| Author |
Message |
erick08
Regular
Joined: Apr 20, 2008
Posts: 56
|
 Posted:
Fri Mar 27, 2009 1:44 am |
 
|
Hello ravenscript staff,
I'm going to setup the nuke sentinel. I click to the "CGIAuth Setup" then the code below ask me to paste in .htaccess file. When I try to access to administration I can't, but it say:
"Internal Server Error
Hint: Check the .htaccess file for syntax/configuration errors"
This code I paste in .htaccess file:
#-------------------------------------------
# Start of NukeSentinel(tm) admin.php Auth
#-------------------------------------------
<Files
deny from all
</Files>
<Files admin.php>
<Limit GET POST PUT>
require valid-user
</Limit>
AuthName "Restricted by NukeSentinel(tm)"
AuthType Basic
AuthUserFile
</Files>
#-------------------------------------------
# End of NukeSentinel(tm) admin.php Auth
#-----------------------------------
what wrong?
TQ |
|
|
|
|
dad7732
RavenNuke(tm) Development Team
Joined: Mar 18, 2007
Posts: 1191
|
| Posted:
Fri Mar 27, 2009 12:45 pm |
|
Do you have your user/pass included in the .staccess file? |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Sat Mar 28, 2009 12:50 am |
|
You are not following the instructions in the HowToInstall manual. That's why you are getting the errors. Review the setup instructions but first restore your original .htaccess file that cane with the distro. |
|
|
  
|
|
erick08
Regular
Joined: Apr 20, 2008
Posts: 56
|
| Posted:
Sat Mar 28, 2009 10:50 am |
|
| dad7732 wrote: | | Do you have your user/pass included in the .staccess file? |
Yes I have user/pass but I dont know how to put in .staccess . Also I lose here;
"Normally: /home/****/public_html/.htaccess"
What exactly: /home/****/public_html/.htaccess or add "http://www" like,
Yes Raven I folow the instruction, but maybe have a mistake.
By now I leave the staccess Path and ftaccess Path blank. htaccess Path:I fill ".htaccess" can I leave the two path blank?
TQ  |
|
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Sat Mar 28, 2009 6:56 pm |
|
You cannot use the URL. You will need to ask your host what the home path is for your site.
Again, it's probably something in the form
/home/****/public_html/.htaccess
but you will have to ask your host. |
|
|
|
|
|
erick08
Regular
Joined: Apr 20, 2008
Posts: 56
|
| Posted:
Sun Mar 29, 2009 3:58 am |
|
Sentinel setting look like all OK for me now.
But I'am confuse are the HTTPAuth similar to CGIAuth... I want to protect my forum from hack, where can I begin..
TQ  |
|
|
|
|
|
jakec
Site Admin
Joined: Feb 06, 2006
Posts: 3038
Location: United Kingdom
|
| Posted:
Sun Mar 29, 2009 6:09 am |
|
If you have the httpAuth setting use that and you won't have to do the CGIAuth settings. |
|
|
|
|
|
erick08
Regular
Joined: Apr 20, 2008
Posts: 56
|
| Posted:
Sun Mar 29, 2009 8:25 am |
|
Yes I use httpAuth setting. So, how can I setting the Sentinel to protect my Forum.
TQ  |
|
|
|
|
|
jakec
Site Admin
Joined: Feb 06, 2006
Posts: 3038
Location: United Kingdom
|
| Posted:
Sun Mar 29, 2009 8:39 am |
|
You mean forum admin?
My host uses cPanel so if I have any other directories I want to protect then I do it through cPanel, which is much easier and quicker. |
|
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9136
Location: Arizona
|
| Posted:
Sun Mar 29, 2009 9:01 am |
|
erick08, just so you know, there haven't been any known exploits of the forum admin in a very long time. RN 2.3.x is fully patched.
Also, what you have been talking about is "admin" protection. But, do you really mean regular forum protection? The same blockers are used throughout RN, so there isn't anything "extra" that is specific to the forums. |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Sun Mar 29, 2009 3:04 pm |
|
To protect your forum admin, please refer to the RavenNuke(tm) How To Install manual. See . Then select NukeSentinel(tm) from the menu to the left. Read through the setup instructions and about 40 lines or so down the page you will see this line of text:
Once the above is working for you, be sure to read the section on Protecting Your Forums Admin Folder at the bottom of this page.. Click the link and it will take you down to the section Protecting Your Forums Admin Folder. |
|
|
|
|
|
erick08
Regular
Joined: Apr 20, 2008
Posts: 56
|
| Posted:
Mon Mar 30, 2009 5:02 am |
|
| Raven wrote: | To protect your forum admin, please refer to the RavenNuke(tm) How To Install manual. See . Then select NukeSentinel(tm) from the menu to the left. Read through the setup instructions and about 40 lines or so down the page you will see this line of text:
Once the above is working for you, be sure to read the section on Protecting Your Forums Admin Folder at the bottom of this page.. Click the link and it will take you down to the section Protecting Your Forums Admin Folder. |
Hi Raven,
Yes I do. At the botom I found of NukeSentinel(tm) config:
If you using "HTTPAuth", see the thread in the RavenPHPScripts support forums.
Are this link setup the HTTPAuth?
TQ |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Mon Mar 30, 2009 5:38 am |
|
That link should detail how to set it up  |
|
|
|
|
|
erick08
Regular
Joined: Apr 20, 2008
Posts: 56
|
| Posted:
Mon Mar 30, 2009 6:33 am |
|
Ok Raven I already set it up. Now how I know it work?
TQ  |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Mon Mar 30, 2009 8:47 am |
|
Log out as admin and then try to log in again as admin. It should prompt you. |
|
|
|
|
|
erick08
Regular
Joined: Apr 20, 2008
Posts: 56
|
| Posted:
Tue Mar 31, 2009 1:36 am |
|
I mean in forum admin..... but wait. How do I put the code "username:password" in .staccess in Forum admin?
Like this...
<Files .staccess>
username:password
</Files>
or something.....
Bcause when I click the icon of the forum in Control Panel dministrator I recieve this:
"Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request."
TQ  |
|
|
|
|
|
dad7732
RavenNuke(tm) Development Team
Joined: Mar 18, 2007
Posts: 1191
|
| Posted:
Tue Mar 31, 2009 6:38 am |
|
That is not the way .staccess works. Depending on the OS that your server runs on, ie., FreeBSD, Linux, IIS, etc. you have to generate a username:password using the server control syntax, etc. Your ISP will help you with this function.
After that is accomplished, you then copy the information generated to your .staccess file, for example:
| Quote: | | Username:$ape1$ffjQf/..$eFRhzMqftcZULhj8B7k5m. |
That is ALL that is included in the .staccess file, one line only. The username is plain english or whatever your language is and the password is encrypted. There is no .staccess specific to just the forum that I am aware of.
Cheers |
|
|
|
|
|
erick08
Regular
Joined: Apr 20, 2008
Posts: 56
|
| Posted:
Tue Mar 31, 2009 6:51 am |
|
Cheers........ that is.....tq. Now how do I test? Can I test it? Just want to know......
TQ dad7732. |
|
|
|
|
|
dad7732
RavenNuke(tm) Development Team
Joined: Mar 18, 2007
Posts: 1191
|
| Posted:
Tue Mar 31, 2009 7:00 am |
|
First of all, in your Sentinel administration, Admin Auth has to be OFF. The path to the .staccess file must be correct. Also, the .staccess file permission must be set to 666.
With all that done, access your site's administrator acccount, eg.,:
If set correctly you will be presented with a login box, "Authentication Required". Enter the username and password that is included in your .staccess file and if correct you will then be presented with another login box where you enter your admin username and password that you entered when you initially set up RN.
Note:
In your .htaccess file, you must uncomment the following lines and include the path to the .staccess file, such as:
| Quote: | <Files admin.php>
<Limit GET POST PUT>
require valid-user
</Limit>
AuthName "Restricted"
AuthType Basic
AuthUserFile /home/directory/directory/.staccess
</Files> |
Note the last line, that should be the path to the .staccess file starting from /root/ on your server and NOT a URL. |
|
|
|
|
|
erick08
Regular
Joined: Apr 20, 2008
Posts: 56
|
| Posted:
Tue Mar 31, 2009 8:25 am |
|
Hello dad7732,
First at all TQ,
Are the Admin HTTPAuth never turn it back?
What I mean to test is, test the protection admin in the forum? If I'm the hacker, how can I do this?
What u mean "entered when you initially set up RN" and how to setup?
TQ |
|
|
|
|
|
dad7732
RavenNuke(tm) Development Team
Joined: Mar 18, 2007
Posts: 1191
|
| Posted:
Tue Mar 31, 2009 8:46 am |
|
If your site is protected as mentioned, then the ENTIRE site, including the forum is under the same protection. The protection is site-wide, not just a specific module, etc. You can't get into the forum administration unless you're logged in as "Admin" from the beginning using the suggested method. |
|
|
|
|
|
erick08
Regular
Joined: Apr 20, 2008
Posts: 56
|
| Posted:
Wed Apr 01, 2009 1:38 am |
|
OK dad7732 the best...... Tq
But one more. I want to change my security cod to 8 digit. By now its 6 digit. How can I do it? 
TQ |
|
|
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6373
Location: Vsetin, Czech Republic
|
| Posted:
Wed Apr 01, 2009 10:11 am |
|
Please start a new topic for that. |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Wed Apr 01, 2009 10:16 am |
|
erick08,
Actually if you search the forums we have already answered that |
|
|
|
|
|
erick08
Regular
Joined: Apr 20, 2008
Posts: 56
|
| Posted:
Thu Apr 02, 2009 2:36 am |
|
A... au... Yop Bos...
TQ |
|
|
|
|
|
|
|
|
|
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
