Login or Register  • Home • Downloads • Your Account • Forums •

Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in NukeSentinel's Anti-Flood Protection is broken (?)... View next topic View previous topic   Web RavenPHPScripts (This Site)      Ravens PHP Scripts And Web Hosting Forum Index » NukeSentinel(tm) v2.6.x Author Message meotoo Hangin' Around Joined: Aug 04, 2009 Posts: 36 Posted: Mon Nov 09, 2009 9:02 am Hello Folks, During yesterday i have been making a number of optimizations to my nuke's mainfile.php file, mostly regarding to speed up the page load time. One of those changes was to remove the ipban.php include if NukeSentinel is used (as it is on my site) The result?... This morning i've received 200 e-mails about "ppl" trying to send crap through Feedback module (those mails does not comes from NS, it's something i've added myself to catch spammers..) And as such, it makes me guess the NukeSentinel's Anti-Flood protection does not work at all (it worked before thanks to ipban), or?... before someone asks, yes... i have sentinel properly configured to protect against flood (EMail Admin & Default Page). By looking at the ab_flood() function i have to say i mostly saw strange sentences, and some things i can't even get to understand... first of all, it looks like on my .ftaccess file i always have *one entry* only, for example: 66.249.71.78 || 384040f314966e0c7867aa658147b29b || 1257775749 || PHPSESSID and therefore, the $floodcount variable is always 1, which render the following code useless: Code: $floodopen = fopen($ab_config['ftaccess_path'], "w");   foreach($floodarray as $floodwrite){     //if(!strstr($floodwrite, $floodarray[$floodcount-10]))     if ($floodcount-10>=0) if(!strstr($floodwrite, $floodarray[$floodcount-10]))     fputs($floodopen, $floodwrite);   } Well... the code isn't really useless... it purges/clear the .ftaccess file on each visit (!?!) What i don't understand is what it is for the $floodcount-10 usage, since it's always -9 here and therefore if($floodcount-10>=0) is always FALSE. Furthermore, by the same reason, explode(' || ', $floodarray[$floodcount-3]); will always return nothing and block_ip($blocker_row); never reached therefore????? Also note the .ftaccess file is opened two times but closed only once (and in wrong place), side effects from that? who knows from all those server configurations... In the other hand, this function can be improved a lot to speed it up, mainly if the $floodcount-10 is really a way of doing things, most of the function code can be skipped if the result is empty.. I was about to modify/fix/improve that function to my understanding, but first i wanted to let you guys know about the issue as you're the current NukeSentinel maintainers, right? What do you think? open to discussion... Guardian2003 Site Admin Joined: Aug 28, 2003 Posts: 6373 Location: Vsetin, Czech Republic Posted: Mon Nov 09, 2009 9:43 am Check the configuration again It won't block it if it isn't set to block it and your setting is at 'Email Admin & Default Page' - does it have the option 'Email, Block & Default page' ?? meotoo Hangin' Around Joined: Aug 04, 2009 Posts: 36 Posted: Mon Nov 09, 2009 9:50 am ops... feeling embarrassed here... You're right, i didn't had the '& Block' statement set as well. However, note i didn't received any email with a Flood abuse report, and since I use 'Email Admin' i should have received a lot of emails coming from NS if Anti-Flood would work ok, don't you think? jakec Site Admin Joined: Feb 06, 2006 Posts: 3038 Location: United Kingdom Posted: Mon Nov 09, 2009 11:29 am It depends how quickly the page views are occuring. Check the Flood Delay settings under General Settings in the Administration menu. Are you using RN? If you are then I would be surprised if it was a bot because of the captcha. I think the default setting is 2 seconds and therefore if it is a human they are probably not posting quick enough to trigger the Flood blocker. meotoo Hangin' Around Joined: Aug 04, 2009 Posts: 36 Posted: Mon Nov 09, 2009 12:10 pm Quote: Are you using RN? No. Flood Delay set to 2 seconds here. Quote: If you are then I would be surprised if it was a bot because of the captcha. It does not matter, because a captcha (or any other protection) does not forbid bots at all from sending/submitting forms. Quote: ...not posting quick enough to trigger the Flood blocker. Seriously, do you think the flood blocker can be triggered/achieved, considering the .ftaccess file is cleared with each visit? hmm, i must be missing something...or just i can't understand how this thing work or it's supposed to work... (?) hmmm...(4 minutes later) well... may i get it... may the flood blocker is triggered when a bot sends several http requests in such a way that all of them makes a collision into ab_flood(), specifically at the $floodappend = fopen($ab_config['ftaccess_path'], "a"); step - is that what you mean? i found this quite random but of course it can happen.. jakec Site Admin Joined: Feb 06, 2006 Posts: 3038 Location: United Kingdom Posted: Mon Nov 09, 2009 1:36 pm meotoo wrote: It does not matter, because a captcha (or any other protection) does not forbid bots at all from sending/submitting forms. I'm sorry I have to disagree, I bet if you were using the feedback module with a captcha you would not have a problem. Guardian2003 Site Admin Joined: Aug 28, 2003 Posts: 6373 Location: Vsetin, Czech Republic Posted: Mon Nov 09, 2009 1:39 pm I have never looked at this functionality within NS to be honest as I use RN and have never had the problem you describe (except when I originally used phpNuke). To be perfectly honest, I don't think the flood blocker is supposed to impose a series of permanent bans, just slow down the attack a bit - attacks like that should really be dealt with at server level. The right CAPTCHA, if implemented correctly does stop the sort of behavior you describe with regard to automated form submission. If the form is being targeted by automated bots, you could just as easily change the form input variables, or even use the module from RN and just comment out the CAPTCHA code (it's commented within the file). Sorry I can't help you any more on that this one. meotoo Hangin' Around Joined: Aug 04, 2009 Posts: 36 Posted: Mon Nov 09, 2009 2:27 pm jakec wrote: I'm sorry I have to disagree, I bet if you were using the feedback module with a captcha you would not have a problem. Guardian2003 wrote: The right CAPTCHA, if implemented correctly does stop the sort of behavior you describe no offense, but... are both you kidding?? I'm quite sure about what i said, again: a captcha DOES NOT forbid bots from SENDING forms(*) hmm, i guess both you didn't understand me, and therefore i have to apologize by my bad english... it's not my mother language and sometimes i do not found the right words... (*) OF COURSE a captcha forbids the form from being processed, but it does not forbid bots from actually sending it, as i said. - anyway this is becoming OFFTOPIC. Guardian2003 wrote: Sorry I can't help you any more on that this one. No problem! I do not want to waste your time, there are more RN admins Who is the actual NS Maintainer? just Raven? BTW, reading this (your last) post i get a little confused, I'm reporting some bugs and/or security flaw (to my understanding) within NukeSentinel - it has nothing to do with RN, plain php-nuke, or whatever CMS I use, this is offtopic as well. meotoo Hangin' Around Joined: Aug 04, 2009 Posts: 36 Posted: Mon Nov 09, 2009 2:39 pm both you may misunderstood this point: Quote: This morning i've received 200 e-mails about "ppl" trying to send crap through Feedback module (those mails does not comes from NS, it's something i've added myself to catch spammers..) The emails i've received AREN'T Feedback submissions. ARE reports from a protection i've added myself to the Feedback module. can we go back to topic, please? Guardian2003 Site Admin Joined: Aug 28, 2003 Posts: 6373 Location: Vsetin, Czech Republic Posted: Mon Nov 09, 2009 2:45 pm Your concerns and your comments are not off topic at all. I was just saying that I don't personally know enough about the Flood blocker to be able to give you an answer or a direction to go in, there are others here who might be able to. meotoo Hangin' Around Joined: Aug 04, 2009 Posts: 36 Posted: Mon Nov 09, 2009 2:54 pm hmm, i think i got misunderstood again..sorry.. I mean talking about CAPTCHA, or RN, on this topic/thread is OFFTOPIC. Of course what i say is not offtopic at all unicornio Involved Joined: Aug 13, 2009 Posts: 432 Posted: Mon Nov 09, 2009 4:05 pm Can you post your mailfile.php meotoo. I did somes changes too and added a very simple code which load the site litttle faster than normal. I think you should play a little bit with NS and then you can see if it is working or not. In my opinion it is working pretty good. meotoo Hangin' Around Joined: Aug 04, 2009 Posts: 36 Posted: Mon Nov 09, 2009 4:54 pm unicornio wrote: Can you post your mailfile.php meotoo. I did somes changes too and added a very simple code which load the site litttle faster than normal. I think you should play a little bit with NS and then you can see if it is working or not. In my opinion it is working pretty good. Hello bestbuildpc.. Please ignore me.. Thank you.. Palbin Site Admin Joined: Mar 30, 2006 Posts: 2456 Location: Pittsburgh, Pennsylvania Posted: Mon Nov 09, 2009 5:55 pm meotoo wrote: hmmm...(4 minutes later) well... may i get it... may the flood blocker is triggered when a bot sends several http requests in such a way that all of them makes a collision into ab_flood(), specifically at the $floodappend = fopen($ab_config['ftaccess_path'], "a"); step - is that what you mean? i found this quite random but of course it can happen.. That is the point of a flood. You will only be added to the file multiple times if this code is true Code:   if($_SESSION["NSNST_Flood"] > time() - $ab_config['flood_delay']){     $floodappend = fopen($ab_config['ftaccess_path'], "a");     fwrite($floodappend, $nsnst_const['remote_ip']." || $_sessid || $currtime || $_sessnm\n");   } Just because this bit of code is may be false (not always) does not matter: Code:   foreach($floodarray as $floodwrite){     //if(!strstr($floodwrite, $floodarray[$floodcount-10]))     if ($floodcount-10>=0) if(!strstr($floodwrite, $floodarray[$floodcount-10]))     fputs($floodopen, $floodwrite);   } The above code does not affect the below code at all since $floodcount is determined before the above. Code: if ($floodcount >= 4) {   $p1 = explode(' || ', $floodarray[$floodcount-1]);   $p2 = explode(' || ', $floodarray[$floodcount-3]);   if($p1["2"] - $p2["2"] <= $ab_config['flood_delay']) {     if($p1["1"] != $p2["1"]) {       if($p1["0"] == $p2["0"]) {         if($nsnst_const['remote_ip'] == $p1["0"] && $p2["0"]) {           block_ip($blocker_row);         }       }     }   } } To demonstrate if you have four of the same entries in ftaccess: Code: 66.249.71.78 || 384040f314966e0c7867aa658147b29b || 1257775749 || PHPSESSID 66.249.71.78 || 384040f314966e0c7867aa658147b29b || 1257775749 || PHPSESSID 66.249.71.78 || 384040f314966e0c7867aa658147b29b || 1257775749 || PHPSESSID 66.249.71.78 || 384040f314966e0c7867aa658147b29b || 1257775749 || PHPSESSID FALSE Code:  if ($floodcount-10>=0) if(!s........ TRUE Code: if ($floodcount >= 4) { ...... meotoo wrote: Also note the .ftaccess file is opened two times but closed only once (and in wrong place), side effects from that? who knows from all those server configurations.. It is opened with a different parameter and you only close it once. meotoo wrote: In the other hand, this function can be improved a lot to speed it up, mainly if the $floodcount-10 is really a way of doing things, most of the function code can be skipped if the result is empty.. The bulk of this function is skipped if the result is 0. meotoo wrote: Quote: If you are then I would be surprised if it was a bot because of the captcha. It does not matter, because a captcha (or any other protection) does not forbid bots at all from sending/submitting forms. You are correct that a CAPTCHA will not stop a bot from sending data to the server. No php coding can physically stop a user/bot from sending data to the server, but it does stop the data from being processed. If you are worried about bandwidth etc being wasted from the "flood" the flood blocker will block that. meotoo Hangin' Around Joined: Aug 04, 2009 Posts: 36 Posted: Mon Nov 09, 2009 6:54 pm Quote: That is the point of a flood. wow... and such collision is guarantee to be reached in a safely way?... because i always had in mind the way IPBan's Anti-Flood is doing it, and it's why i saw that NS's code strange.. i still have wonders/doubts.. for example, what about if such collision is achieved from several different IPs? they will be written randomly to .ftaccess which makes the following code doubtfully valid, i guess: Code: $p1 = explode(' || ', $floodarray[$floodcount-1]);   $p2 = explode(' || ', $floodarray[$floodcount-3]);   if($p1["2"] - $p2["2"] <= $ab_config['flood_delay']) {     if($p1["1"] != $p2["1"]) {       if($p1["0"] == $p2["0"]) {         if($nsnst_const['remote_ip'] == $p1["0"] && $p2["0"]) {           block_ip($blocker_row);         }       }     }   } Quote: if ($floodcount >= 4) { ...... ouch... i didn't have that sentence on my NS 2.6.01 install.. Quote: It is opened with a different parameter and you only close it once. aha, do you mean the filehandle is intentionally left open to let the collision happen? interesting... ...Then, i guess my "fixed function" is broken.. this is what i'm using actually: Quote: function ab_flood($blocker_row) { global $ab_config, $nsnst_const; $floodarray = file($ab_config['ftaccess_path']); $floodcount = count($floodarray); if($floodcount > 9) { $floodopen = fopen($ab_config['ftaccess_path'], "w"); foreach($floodarray as $floodwrite) { if(!strstr($floodwrite, $floodarray[$floodcount-10])) fputs($floodopen, $floodwrite); } fclose($floodopen); } if($floodcount > 2) { $p1 = explode(' || ', $floodarray[$floodcount-1]); $p2 = explode(' || ', $floodarray[$floodcount-3]); if(($p1["0"] == $p2["0"]) AND ($p1["1"] != $p2["1"]) AND (($p1["2"] - $p2["2"]) <= $ab_config['flood_delay']) AND ($nsnst_const['remote_ip'] == $p1["0"] && $p2["0"])) { block_ip($blocker_row); } } if($_SESSION["NSNST_Flood"] > time() - $ab_config['flood_delay']) { $floodappend = fopen($ab_config['ftaccess_path'], "a"); $_sessid = session_id(); $_sessnm = session_name(); $currtime = time(); fwrite($floodappend, $nsnst_const['remote_ip']." || $_sessid || $currtime || $_sessnm\n"); fclose($floodappend); } } I think the if($floodcount > 9) { is needed, but i'll move the fopen outside, or may isn't needed? (it is ok as is?) at least i'll move fclose($floodopen); where it was before, at function's bottom. and i'll remove fclose($floodappend); then, if it's what is needed to the collision to happen.. Well, thanks a lot Palbin for your great advices. Display posts from previous:   All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year  Oldest FirstNewest First        Ravens PHP Scripts And Web Hosting Forum Index » NukeSentinel(tm) v2.6.x  Jump to:  Select a forum Read Me First!!!----------------Board Rules and Regulations Web Hosting Services----------------RWH GeneralRWH Pre Sale QuestionsRWH Client Center Application OnlyRWH OtherFAQ - PHP5 w/phpSuExec Conversion From PHP4PHP5 Conversion Issues From PHP4 RavenNuke(tm) Programming Standards/Approaches/Philosophy----------------RavenNuke / Raven CMS CMS WikiSecurity IssuesConverting/Creating BlocksConverting/Creating ModulesConverting/Creating ThemesConverting/Creating OtherConverting/Creating General DiscussionCertification - Submit Scripts For RavenNuke(tm) CertificationCertification - Modules, Blocks, Other Scripts/Applications Converted For RavenNuke(tm)Certification - All Discussion RavenNuke(tm) v2.5x----------------RavenNuke(tm) v2.5x RavenNuke(tm) v2.4x----------------v2.4 RN Announcementsv2.4 RN Documentationv2.4 RN Issues RavenNuke(tm) v2.3x----------------v2.3 RN Announcementsv2.3 RN Quick Fixesv2.3 RN Issuesv2.3 RN Documentationv2.3 RN Feedback/Suggestionsv2.30.01 RN Security Issuesv2.30.01 RN New Installation Issuesv2.30.01 RN Upgrade Issuesv2.30.01 RN All Other Issues RavenNuke(tm) v2.2x----------------RN v2.20.00 - AnnouncementsRN v2.20.00 - All IssuesRN v2.20.00 - Feedback RavenNuke(tm) Addons----------------FCKeditor/WYSIWYG IssuesnukeFeed/FeedCreatorForum Attachment ModnukeSEOShortLinks/TegoNukeNukePie/SimplePieeCommerce Site Specific Stuff----------------READ ME FIRSTAnnouncementsRaven's v7.0 Customized DistroHack Attempt ScriptRaven's Customized Distribution PacksBUGS/FIXES - Raven's v7.3 Customized DistroCache Lite Admin ModuleNuke Tool Box (TM)Captcha SecurityRaven's RavenNuke(tm) v1.x DistroRaven's RavenNuke(tm) v2.00.00 - v2.02.00 DistroWYSIWYG - Raven's RavenNuke(tm) v2.x DistroRaven's Collapsing Forums BlockGT - Raven's RavenNuke(tm) v2.x DistroRaven's RavenNuke(tm) v2.02.02 DistroPost Fixes - Raven's RavenNuke(tm) v2.02.02 DistroPublic Testing of RavenNuke(tm) v2.10.00HtAccesserIssues/Problems With This Site Security----------------NukeSentinel(tm) Country and IP2Country UpdatesSecurity - PHP NukeSecurity - OtherNukeSentinel(tm) v2.6.xNukeSentinel(tm) v2.5.xNukeSentinel(tm) v2.4.xNukeSentinel(tm)NukeSentinel(tm) Bug ReportsNukeSentinel(tm) Enhancement RequestsNukeSentinel(tm) AnnouncementsPHP-Nuke Patched Series By Chatserv Information About Forums----------------PHPBBBB2NukePunBB PHP-Portal Project (Not General phpnuke!)----------------AnnouncementsDesign Discussions Scripts - General----------------Bug FixesGeneral/Other StuffHow To'sInstallation HelpPost Installation HelpGT - Next Gen and StandardSeeking applications ...ThemesBlocksModulesMaking Nuke Efficientphpnuke 8.1phpnuke 8.0phpnuke 7.9phpnuke 7.8phpnuke 7.7phpnuke 7.6phpnuke 7.6 Bugs/Fixesphpnuke 7.5phpnuke 7.4phpnuke 7.3phpnuke 7.2phpnuke 7.1phpnuke 7.0phpnuke 6.9phpnuke 6.8Bug Fixes for phpnuke 6.5phpnuke 6.5Gallery/Gallery2CNB Your AccountBrowser Specific IssuesUpgrading NukeNuke Treasury NSN Scripts----------------NSN NewsNSN GroupsNSN OtherNSN Gr Downloads - a.k.a NukeDepositoryNSN NukeProject Other CMS/Portal Applications----------------Post NukeNuke PlatinumNuke Evolution PHPBB----------------Stand Alonew/Nuke 6.5w/Nuke 6.9BBtoNuke ModsBBtoNuke General Programming - Server Help----------------PHPMySQLFor HireApacheHTMLCSSJavaScriptServer Help Guestbook Application (KISGB)----------------KISGB General Support Stock Quote Application (KISSQ)----------------KISSQ General Support RavenNuke(tm) v2.10.01----------------RN v2.10.01 - All IssuesRN v2.10.01 - Feedback RavenNuke(tm) v2.10.00----------------RN AnnouncementsRN FAQRN Bug FixesRN Not BugsRN Documentation Issues/SuggestionsRN Enhancement Requests and SuggestionsRN NSN Groups IssuesRN Themes IssuesRN NukeSentinel(tm) issuesRN Installer/Setup IssuesRN Bug Reports - Other IssuesRN Conversion Issues From v2.02RN Conversion Issues From Standard phpNukeRN The Good, The Bad, The Ugly 6.5 Hacks----------------Old Articles Hack Nuke News Module Hack To Allow Ordering of Articles----------------News Module Hack - AnnouncementsNews Module Hack - BugsNews Module Hack - Enhancement RequestsNews Module Hack - Discussion Other Stuff----------------Other - DiscussionOther - Sites To VisitOther - Chit ChatOther - PoliticsOther - Movie ReviewsOther - Humor Religion----------------Religion - GeneralPrayer/Praise Requests Potpourri----------------Rants & Raves Private----------------Reading - AnnouncementsReading - Digital BooksReading - Hard/Soft cover BooksReading - Digital MagazinesReading - Printed Magazines  View next topic View previous topic You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Forums ©

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2011 by Raven

You can syndicate our news using the file



Website engines core code is © copyright by PHP-Nuke but has been heavily patched and modified by myself and others.
PHP-Nuke is a free software released under the GNU/GPL.


:: fisubice phpbb2 style by Daz :: PHP-Nuke theme by www.nukemods.com :::: fisubice Theme Modified by the RavenNuke™ Team ::
:: :: ::

zerosum