Multi system headache.

Posted: Thu Jan 11, 2007 12:43 pm

First off I would like to say thank you for your hard work, I have had Raven nuke on my website and my fire department site for almost a year with little to no trouble. The site is hosted at Hostgator. About a month or so ago, I started getting comments from people saying that they could not access the site. I was able to view it from the Fire station and home, we were still getting lots of hits and interactions on the site so I didn't think much of it right away. Well I have started getting more and more people having the same problem. "You are using an invalid IP to access this site". Hostgator tried on thier end with no luck so I looked around here and tried the changing the config file to TRUE, that worked, but I figured it wasn't a permanent fix. So I tried updating IP2C then I get banned. I have looked in the mysql table under blocked ip, not there, I looked in the htaccess and other files and nothing there either. What exactly does the Overlap do?

Thanks

Sells PC To Pay For Divorce Joined: Posts: 5661

Quote:

So I tried updating IP2C then I get banned. I have looked in the mysql table under blocked ip, not there, I looked in the htaccess and other files and nothing there either. What exactly does the Overlap do

thats doesnt make any sense....

what sentinel version do you have?

Posted: Thu Jan 11, 2007 2:53 pm

I think it is 2.4.2pl5. Sorry about the confusion, I have a lot of things going on at once. Let me try this again.

1) People were getting "You are trying to access this site with an invalid IP" (something like this).

2) Cleared all of the banned/blocked IP addresses (People originally said they were banned)

3) Checked .htaccess , .staccess and there was nothing there about banned IP's.

4) Tried importing/updating IP2C

5) Nothing effected

6) looked around and saw a post talking about changing in the config.php file

Code:

$bypassNukeSentinelInvalidIPCheck = FALSE;

to

Code:

$bypassNukeSentinelInvalidIPCheck = True;

But from what I could tell that was a local machine fix and this was on a web host.

7) It worked, some of the people we able to see the site again. But I fugured this was a band-aid so I tried to keep working on it.

Cool

Updated IP2C again and I was banned, people at the fire station are banned, other people can access the site.

9) I have looked into the Mysql for my IP address but in the blocked IP db it is empty. So I don't know what I did or what I need to do.

Posted: Thu Jan 11, 2007 3:01 pm

well maybe its better to just uninstall the old version and install the newest with all new ip2country...
then atleast you can be sure all will be fine...

Posted: Thu Jan 11, 2007 3:03 pm

How do you uninstall? All of Raven Nuke or just Nuke Sentinel. If there is already a post please point me to one. Thanks again.

Involved Joined: Jul 15, 2004 Posts: 252 Location: OKC, OK

To answer your question the overlap just checks to make sure you don't have an IP address registered to more then one country. It should have nothing to do with being banned. I guess if the IP2Country table got really messed up it could, You may want to blow that table away in phpmysql, since you have bypassNukeSentinelInvalidIPCheck = True it shouldn't be using it really anyway.

What is the message you are getting saying you are banned when you try to access the site, that may help narrow it down to server or Sentinel.

Posted: Thu Jan 11, 2007 3:09 pm

you can uninstall it by taking out the sentinel tables and its files....

Posted: Thu Jan 11, 2007 3:10 pm

You have been blocked from entering this site.

You have attempted an unknown attack on this site.

All of the following information has been gathered to assist the webmaster should this need to be reported to local or federal law enforcement.

If you think this is a mistake you can contact the site webmaster at webmaster(at)kearneyfire(dot)org.

User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1
Remote Address: 65.30.54.75
Client IP: none
Forwarded For: none
Date Blocked: 2007-01-11 @ 15:11:50 CST GMT -0600
Block expires: Permanent
NukeSentinel(tm) 2.4.2pl5 by: NukeScripts.net

Posted: Thu Jan 11, 2007 4:57 pm

All I can find are patch and updates for Sentinel.

Posted: Thu Jan 11, 2007 5:12 pm

If I were you, (which I am not of course). I would download the full install on Nuke Sentinel 2.5.04 [ Only registered users can see links on this board! Get registered or login! ]

then just reinstall Sentinel from the top, delete the tables and files and reinstall the files and tables.

I would do this instead of running all the upgrade patches since 2.4.2pl5 came out.

Again this is me not you....but you are running an old version on Sentinel and it is Sentinel that is banning you from your site. I woulid upgrade to the newest version and see if that fixes the problem.

p.s. just saw a newer version of ip2c is out 1.5.07 so after reinstalling Sentinel download the diff file [ Only registered users can see links on this board! Get registered or login! ]
and run that also. I am going to run that myself right now.

Posted: Thu Jan 11, 2007 5:15 pm

Ok, thanks, that's what I was thinking about doing. I had already started the process

Posted: Thu Jan 11, 2007 6:06 pm

Ok, I droped the tables, but they did not come back.. did I miss something? Other than the the website is up and running I just don't know how secure it is.

PS DO I do the NSTN Installer?

Posted: Thu Jan 11, 2007 9:40 pm

Yes you need the installer script that comes with Sentinel to reinstall the tables

Posted: Thu Jan 11, 2007 10:44 pm

Ok, I think I got it. I delete all the extra files right?

Posted: Fri Jan 12, 2007 11:55 am

Personally I would also keep the $bypassNukeSentinelInvalidIPCheck = True; in my config.php file. I tried going without it, but even after keeping the IP2C tables up to date I was getting too many complaints from legit users about getting blocked.

Posted: Wed Jan 24, 2007 7:54 pm

I think maybe we have an "urban legend" going on in these Forums with respect to the invalid IP issue. After a user at my test site complained, I started looking at reimporting the IP2country data because that seems to be the solution recommended here. But I'm not sure.

I have tried tracing back thru Nukesentinel.php to determine the origin of this message. The immediate kick off for the message being generated (and I'm using the latest 2.5.05 code) is this:

Code:

// Invalid ip check


if(isset($bypassNukeSentinelInvalidIPCheck) AND $bypassNukeSentinelInvalidIPCheck) {;}


elseif($nsnst_const['remote_ip']=="none") {


  echo abget_template("abuse_invalid.tpl");


  die();


}

That's at line 118. So then we'd need to see how 'remote_ip' gets set to "none". It's tracing this that leads into a labyrinth of functions starting with get_ip. I have to confess that I can't follow all the logic in there. I know that at one point there is a get_remote_addr function that in turn calls a get_env function which should be returning the $_SERVER(remote_addr) which according to the documentation for PHP should be the IP of the client. So if that's missing I guess we could get an invalid IP. But looking at the logic in get_ip has me baffled and I'm just not sure what conditions would lead to this error.

Perhaps at some point we can get Bob or Gaylen to offer us an explanation, or perhaps someone else who knows about this can assist because it does seem to be a very common and vexing problem that's leading knowledgeable folks to just turn off the feature. Does this problem have any relation to IP2country and IP addresses that might be missing from there? Or is it somehow the client's failure to send a valid IP that's causing this? Or something else entirely?

It's also probably worth noting that the import IP2country feature in Sentinel now imports all the countries automatically contrary to the appearance of the screen where it leads you to think you have to pick the countries one by one. At least I think it's importing IP2country data but some clarification on that might be in order too.