Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x
Author Message
jakec
Site Admin


Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom

PostPosted: Thu Apr 13, 2006 8:34 am Reply with quote

Hi,

NukeSentinel isn't blocking the IP address when a Union attack is attempted. The default page is displayed saying you have been banned for attempting a Union attack, but it also says 'Block Expires: Unkown'.

It is then possible to access the site again.

When I check the Blocked IP list nothing is recorded there and nothing is written to the .htaccess file.

I've checked the Blocker Configuration and it is set to Email, Block & Default Page.

I tried the same attack on another site on my server and NukeSentinel does block it, so it's not the server causing the problem.

Also NukeSentinel is blocking Admin-abuse and adds the IP to the database and .htaccess.

I'm using the latest RavenNuke distro.

Has anybody got any ideas how to fix this?


Jakec
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Thu Apr 13, 2006 12:38 pm Reply with quote

I've not experienced this but try updating to v2.4.2pl5.
 
View user's profile Send private message
jakec
PostPosted: Thu Apr 13, 2006 2:31 pm Reply with quote

There must be a setting wrong somewhere, or something screwy has happened when installing Nuke.

My test site is working fine, the site I'm about to release is the one I'm having problems with. The test site in theory should be exactly the same, if anything the test site should be the one I'm having problems with. Sad

The only modules I have installed are Kalender MX and the Re-send email.

Will 2.4.2pl5 be part of the RavenNuke 2.02.02 release?
 
wickedmellow
New Member
New Member


Joined: May 20, 2006
Posts: 3

PostPosted: Sat May 20, 2006 3:20 pm Reply with quote

Having the exact same problem, did everything from up to the step where you log into admin.php (or the filename I'd changed it to in config.php and on the server) but when I tried to click on "modules" to change the forum settings and such I just got blocked and my IP banned for admin abuse. Not sure where to go from here...
 
View user's profile Send private message
reformedman
New Member
New Member


Joined: Sep 15, 2006
Posts: 3

PostPosted: Wed Sep 20, 2006 1:03 pm Reply with quote

I just got the same thing. I googled the 'You have attempted a Union attack on this site' and came to this site.

I entered about 5 articles this morning from a work computer on one floor and now just entered about 10 more articles from another computer at work. On this particular article I kept getting this alert message.

I tried entering a different article and it accepted. I went back to the original article again, and I got the alert again. There is something in the article that is not being allowed to be entered into Content module.

Here is the copy of the article. Only registered users can see links on this board! Get registered or login!

I am taking all the articles from this my old site, to a new domain and entering them one by one through content module. All was going well until I got to this particular article.

Help Please.
 
View user's profile Send private message
jakec
PostPosted: Wed Sep 20, 2006 1:14 pm Reply with quote

The article contains the word 'union' which will trigger the blocker on Sentinel.
 
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Wed Sep 20, 2006 2:01 pm Reply with quote

Please see this post

Only registered users can see links on this board! Get registered or login!

It's funny how urban myths spread. I would appreciate if any other programmers want to verify my reading of it but looking at Sentinel right now, the union "filter" is applied to a "query_string" which is returned from this function in Sentinel:

Code:
function get_query_string() {

  if(get_env("QUERY_STRING")) {
    return str_replace("%09", "%20", get_env("QUERY_STRING"));
  } else {
    return;
  }
}


I don't believe that the onion filter applies to a post_string but the documentation that I'm looking at (the PHP manual) doesn't have anything on get_env that I can see. In other words, if we eliminate the mainfile bug discussed in the other thread we should be able to post all the Onions we want. Oh, there is a listing for "getenv" but unless "QUERY_STRING" also includes any post strings it won't be filtered in Sentinel. Anyone know for sure?
 
View user's profile Send private message Visit poster's website
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©