| Author |
Message |
digibeet
Regular
Joined: Jul 08, 2004
Posts: 96
Location: Amsterdam, the Netherlands
|
 Posted:
Mon Jul 12, 2004 4:22 am |
|
Hi Raven,
I have a small problem, I have installed Sentinel but forgot to change the YourAccount index.php file cooki handling line.
So, I did that after the install of Sentinel, now anybody who visites the site is blocked.
I have removed the include line @ the mainfile so I could enter the site, but now sentinel is not running,
Are those neccesary changes in the Y.A. index.php different in the Raven Nuke version or not.
I hope I don't missed a aerly post about it.
Greets,
Fred |
_________________
"Grasp the subject, the words will follow."
Cato the Elder (234 BC - 149 BC)
Roman orator & politician. |
|
 
|
|
digibeet
|
| Posted:
Mon Jul 12, 2004 4:27 am |
|
Forgot something,
THE PEOPLE WHO NEEDED IT HAVE READ IT, Thanks!!
Doorgestuurd Voor: 62.21.**.**
Client IP: none
Remote Adres: 213.218.65.18
Remote Poort: 10775
Aanvraag Methode: GET
This is the intrusion detection when I'am visiting my site (with the include in mainfile.php) 
Thanks,
Fred |
Last edited by digibeet on Mon Jul 12, 2004 6:22 am; edited 1 time in total |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Mon Jul 12, 2004 4:33 am |
|
Fred,
That is not a mistake! That is a known exploit that illegally adds admins to your site. It looks like you may already have been exploited! Look at your admin entries and see if there are people in there that shouldn't be. |
| |
|
|
|
|
Nukeum66
Life Cycles Becoming CPU Cycles
Joined: Jul 30, 2003
Posts: 551
Location: Neurotic, State, USA
|
| Posted:
Mon Jul 12, 2004 5:02 am |
|
digibeet,
I removed the domain extension from your post, so no one could just click and hack..  I'll let you decide if you want to remove the exploit or leave it. |
_________________
Scott Johnson MIS Ubuntu/Linux 11.10 |
|
|
|
|
digibeet
|
| Posted:
Mon Jul 12, 2004 5:19 am |
|
OK, so I'am F****d that's no fun.... 
Because I rebuild the site no problem, but now this,
I renewed the SQL DB, so I need to make an new Admin etc. after that the firsttime Admin creation comes and then the firs-time login as admin, gess what.... a blanc page with Begone on it??
I cleaned the .htaccess also, problem exists...my brain needs caffeine 
Thanks,
Fred |
Last edited by digibeet on Mon Jul 12, 2004 5:47 am; edited 1 time in total |
|
|
|
|
Raven
|
| Posted:
Mon Jul 12, 2004 5:43 am |
|
Make sure there is only one admin. Make sure Sentinel is installed. Then, for ultra safety, follow this [ Only registered users can see links on this board! Get registered or login! ] |
| |
|
|
|
|
digibeet
|
| Posted:
Mon Jul 12, 2004 6:23 am |
|
|
|
|
|
digibeet
|
| Posted:
Mon Jul 12, 2004 6:25 am |
|
Raven,
I have checked the admins, there was only me..
can a admin be hidden?
Thanks,
Fred |
| |
|
|
|
|
Raven
|
| Posted:
Mon Jul 12, 2004 6:28 am |
|
If you replaced the database and created the God admin, then you should only have 1 admin. No, you can't hide an admin. As long as you have just the one admin and you have installed Sentinel and my Auth Admin code, you are good to go! |
| |
|
|
|
|
digibeet
|
| Posted:
Mon Jul 12, 2004 9:44 am |
|
aloha... 
Question (what else),
I want to use the hackattempt script, the readme tells me to ad a line in the mainfile, the RdMe.. says to begin after <?, in DreamW.. the script won't work, should this be <?php instead? and then the added line?
And the Sentinel include, comes that after or before the H.A. line?
Thanks again..
Fred |
Last edited by digibeet on Mon Jul 12, 2004 9:52 am; edited 1 time in total |
|
|
|
|
Raven
|
| Posted:
Mon Jul 12, 2004 9:51 am |
|
You do not need, nor do you want, to use HA with Sentinel. Sentinel encompasses HA. Now, as to Dreamweaver, that is a bad editor for PHP. You need to be using a programmers editor like Textpad or something similar. Notepad, Wordpad, and Dreamweaver have known problems with PHP files, especially when saving to a *nix machine. |
| |
|
|
|
|
digibeet
|
| Posted:
Mon Jul 12, 2004 9:59 am |
|
OK...
I will go use my *nix (SuSE9.1), I often do, but my new MainBoard isn't realy happy with that distro  (Asus P4P800-E deLuxe) That's why I work on the W32 system for now.
In the near future I will build a standalone *nix box.
Thanks,
FD  |
| |
|
|
|
|
Raven
|
| Posted:
Mon Jul 12, 2004 10:06 am |
|
I'm not saying not to use win32. Most use win32 for testing and then ftp tp *nix. I'm just saying that those editors are know for adding extra characters to files that hose up nuke. Then again, many use them w/o any problems. And using <?php instead of <? is not an issue. |
| |
|
|
|
|
digibeet
|
| Posted:
Mon Jul 12, 2004 10:20 am |
|
Another one,
In the TopLevel auth. file I have to make a password and login.
Do I have to this the first time i login?
(I have made myprivatefile.php, but creating my new PW
That is a littlebit fuzzy for me, probably very simple if you know how..
Thanks,
FD |
| |
|
|
|
|
Raven
|
| Posted:
Mon Jul 12, 2004 10:25 am |
|
This has nothing to do with the authfile. In myprivate file you store the userids and passwords. Once you create your new encoded password using md5.php you store that in myprivatefile.php. Then you add the 2 include lines to auth.php. |
| |
|
|
|
|
digibeet
|
| Posted:
Mon Jul 12, 2004 11:18 am |
|
It works 
But with a small problem, ONLY on the admin loginpage the code is a red square, @ the index the code is visible, how comes that.
Thanks,
Fred |
| |
|
|
|
|
Raven
|
| Posted:
Mon Jul 12, 2004 11:22 am |
|
That is because of your EDITOR - remember I told you the 3 wicked pieces of crap editors to avoid ? Make sure that in auth.php, myprivatefile.php, config.php, and basicauthfile.php that there are no blank lines after the closing php tag ?> |
| |
|
|
|
|
digibeet
|
| Posted:
Mon Jul 12, 2004 11:48 am |
|
Ok... now I see the admin code, do I see the second Log-In only the first time or everytime I want to login as admin?
This because I have Logged in that way the first time and after logging off and logging in again the NEW login won't come up and I can login just as usual and I never use the "save password" function on those so that can't be it.
Next: I have Sentinel installed and this is what I get when going to the Sentinel admin page.
Fatal error: Call to undefined function: abget_configs() in /home/.sites/109/site189/web/admin/modules/sentinel.php on line 32
And it's those two parts that are the most important right now..
I keep on going, learning and posting..
Thanks so much,
FD |
| |
|
|
|
|
Raven
|
| Posted:
Mon Jul 12, 2004 11:53 am |
|
You need to add this line to your mainfile.php (as line #2) as stated in the instructions.
include("includes/sentinel.php");
The HTTP Auth browser routine will only validate once per browser session. So, until you close that browser session window, you are validated. Once you close it down and open up another browser window and access admin.php, you will see it again. |
| |
|
|
|
|
digibeet
|
| Posted:
Mon Jul 12, 2004 11:59 am |
|
SUPER!!
include("includes/sentinel.php");
 I forgot this -include- part to write before (".........................");
Thanks,
FD |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
