Questions about what sentinel protects against

New Member Joined: Jul 20, 2004 Posts: 18

Hi I've been using nuke for a little whils and have used sentinel before.. but blindly to tell you the truth.

Can someone please explain to me what the different sort of attacks are??

like
Admin:
Author
Clike
Union
Filters
Harvesters
Referer
Scripting blocker
request method
string blocker

I am not looking for a detailed explanation just a brief idea as to whether I need to activate it or not. some sound a bit obvious but you know what they say about assuming something.....

Any explanation would be greatly appreciated.

Wade

Posted: Tue Feb 08, 2005 11:24 am

These are the ones I'd call optional the others are all in response to valid attacks of one sort or another the harvester list could argueably be addressed better at the server level with rewrites either in httpd.conf or htaccess IMO.

request method < See http requests TRACE, PUT would be candidates to block >
string blocker <This is handy for on the fly custom rules for instance MeG attacks using adminpath= >

Posted: Tue Feb 08, 2005 11:54 am

Ok in my case I mainly want to protect my site from being hijacked. I don't have downloads so people soaking up my bandwith is not a prob... Have not had to ban anyone from my site yet. It's a pretty civil bunch I have. They are work colleagues all part of the same labour union. What you recommend I acvitate and what should I just leave turned off?

Posted: Tue Feb 08, 2005 12:29 pm

With respect to my previous mention of the harvestor list. The harvestor list if not addressed else where.
Use the HTTP Auth or CGI Auth for prevent admin exploits. (Most important feature really)
Use force nuke url if your not on a subdomain.
Use the DoS blocker.
Do not use the proxy blocker.

Admin
Author
Clike
Union
Filters
Referer
Scripting blocker

Remove the duplicated filters from mainfile.php and admin.php as mentioned in the readme and in a couple of threads on the forums here it will make a noticable difference in page loads but only do this once the Sentinel Blockers are active above.

Posted: Tue Feb 08, 2005 1:00 pm

sixonetonoffun wrote:

Use the HTTP Auth or CGI Auth for prevent admin exploits. (Most important feature really)

I'm actually having alot of trouble with this right now. I've been searching on your forum but i'm quite confused.

Let me try and explain as best I can as to what I did.

in .htaccess I have

Code:

<Files .backup>


  deny from all


</Files>





<Files admin.php>


   <Limit GET POST PUT>


      require valid-user


   </Limit>


   AuthName "Restricted"


   AuthType Basic


   AuthUserFile /.backup


</Files>

I named my staccess to .backup

I copied over the staccess file which was blank.

Before doing so I entered in the setninel config
htaccess Path: was /.htaccess ----> I put it in root for now
staccess path: wad /.staccess
I set admin password
admin auth set to cgiauth

grumbles....

I've tried just about everything and am sure it's something stupid.. The .staccess presently empty, I thought I read in one of the other posts that this is where the password is stored...

Thanks for the help

Wade

Posted: Wed Feb 09, 2005 12:49 am

You know what I think I finally got it working Smile

so nevermind about my last question. Thanks again for the response on my earlier questions.