i was using ns 2.4.2pl5 and got a lot of emails from users being blocked who are using talktalk as their isp. i asked for their ip addresses and was unable to find them as "talktalk" but actually opal-dsl. i found that updating ip2country cured the problem, but it looks like the isp is obtaining new ip addresses quicker than ip2country is being updated.
i tried up upgrade nukesentinel, but seemed to have messed it up somehow and ALL users became blocked.
my ip address range is protected in sentinel, but i was still blocked. it was not added to the banned list in either the db or .htaccess.
i have cured the problem by uninstalling ns entries from the db. i backed up the db should their be any attacks that take down the site meanwhile.
my problem now is that i do not know if ns is the correct security to use on my site. true, it has informed me of abuse in the past - usually get and post requests, but i am not prepared to block other valid users out purely because of their choise of isp.
Joined: Feb 06, 2006 Posts: 3028 Location: United Kingdom
Posted:
Thu Mar 13, 2008 2:18 pm
I would recommend uninstalling Sentinel and then re-installing the latest version. Because you are so far behind with the updates it is probably easier to do this than upgrade.
Personally I wouldn't choose anything else for security.
Once you have installed the latest version, see how that goes if you are still having a problem please post back with the reason Sentinel is giving for blocking the users.
if the problem lies with ip2country, as i think it does, i do not wish to install sentinel again only to have talktalk customers and users from other isp who are obtaining ip addresses quicker than ip2country is updated continuing to contact me saying they cannot access the website.
Joined: Aug 29, 2004 Posts: 9071 Location: Arizona
Posted:
Mon Mar 17, 2008 5:12 am
geoff_bell, you have assumed that it is IP2Country, yet we do not have enough information from your post to know for sure from our end. Without the text of from the block, how can you even know for sure? My first thought was maybe the proxy blockers were set. That can sometimes be the case when its isolated within a particular ISP, such as AOL.
I do not know what else to tell you other than without Sentinel, you had better be very sure that you are fully patched and that you do not introduce add-ons / hacks to your nuke installation that have security holes...
By the way, there are several threads here in the forums which talk about how to shut off the IP2C checking. But, you need to be up on the latest NS in order to do it without commenting out code.
View next topic View previous topic
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
