Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.4.x
Author Message
smtpster
New Member
New Member



Joined: Nov 12, 2005
Posts: 3
Location: Istanbul, Turkey

PostPosted: Mon Jun 12, 2006 2:03 am Reply with quote

Hi,

My site's version: phpnuke patched 7.6 3.2
Sentinel version: NukeSentinel(tm) 2.4.2pl9
Your account module: CNB 4.4.2

Related info mail from sentinel:
Code:
Date & Time: 2006-06-12 09:01:18 EEST GMT +0300

Blocked IP: 1.0 SabahProxy
User ID: misafir (1)
Reason: Abuse-String
String Match: LIMIT
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Query String: /root/modules.php?name=edogssitemap
Get String: /root/modules.php?name=edogssitemap
Post String: /root/modules.php?slimits=50&sest=&Submit=Search
Forwarded For: none
Client IP: 1.0 SabahProxy
Remote Address: 212.145.40.122
Remote Port: 29072
Request Method: POST


Problem is that:
In user info page, last user ip is shown as 1.0 SabahProxy
And ban this ip links the same ip.. like:
/root/admin.php?op=ABBlockedIPAdd&tip=1.0 SabahProxy

In addition to this, wrong client ip address is added to htaccess block list..
As a result block fails..

I guess that up to sentinel 2.4.2pl2 there was no problem, after some upgrades this problem occured.. Maybe on only my site..

Thanks in advance..
Regards..


Last edited by smtpster on Mon Jun 12, 2006 6:18 am; edited 1 time in total 
View user's profile Send private message MSN Messenger
kenwood
Worker
Worker



Joined: May 18, 2005
Posts: 119
Location: SVCDPlaza

PostPosted: Mon Jun 12, 2006 2:31 am Reply with quote

I have post it in the wrong forums but you have the same thing as i have
read [ Only registered users can see links on this board! Get registered or login! ]
 
View user's profile Send private message Visit poster's website
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam

PostPosted: Mon Jun 12, 2006 2:36 am Reply with quote

Did you do use the Sentinel 'search IP' function on that IP to see if it was in a protected or excluded range?
 
View user's profile Send private message Send e-mail
smtpster







PostPosted: Mon Jun 12, 2006 2:47 am Reply with quote

Thanks..
I used "search ip" function and see that none of those ip's is in protected or excluded range.. I connect to my site over my proxy too. No spoofing there. But client ip is not correct.

Before 2.4.2pl4 upgrade I think, I can see my correct ip and users correct ip's, but after that upgrade this problem started to happen.. I read the Kenwood's post, and [ Only registered users can see links on this board! Get registered or login! ] too.
 
Guardian2003







PostPosted: Mon Jun 12, 2006 2:53 am Reply with quote

I just need to verify something.
Could you post the schema for the 2 tables;
nuke_nsnst_blocked_ips
nuke_nsnst_blocked_ranges
(just the schema not the data).
 
smtpster







PostPosted: Mon Jun 12, 2006 3:06 am Reply with quote

Thanks again.

nuke_nsnst_blocked_ips
Code:
CREATE TABLE `nuke_nsnst_blocked_ips` (

  `ip_addr` varchar(15) NOT NULL default '',
  `user_id` int(11) NOT NULL default '1',
  `username` varchar(60) NOT NULL default '',
  `user_agent` text NOT NULL,
  `date` int(20) NOT NULL default '0',
  `notes` text NOT NULL,
  `reason` tinyint(1) NOT NULL default '0',
  `query_string` text NOT NULL,
  `get_string` text NOT NULL,
  `post_string` text NOT NULL,
  `x_forward_for` varchar(32) NOT NULL default '',
  `client_ip` varchar(32) NOT NULL default '',
  `remote_addr` varchar(32) NOT NULL default '',
  `remote_port` varchar(11) NOT NULL default '',
  `request_method` varchar(10) NOT NULL default '',
  `expires` int(20) NOT NULL default '0',
  `c2c` char(2) NOT NULL default '00',
  PRIMARY KEY  (`ip_addr`),
  KEY `c2c` (`c2c`),
  KEY `date` (`date`),
  KEY `expires` (`expires`),
  KEY `reason` (`reason`)
) ENGINE=MyISAM DEFAULT CHARSET=latin5;


Other table:
Code:


CREATE TABLE `nuke_nsnst_blocked_ranges` (
  `ip_lo` int(10) unsigned NOT NULL default '0',
  `ip_hi` int(10) unsigned NOT NULL default '0',
  `date` int(20) NOT NULL default '0',
  `notes` text NOT NULL,
  `reason` tinyint(1) NOT NULL default '0',
  `expires` int(20) NOT NULL default '0',
  `c2c` char(2) NOT NULL default '00',
  PRIMARY KEY  (`ip_lo`,`ip_hi`),
  KEY `c2c` (`c2c`),
  KEY `date` (`date`),
  KEY `expires` (`expires`),
  KEY `reason` (`reason`)
) ENGINE=MyISAM DEFAULT CHARSET=latin5;


Thanks in advance..
The same situation and sentinel page I encountered in: [ Only registered users can see links on this board! Get registered or login! ] web site.

Code:



You have attempted to enter this site using a proxy.

This site does not allow proxy connections. Below is what we can tell about your connection.

If you think this is a mistake you can contact the site webmaster at t(dot)aslan(at)wanadoo(dot)nl.

User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Remote Address: 212.145.40.125
Client IP: 1.0 MyProxy  //The same client ip problem
Forwarded For: none


This situation occurs when first level proxy usage, and second and other level proxy usage is not blocked..
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.4.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©