Suggestion for 2.5.1

manunkind · Posted: Sun Jul 16, 2006 6:52 pm

Can we please make IP to Country optional? I had to add almost 75,000 rows and over 4MB to my database to make 2.5 work properly. This should not be needed. I don't care what country the IP is from. If it's a hack attempt, the IP gets banned. Period.

kguske · Site Admin Joined: Jun 04, 2004 Posts: 6044

It's already optional. Just don't install it.

manunkind · Posted: Sun Jul 16, 2006 7:26 pm

It doesn't appear to be:

Only registered users can see links on this board!
Get registered or login to the forums!

and

Only registered users can see links on this board!
Get registered or login to the forums!

and

Only registered users can see links on this board!
Get registered or login to the forums!

That was just today's solutions. Installing IP to Country fixed all the problems.

kguske · Site Admin Joined: Jun 04, 2004 Posts: 6044

I haven't seen anything else indicating the IP2Country is required. But we can (and will) certainly confirm that.

BTW, posting a new topic doesn't necessarily get your message answered more quickly. Many prefer topics with more activity to see what's going on.

manunkind · Posted: Mon Jul 17, 2006 5:41 am

Thanks for looking into it, kguske!

Guardian2003 · Posted: Mon Jul 17, 2006 5:49 am

Yes, I am looking forward to the outcome myself Smile

kguske · Site Admin Joined: Jun 04, 2004 Posts: 6044

Bob created a test site without IP2Country, and I was able to access it without getting blocked. Is it certain modules or all modules? Index page, admin?

manunkind · Posted: Mon Jul 17, 2006 7:09 am

I think mine was just the index page. I'm the only Admin on the site.

But like I said in another thread, I was fine here at home and at school. But when I accessed it from work, I got banned. Other Users were banned as well, but not everybody. That was the strange part.

I just don't think having one person test the site is enough to decide. I thought everything was running perfectly until I started getting the emails and tested it myself from another location/IP. Sure enough, it was banning certain people.

kguske · Site Admin Joined: Jun 04, 2004 Posts: 6044

I thought it was banning everyone, which would make sense if it had no IP2Country data to validate against.

But, I'm not the only one testing that site either. I'll provide Bob with an update, but agree that this doesn't make any sense.

kguske · Site Admin Joined: Jun 04, 2004 Posts: 6044

BobMarion wrote:

Flood is being triggered. I ran into that on one of the sites I monitor. They need to set the flood delay to 1 and clear the .ftaccess file.

Please give this a try and let us know. If that's the trick, it's another reason to update the manual and documentation.

manunkind · Posted: Mon Jul 17, 2006 9:28 pm

Come to think of it, this time around I haven't uploaded an .ftaccess file and activated the Flood feature yet. But before, I think I did have it activated. Hmmm.

kguske · Site Admin Joined: Jun 04, 2004 Posts: 6044

Please check and let us know.

manunkind · Posted: Thu Sep 14, 2006 6:43 am

I just wanted to bump this up and make sure it gets read by the developers. There's way too many problems with IP addresses and people getting blocked for no valid reason.

Let's keep NukeSentinel doing what it does best which is blocking real hack attempts. NS needs to stop trying to be the IANA. Wink

Guardian2003 · Posted: Thu Sep 14, 2006 11:21 am

Unless I missed a post, there are not any issues like this with 2.5.1
An essential feature of any security product like Sentinel is to determine whether the incoming IP is genuine or not.
The problem with the IANA reserved range is that the reserved range is just that - 'reserved for temporary use' and does change from time to time.

fkelly · Posted: Thu Sep 14, 2006 6:34 pm

I have to say "yeah, but" Guardian. Correct me if I'm wrong but as several posters have said IP2Country used to be optional. Now it appears to be mandatory if for no other reason than "to determine whether the incoming IP is genuine or not." I think folks are getting caught "twixt and tween" resulting in the frequent problems we see being posted here.

If indeed IP2country is now mandatory, perhaps nukesentinel.php could be programmed to do a table integrity check to make sure that the IP2country table is "up to date" and issue some kind of warning if it isn't. That would be preferable to an incessant swarm of "invalid IP" messages.

manunkind · Posted: Thu Sep 14, 2006 7:10 pm

Guardian2003 wrote:

An essential feature of any security product like Sentinel is to determine whether the incoming IP is genuine or not.

That's fine and dandy, but this "feature" needs to be optional like everything else. That's the only point in my post.

I don't care if the IP is invalid or not. If they hack me, the IP (valid or not) will be banned. Very simple.

And I'm sure alot of us could use the extra 5MB of database space as well.

evaders99 · Posted: Thu Sep 14, 2006 9:29 pm

Yes it should be an optional configuration to turn on or off, and it should probably not be activated by default

Guardian2003 · Posted: Fri Sep 15, 2006 1:10 am

Sorry I meant version 2.5.2 not 2.5.1 - as far as I'm aware there have been no issues with 'invalid IP' - but there may be posts I have missed.

I would probably agree the the 'valid ip' check should be optional but I'm thinking that instead of losing the functionality altogether, if an invalid IP is detected Sentinel should redirect to a custom error page and provide a link for humans to click together with a CAPTCHA so they can proceed and the IP is recorded and then 'allowed'.

I think that sort of scenario would certainly help and afford *some* level of protection.

manunkind · Posted: Fri Sep 15, 2006 5:49 am

Guardian2003, starting with 2.5.0, this feature somehow became mandatory and a ton of problems with banning people were fixed by installing the whole IP to Country table.

All versions before that had this feature optional.

Guardian2003 · Posted: Fri Sep 15, 2006 5:57 am

Thats correct but from I understand of the changes Bob Marion/Raven made to Sentinel in 2.5.2 this should no longer be a problem.
If you are using 2.5.2 and still having this issue, then we need to pass that on to the developers.

manunkind · Posted: Fri Sep 15, 2006 6:07 am

Ok, I didn't know the issue has been fixed already. So I can remove the whole IP to Country table and I won't have any problems now? Or is it still somehow "required"?

montego · Posted: Fri Sep 15, 2006 7:53 am

Personally, I have not heard one way or the other from the developer.

manunkind, if you do not care about this check, comment it out in the nukesentinel.php script (as has been addressed several times before in these forums), or, if you are using RavenNuke76 2.02.02, just set the $bypassNukeSentinelInvalidIPCheck variable to TRUE and that will accomplish the same thing.

Now, before you jump all over my case, realize that none of us here on this thread has anything to do with developing NukeSentinel. We are in the same "boat" as you.

Gremmie · Posted: Fri Sep 15, 2006 10:49 am

The last I heard the developers were looking into the problem but could not reproduce it. There was nothing in the 2.5.2 change log to indicate this was fixed (or even acknowledged).

Since some people have reported success with just importing the IANA reserved data, I may empty my IP2C tables and just reimport the IANA stuff.

montego · Posted: Sat Sep 16, 2006 1:53 pm

Gremmie, yes, please let us know. Others have found that to work. I am always interested in having more confirmation. Regards!

manunkind · Posted: Sat Sep 16, 2006 5:52 pm

Thanks! I will certainly look into both possible solutions. I'm leaning more towards commenting the whole darn "feature" out however. I see no real value in it. Rolling Eyes