| Author |
Message |
protocool
New Member
Joined: Aug 19, 2004
Posts: 15
|
 Posted:
Sun Dec 19, 2004 11:49 am |
 
|
Is there anyway to check whether sentinel is actually working? Currently got sentinel 2.1.2 and phpnuke 7.6.
Thanks |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Sun Dec 19, 2004 12:08 pm |
|
Logoff from your website, both user and admin. Then type this in your browser url:
This assumes that you have set the union protection on. After you are banned you will need to use phpMyAdmin to remove your IP from the nsnst_blocked_ips table. Then, if you are writing to .htaccess, you will have to remove your IP from there too. |
|
|
  
|
|
protocool
New Member
Joined: Aug 19, 2004
Posts: 15
|
| Posted:
Sun Dec 19, 2004 1:08 pm |
|
Okay... it doesnt seem to be working  . It just says Sorry, this Module isn't active!... |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Sun Dec 19, 2004 2:48 pm |
|
Well, try using a module that is active. |
|
|
|
|
|
protocool
New Member
Joined: Aug 19, 2004
Posts: 15
|
| Posted:
Sun Dec 19, 2004 5:07 pm |
|
The module is active, I can access it via "contact.html", however when I add the union tag "contact.html%union%", it says that the module is inactive... Im guessing it thinks of it as a completely different module ?!?
Thanks. |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Sun Dec 19, 2004 5:23 pm |
|
Try name=Downloads&d_op=viewdownloads&sid=-1/* */UNION/* */ |
|
|
|
|
|
protocool
New Member
Joined: Aug 19, 2004
Posts: 15
|
| Posted:
Sun Dec 19, 2004 5:30 pm |
|
Yay! atlast im banned from my site  ... actually, im sure not sure if that supposed to be a good thing  .
Thanks for you help Raven!!!! |
|
|
|
|
|
ThePiston
Worker
Joined: Dec 22, 2004
Posts: 135
|
| Posted:
Fri Dec 24, 2004 12:50 pm |
|
Hey Raven, I'm running 7.6patched and Sentinel 2.1.2. I tried both scripts from above... here's the scripts and what I get on screen:
Sorry, files does not exist...
*/UNION/* */
this takes me back to index.php
I've run all kinds of scripts and I never get banned, I either get the popup login from .htaccess or "you leave this site now" or "file deos not exist" et. Is this because I'm running 7.6patched or is Sentinel not working correctly? |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Fri Dec 24, 2004 1:45 pm |
|
And you've modified the mainfile.php for NukeSentinel? Are you using any other 'protection' that could be interferring? |
|
|
|
|
|
ThePiston
Worker
Joined: Dec 22, 2004
Posts: 135
|
| Posted:
Sun Dec 26, 2004 7:14 pm |
|
Yep, I modified all 3 files that the readme file said (javascript, mainfile, header) |
|
|
|
|
|
BillTheCat
New Member
Joined: Dec 30, 2004
Posts: 9
Location: Colorado
|
| Posted:
Thu Dec 30, 2004 11:02 pm |
|
I'm getting the same results. The also returns Sorry, files does not exist...
The test of modules.php?name=Downloads&d_op=viewdownloads&sid=-1/* */UNION/* */ brought up the banned screen but didn't block my IP - I was still able to login and the blocked_ip list did not contain my IP. |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Thu Dec 30, 2004 11:12 pm |
|
Do you have NukeSentinel configured to block and write your IP? Have you removed all other protection methods - even Chatserv's mainfile and admin code? |
|
|
|
|
|
ThePiston
Worker
Joined: Dec 22, 2004
Posts: 135
|
| Posted:
Fri Dec 31, 2004 7:42 am |
|
I fixed mine.... I didn't have "BLOCK" on, only the default page. |
|
|
|
|
|
BillTheCat
New Member
Joined: Dec 30, 2004
Posts: 9
Location: Colorado
|
| Posted:
Fri Dec 31, 2004 10:22 am |
|
-I had Protector running but it has been removed.
-Write to .htaccess is ON (mode is 666) in root.
-I get the E-mails but am not blocked.
-I searched for Chatserv's mainfile and admin code but couldn't find it so I assume it isn't there.
-Mods to the three files were made.
PHP version 4.3.10
phpNuke 6.5 release
mysql Ver 8.40 Distrib 4.0.16
Bill Catz |
|
|
|
|
|
ThePiston
Worker
Joined: Dec 22, 2004
Posts: 135
|
| Posted:
Fri Dec 31, 2004 10:28 am |
|
Oh yeah, check to make sure that you actualyl have Sentinel configured to DO something. I was sp stupid I thought that installing Sentinel alone was enough, but you have to go into "Sentinel Configuration" and turn on all the blocks. Have you done that? |
|
|
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2499
|
| Posted:
Fri Dec 31, 2004 10:36 am |
|
It won't write the ban if you have an admin cookie also if your just using .htaccess as the path try the full server path or vice versa. |
|
|
|
|
|
BillTheCat
New Member
Joined: Dec 30, 2004
Posts: 9
Location: Colorado
|
| Posted:
Fri Dec 31, 2004 11:35 am |
|
Yes, every filter is ON to write to .htaccess.
I had a recent attack and received the E-mail
- nothing written to .htaccess
- nothing in the Blocked_IPs list
So, it looks like the write IP function is what's not working. Write E-mail works.
I had the full path to .htaccess but changed it to the web root path. Neither works. I've had two legitimate attacks and received the E-mails saying they were blocked but they were not.
Something that may help...
In the Sentinel Admin menu everything has a link to configure EXCEPT:
IP to Country
Admin Auth List
Scan for New Admins
Database Maintenance
Also, In the NukeSentinel Admin page, where it says You MUST set ALL admin passwords before activating HTTPAuth or CGIAuth!, clicking on "MUST" just returns me to the same page - /admin.php?op=ABAuthList link returns me to /admin.php?op=ABMain
I do not have cgiAuth installed.
Bill Catz |
|
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9136
Location: Arizona
|
| Posted:
Fri Dec 31, 2004 3:09 pm |
|
I know you said your .htaccess file had 666 permissions but check again. When I added the code to .htaccess to stop the Sanity worm and other attacks, my update forced my permissions back to 644. Might have been a admin panel thing. I had to change it back to 666 before sentinel could write to it again.
montego |
|
|
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2499
|
| Posted:
Fri Dec 31, 2004 4:29 pm |
|
Yeh sometimes ftp can't change the permissions of system files either and you have to do it from the webmin or CPanel whatever the host has provided. |
|
|
|
|
|
BillTheCat
New Member
Joined: Dec 30, 2004
Posts: 9
Location: Colorado
|
| Posted:
Fri Dec 31, 2004 4:51 pm |
|
I telneted to the system and verified that all is as it should be (mode=666).
Even if it wasn't, that wouldn't explain why the database isn't being updated also. I can manually enter IPs to block but the scripts do not update the tables.
Bill Catz
p.s. When I manually block an IP, it DOES write to the .htaccess file. So it appears to be when an attack happens, the E-mail is sent and that's all but from the E-mail, I can manually block the IP and then it's in both the database and the .htaccess file.
Hopefully this will help.
Thanks in advance!!!
Bill |
|
|
|
|
|
BillTheCat
New Member
Joined: Dec 30, 2004
Posts: 9
Location: Colorado
|
| Posted:
Mon Jan 10, 2005 5:47 pm |
|
I reinstalled Sentinel and everything is now working as before. The E-mail is sent but the IP is NOT blocked. If I manually block the IP, then it gets added to both the database and the .htaccess.
Any ideas?
Thanks in advance |
|
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9136
Location: Arizona
|
| Posted:
Mon Jan 10, 2005 8:39 pm |
|
Ok, the easy stuff is out of the way...
You may wish to contact your web hosting company (unless that is YOU of course). I didn't mention this perviously because I had a different problem where Apache wasn't recognizing my Rewrite rules placed in the .htaccess file. After hours of frustration I finally contacted my web hosting company to see if there was something in the configuration stopping this from working. Although Apache was compiled with mod_rewrite module, they had to change some setting to get it to work.
I realize that your issue has nothing to do with Rewrite, but I think you may be down to finding out if they can identify any reason why Sentinel cannot write to .htaccess.
Sorry...
montego |
|
|
|
|
|
drmike
Worker
Joined: Jul 15, 2004
Posts: 108
Location: Charlotte, NC
|
| Posted:
Mon Jan 10, 2005 9:22 pm |
|
After all of the scans looking for hackable copies of PHPBB recently, I'm happy to say that Sentinel is working over here. Had somethingn like 600 IPs blocked within a 2 day period.
-drmike |
|
|
 |
|
GJSchaller
New Member
Joined: Jan 03, 2005
Posts: 3
|
| Posted:
Mon Jan 10, 2005 9:39 pm |
|
| BillTheCat wrote: | | Also, In the NukeSentinel Admin page, where it says You MUST set ALL admin passwords before activating HTTPAuth or CGIAuth!, clicking on "MUST" just returns me to the same page - /admin.php?op=ABAuthList link returns me to /admin.php?op=ABMain |
I am running into the same thing - but in my case, the link on MUST is missing the word "admin" - the URL is - which is definatley odd. When I manually type in the word Admin, I get bounced, as Bill does.
I've tried re-uploading the files, in case something failed or died in transfer. I even re-downloaded the tar.gz file to make sure.
I'm not sure if this is related or not, but the links for Admin Auth List, Scan for New Admins, and Database Maintenance are also dead (they aren't links). |
|
|
|
|
|
Muffin
Client
Joined: Apr 10, 2004
Posts: 649
Location: UK
|
| Posted:
Tue Jan 11, 2005 5:54 am |
|
When I click on the link MUST I get a 404 page lol
Are you sure you're logged in as God, because if not then those links won't be active to check for new Admins. |
|
|
|
|
|
|
|
|
|
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
