PC Killer - To use or not to use

Posted: Wed Jun 02, 2004 7:22 pm

You can always copy this one:
Sentinel ™
Wink

Client Joined: Jan 29, 2004 Posts: 624

sixonetonoffun wrote:

You can always copy this one:
Sentinel ™
Wink

OK I'll do that! Sentinel ™ Sentinel ™ Sentinel ™ Sentinel ™ Sentinel ™ Hozzat?

Posted: Sun Jun 27, 2004 11:25 am

An interesting thread, if not a little long.
Personally, I used one the best protection script I could find at the time, to my mind, that was Protector.
Perhaps I should 'I perceived the best protection script ......'

Time has moved on and I have changed to Sentinel because I perceive it as the best protection for my site. I am familiar with the works of the script authors, in as much as their code works, support is usually forthcoming immediately and there is not the even the faintest hint of contempt or sarcasm because someone (like me) asks a dumb ass question or forgets to check soemthing really simple.

In the 2 years I have been using phpnuke, I have used a variety of different scripts from a variety of different sources. Mostly depending on my needs and the level of support available.

As for Sentinel, yes I think the pop-ups should be included and I think it is acceptable for the user to act in a manner which they feel comfortable with - but atleast they have the option of turning this on and off.

To use an analogy;
When you go out on the town and get intoxicated, it is your choice whether to drive home or not, you have the option.
But would you seriously hold the car manufacturer responsible if it refused to make a car that would not start if you were drunk?

Personally, I like to have that freedom of choice and degree of control over my life.

On a personal note, if I could have a 'wish-list' it would be to have a further option for subsequent web attacks.
e.g Hack attempt through Union - sorry you are going to get as many pop-ups as I can throw at you. But for situations where there is a possibility of a false positive I would prefer to send one or two pop-ups at the first perceived attack attempt and then give the IP both barrels if the attempt continued.

Great work everyone, an excellent piece of kit!

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Guardian2003 wrote:

On a personal note, if I could have a 'wish-list' it would be to have a further option for subsequent web attacks.
e.g Hack attempt through Union - sorry you are going to get as many pop-ups as I can throw at you. But for situations where there is a possibility of a false positive I would prefer to send one or two pop-ups at the first perceived attack attempt and then give the IP both barrels if the attempt continued.

You actually have that right now in v1.2 Smile

. You can either send unlimited or just one, or none, based on each type of attack. BTW, v2.0 is going to blow all other away Wink

. That's all I'll say for now Smile

Posted: Sun Jun 27, 2004 2:19 pm

Thanks once again Raven.
And my thanks of course to the other developers and scripters (authors?).

I was thinking more along the lines of counting the number of attacks and increasing the level of response but what we have is great, I'm looking forward to seeing how much better 'great' can get.

Posted: Sun Jun 27, 2004 10:54 pm

If you want an idea of the new admin for 2.0.0 goto [ Only registered users can see links on this board! Get registered or login! ] Smile

It's set so you can play for an hour and then it resets every to the original setup on that test site Smile

Posted: Sun Jun 27, 2004 11:15 pm

One word - Outstanding!

Posted: Sun Jun 27, 2004 11:54 pm

Whoah....can't wait for THIS one to hit the net. I'll be waiting to upgrade with bells on Mr. Green

Posted: Mon Jun 28, 2004 12:03 am

I have to agree with the previous two posters (Guardian and whiteknight)......

Outstanding and I cannot wait!!!! Mr. Green

Posted: Mon Jun 28, 2004 9:57 am

One quick thought. I may of missed it, but where is PC Killer?

Posted: Mon Jun 28, 2004 10:08 am

In 1.2.0 it did not have that name anymore. You could set "pop-ups" instead for each option. Same thing but more control and a more politically correct name. Groovy

Posted: Mon Jun 28, 2004 10:28 am

I've been holding back with this but now it seems like a perfect time to post it.

Back when we first released PC Killer, there were a few wanna-be lawyers out there that started whining about things and continue to this day harping over there. They were going to great extents to provoke us and others as to the legal ramifications, as interpreted by them. I'm not talking about the people that were truly questioning the legality/validity of using a pop-up maker, but mainly the few at nukecops that felt they had the legal understanding to sit as judge and jury to what we were doing. As I have often replied to this trivial and childish type of response, CHECK IT OUT! Well, I decided to personally contact (at my expense) a REAL lawyer who specializes in Internet law. He is from Ohio and well versed in these matters. I have never met him and had no contact with him prior to this issue. He read the posts at nc and I even saved the ones that nc moved/deleted. Here is his Legal reading/interpretation of the issue and the statute that was brought up.

Attorney wrote:

Gaylen,

I have read the second and third threads. The first thread has been deleted, which made it tough to read. Smile

I have read the statute that you referenced. I disagree with their interpretation in some ways and agree in others. The statute was primarily intended to protect government computers and those at financial institutions. So, to that end, it does not apply. There is a somewhat ambiguous catch-all provision that MAY apply. One of the subsections, section 1030( a )( 5 ), seems to apply to hackers who mess with private computers. It is a crime if and only if the importing of a program causes damage. Locking up and requiring booting typically does not cause damage that is problematic.

Here is some language from a case interpreting the statute:

Title 18 U.S.C. S 1030( a )( 5 )( A ) prohibits a person from knowingly transmitting a program, information, code, or command, and as a result of such conduct, intentionally caus- [ing] damage without authorization, to a protected computer. A protected computer is a computer which is used in inter-state or foreign commerce or communication. 18 U.S.C. S 1030( e )( 2 )( B ). Defendant concedes that Slip.net's computrs fit within that definition. The statute defines damage to mean any impairment to the integrity or availability of data, a program, a system, or information, that causes loss aggreating at least $5,000 in value during any 1-year period to one or more individuals. 18 U.S.C. S 1030( e )( 8 )( A ). Defendant argues that Congress intended the phrase one or more indiiduals to exclude corporations. We disagree.

Therefore, unless the aggregate cost to repair the harm is $5000, it doesn't even fall within the parameters of the statute.

It sounds to me like those folks are engaging in some Monday morning lawyering without the training to do so. They're just not correct.

I hope that helps.

Version 2 will allow you MUCH more flexibility as Bob will now explain Smile

Posted: Mon Jun 28, 2004 10:47 am

Always nice to have your ducks lined up Raven! Good work! Mr. Green

Posted: Mon Jun 28, 2004 10:48 am

We are introducing "Templates" in 2.0.0 and with these you can use any html you wish. Each blocker can be assigned a different template so that you can make extremely nasty ones for blockers like "Union", "CLike", and so on and extremely mild ones for blockers like "Harvester", "Referer", and so on.

This takes the ultimate level of control to you the site admin and allows you to use what ever means you wish to use on any form of attack.

Below is the outline of how to make templates for Sentinel(tm):

Code:

With Sentinel(tm) 2.0.0 we have introduced a template system for the blocker response


pages. This now means you are no longer forced to use teh pre-written response page.


This also means you may add any type of java script or html coding to these response


pages you wish to add. You can also have a template for each blocker type so that the


response presented to the attacked is geared towards that type of attack.





Below are the PRESETS that the script will search for and replace with to correct


value. Where ever you place them in your template is where they will appear in the


rendered response page.





__SITENAME__ = sitename stored in hte config db table


__REMOTEPORT__ = $_SERVER[REMOTE_PORT]


__REQUESTMETHOD__ = $_server[REQUEST_METHOD]


__SCRIPTNAME__ = $_server[SCRIPT_NAME]


__HTTPHOST__ = $_server[HTTP_HOST]


__USERAGENT__ = $_server[USER_AGENT]


__CLIENTIP__ = $_server[CLIENT_IP]


__FORWARDEDFOR__ = $_server[HTTP_X_FORWARDED_FOR]


__REMOTEADDR__ = $_server[REMOTE_ADDR]


__TIMEDATE__ = Time and Date of page display








This is a sample template:


<html>


<head>


<title>__SITENAME__: IP Blocked</title>


</head>


<body>


<p align="center">You have been blocked from entering this site.</p>


<p align="center">All of the following information has been gathered to assist the webmaster should this need to be report to local or federal officers.</p>


<p>User Agent = __USERAGENT__<br />


Remote Address = __REMOTEADDR__<br />


Client IP = __CLIENTIP__<br />


Forwarded For = __FORWARDEDFOR__<br />


Time/Date = __TIMEDATE__</p>


</body>


</html>

As you can see, you build a html document that contains a few string replacements and save it as abuse_XXXXXXX.tpl and upload it to your abuse folder.

The only limit to these templates is just how nasty you want to get with an attacker. Sentinel(tm) 2.0.0 will ship with basic templates for each blocker type that you can edit to your liking or you can just build new ones.

You can include JavaScript that causes billions of popups, embed media, embed objects just like any other html page can have. You can make them plain janes or fancy fredas. You imagination is the only limit.

The only template required is the abuse_default.tpl template which can still be edited but will only display at rare times.

Posted: Mon Jun 28, 2004 11:02 am

I will be releasing a set of templates in due course so all the fans of my "PC Killer" element can still use it on the new Sentinel, at the same time, noone can knock Sentinel itself, as this will be a seperate download for those who want it. It will have a new name though! Razz

Posted: Mon Jun 28, 2004 2:42 pm

Raven I'm thrilled you decided to share with the public this opinion that you shared with us here a while ago. I've had to bite my proverbial tongue so many times in the past weeks it was beginning to get painful!

Bob the new template system will be the best thing for everyone. Custom pages will be all the rage!

Ganja without a doubt your templates will be the hottest download in the phpnuke world! Well with the exception of Sentinel itself!

The best just keeps getting better!

Posted: Tue Jul 27, 2004 11:29 am

I agree, we are in a war. There will be collateral damage, but I think it can be held to a minimum. I think it is necessary to fight back. I learned one thing in vietnam, not all innocent victims are innocent. I will use PC Killer on several of the available blocks, but not all of them. Steve

P.S. Since I requested to be removed from the NC member list, I am unable to view the forums. It doesn't bother me, but I would like to view Paul's comment. Would someone please e-mail it to me or post it. Thank you very much Very Happy

Posted: Tue Jul 27, 2004 12:12 pm

I'm sorry, but I have to ask, how do I install the PCKiller template? Do I just replace the files in /abuse? Thanks, Steve

Reminder - turn off NAV!!!!!

Posted: Tue Jul 27, 2004 1:04 pm

Yes copy the contents of the abuse folder over. I really should put a readme in there I guess. Smile

Posted: Tue Jul 27, 2004 1:19 pm

I tried to download your PC Killer template but Norton 'detected' a trojan and deleted it... I'm not sure now I have the full complement.

Posted: Tue Jul 27, 2004 1:49 pm

Turn off NAV and redownload. It is missing a couple of files NAV deleted.

Thank you Ganja.

Posted: Tue Jul 27, 2004 2:12 pm

I uploaded to my site, but the response options remain the same (no attack option). Do I just use the forward option, sending them to abuse.html? Embarassed

Posted: Tue Jul 27, 2004 3:00 pm

Those template files replace the default ones, so if you leave the options on default page they will get the whole show.

You also have the option to forward to abuse.html instead and leave your original templates how they are.

Posted: Tue Jul 27, 2004 3:28 pm

sharlein wrote:

Turn off NAV and redownload. It is missing a couple of files NAV deleted.

Thank you Ganja.

Thanks sharlein, will do once I can get into admin... Sentinel™ blocked me!! hahaha

Posted: Tue Jul 27, 2004 3:36 pm

[ Only registered users can see links on this board! Get registered or login! ]