Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.5.x
Author Message
Doulos
Life Cycles Becoming CPU Cycles



Joined: Jun 06, 2005
Posts: 732

PostPosted: Wed Sep 20, 2006 8:33 pm Reply with quote

What settings do you recommend for the blocker configuration?

I noticed that some of the different types of blocks don't write the IP to .htaccess by default. Script attacks don't get written to the .htaccess file. One user was blocked 7 times today for trying to use what sentinel defined as a Script which was contained in a post he was trying to make. Here is the contents of the email I received from regarding this block.
Quote:
Date & Time: 2006-09-20 21:14:46 EDT GMT -0400
Blocked IP: 66.75.137.75
User ID: -=]FGA[=-KombatKing (15)
Reason: Abuse-Script
--------------------
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Query String: [ Only registered users can see links on this board! Get registered or login! ]
Get String: [ Only registered users can see links on this board! Get registered or login! ]
Post String: [ Only registered users can see links on this board! Get registered or login! ] Kills&addbbcode18=#444444&addbbcode20=12&helpbox=Bold text: text (alt+b)&message=Just going through the Stats and my player event log and I saw this cool kill streak!

7 kills in 8 sec:

51:01 Kill I killed DonKingKong2020 with a headshot from tmp
51:00 Kill I killed Killabee with tmp
50:55 Kill I killed Clicker with a headshot from tmp
50:55 Kill I killed neddley with a headshot from tmp
50:54 Kill I killed -=BwP=-Fist of Konshu < B o D > with tmp
50:54 Kill I killed AWP hater with tmp
50:53 Kill I killed waltzing matilda with tmp

Post your best!

Very Happy

~KK&poll_title=&add_poll_option_text=&poll_length=&mode=newtopic&f=1&post=Submit
Forwarded For: none
Client IP: none
Remote Address: 66.75.137.75
Remote Port: 63417
Request Method: POST
--------------------
Who-Is for IP
66.75.137.75




OrgName: Road Runner HoldCo LLC
OrgID: RRWE
Address: 13241 Woodland Park Road
City: Herndon
StateProv: VA
PostalCode: 20171
Country: US

ReferralServer: [ Only registered users can see links on this board! Get registered or login! ]

NetRange: 66.74.0.0 - 66.75.255.255
CIDR: 66.74.0.0/15
NetName: RR-WEST-2BLK
NetHandle: NET-66-74-0-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: DNS1.RR.COM
NameServer: DNS2.RR.COM
NameServer: DNS3.RR.COM
NameServer: DNS4.RR.COM
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2001-01-30
Updated: 2003-02-11

RTechHandle: ZS30-ARIN
RTechName: ServiceCo LLC
RTechPhone: +1-703-345-3416
RTechEmail: [ Only registered users can see links on this board! Get registered or login! ]

OrgAbuseHandle: ABUSE10-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-703-345-3416
OrgAbuseEmail: [ Only registered users can see links on this board! Get registered or login! ]

OrgTechHandle: IPTEC-ARIN
OrgTechName: IP Tech
OrgTechPhone: +1-703-345-3416
OrgTechEmail: [ Only registered users can see links on this board! Get registered or login! ]





He found that if he removed the characters immediately following the "Konshu" (I inserted the spaces between the characters hoping this would keep ME from getting blocked from Ravens site) which were enclosed in the <'s the post was allowed.

What do you suggest I set these blockers to?
 
View user's profile Send private message
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam

PostPosted: Wed Sep 20, 2006 8:49 pm Reply with quote

I would have thought it would be the characters before it as these are not valid alphnumeric characters.
What is you current setting for the Script blocker? It will only ban the IP if it is set to.
 
View user's profile Send private message Send e-mail
Doulos







PostPosted: Wed Sep 20, 2006 9:57 pm Reply with quote

It is set to block but not write to .htaccess. I noticed that several other blockers are set this way as well.

Admin, author, clike, union, filters, referers, and request method all set to 'email, block, & default page' and write to .htaccess

script set to email admin but not block or write to .htaccess

all others are set to 'off'

I did not set any of these manually (that I can recall). I am perinoid about security so should I set all these to block and write?
 
Guardian2003







PostPosted: Thu Sep 21, 2006 12:19 am Reply with quote

I think it is more down to personal preferences really. Those settings are fine for a 'default' set up and affords protection in the most important way - notifying the admin something is going on so he can do something about it.

You are obviously getting false positives on the script blocker so I wouldnt recommend you set that to write to htacess until you can determine the exact cause.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.5.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©