 2006 10:09 am Reply with quote

yes I am using admin auth.

Can you point me in the right direction please where to change it in the nuke.

do I do this within the nuke panel itself or in the htaccess file. If its the htaccess file do I download it from the site, change and re upload, or just add something in htaccess from the nuke in my documents, and then re upload it?

many thanks dragonies
 
Dragonies
PostPosted: Sun Apr 02, 2006 10:21 am Reply with quote

I have called up the nuke sentinel and protected my Ip as suggested in the Ip protected range.

I have now called up the admin auth in nuke sentinel, do I change it in there?

thanks dragonies
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©