Sentinel vs Protector Systems

Posted: Fri Jun 04, 2004 3:23 pm

Are they different?

What are the differences if any?

Why should I change?

Client Joined: Apr 10, 2004 Posts: 649 Location: UK

I tried Protector and it trashed my site, but then I'm new to php and security programs so it may have been an error on my part.

So I tried Sentinel when it first came out and it was so easy to install and configure I've stuck with it.

I'm running phpnuk v7.0 with the latest patches.

Posted: Fri Jun 04, 2004 4:17 pm

Sentinel is being built with moderate to large sites in mind keeping code and database queries to a minimum. Protector has been built on more of a feature first, performance second model.

Posted: Sun Jun 06, 2004 5:48 pm

I use Protector on my 6.9 productions site in two ways. I check for which users are using the same IP, (sometimes cookie issues with more than one user in the same household). Also, I only add users to the system by hand via Edit Users so I check IPs against those already registered, to prevent multiple accounts for one user.

I can only imagine the worst case chaos if I attempted to remove Protector and install Sentinel.

If I install Sentinel (on fresh install) can I check IPs the same as I could with Protector?

And question, hopefully not OT, about banning ... is one way better than another to ban an IP? I could use CPanel, which I assume writes an htaccess file, or features in Protector or Forums, and I'm sure other apps have ban functions too. What is the best way to ban an IP from a domain how come there are so many different options?

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

I don't use Protector as Sentinel™ does all that I need it to, as it incorporates Chat's security traps, my Hack Alert stuff, along with Bob's stuff and about everything we collectively know about. It's all about STUFF and good STUFF! Sentinel™ writes to both MySQL and .htaccess if you so desire. I so desire because I don'e even want the scum bags on my server.

Posted: Mon Jun 07, 2004 1:30 am

Ohh i noticed something one has a ™ and the other dosent Laughing

But really Sentinel™ is alot lighter, so to say, than the heavy Protector sys,

Posted: Mon Jun 07, 2004 8:54 am

I have used Protector and I liked it with the exceptions of it wouldn't write to the .htaccess file without me modifing (I sent the mods to Mister which he promptly included) and the fact that it slowed my site way down because of all the queries it makes. Protector is great for low traffic sites and I support Mister's work on it but for my site I had to have something lite and fast and that would write to the .htaccess file.

That's were Raven, Chat, Ganjauk, and the rest of the folks came in. We all put our best together to make Sentinel(tm), it's extremely lite, very fast, very easy to install, and very good at catching scumbags Smile

It won't track user ip's which is part of why Protector is to bulky for me.

Posted: Mon Jun 07, 2004 9:21 am

I can certainly understand the need for lite, but I'm curious. What is an opinion on the threshold of a low traffic site, avg daily hits or visits? Anything under 100,000 hits? is it higher or lower?

Because of the nature of my community... I need a way to track users to IPs.

And catching scumbags is all good too ... what to do, what to do ?

Assuming traffic is low, will Sentinel *and* Protector play nice together?

Posted: Mon Jun 07, 2004 9:35 am

If I may interject, what about IP_Tracking?

Posted: Mon Jun 07, 2004 9:47 am

I think the domains over its bandwidth or something for IP Tracking? Is there an alternative download site? scottr hasn't been around for a while maybe he would be interested in getting it hosted here?

Posted: Mon Jun 07, 2004 5:08 pm

This is where I found versions 3.1.2 and 3.4.4:
[ Only registered users can see links on this board! Get registered or login! ]

Or you can download without registering from my site if you'd like:

PC Toolbin's Downloads

Regards...

Worker Joined: Aug 16, 2003 Posts: 107 Location: USA

i have IP_Tracking-3.5 if anyone want it

Posted: Mon Jun 07, 2004 7:54 pm

afc wrote:

i have IP_Tracking-3.5 if anyone want it

Uh...yeah! Could you email it to me if possible please? Thanks. (Your site isn't coming up or resolving for me which is why I ask....just in case you already have it for download)

Posted: Tue Jun 08, 2004 1:45 pm

I've got IP_Tracking 3.4.1 - August 30, 2003
Any chance IP_Tracking 3.5 has a feature to search IPs? If I could get all the IPs displayed (something seems to be not working in the # $numip: Display How Many IP Tracking Records Per Page in the config. I have it set to 1000 because only one page is showing when the variable is set to 200... and I'm still not sure I'm seeing all the IPs.

I'd like to find 3.5 too.

Posted: Tue Jun 08, 2004 2:16 pm

my server went down, it back up i will put it for download later and post the link

Posted: Tue Jun 08, 2004 5:05 pm

afc wrote:

my server went down, it back up i will put it for download later and post the link

Ok.....will be waiting....thanks.

Posted: Tue Jun 08, 2004 9:51 pm

For the record, since it seems to be an issue here, I can say that Sentinel, Admin Secure, and Protector will ALL work together without any errors that I have seen thus far. This, of course, is on a PHPNuke 7.3 install with Raven & Chat's patches. As for high traffic and bandwidth caused by any ONE of them, I can't say that I've seen it since this site isn't quite "Live" yet, but will be within the next week or so. Findings, at this point are from the local testing installation where I am adding various modules including a rework of the Amazon module from preciogasolina.com to work with PHPNuke 7.3. Just what I have seen on my local test bed. Mr. Green

Posted: Fri Jun 11, 2004 4:34 pm

[ Only registered users can see links on this board! Get registered or login! ] here is ip tracking module you were looking for

Posted: Sun Jun 13, 2004 8:41 am

In staying on topic I just wanted to throw my 2 cents in and ask a few questions.

First let me say that I need security. I get hit about 15-20 times a day in attempts to exploit Nuke in every way possible from SQL injections to attacks to crack the site & server... all of which to date are originating overseas.

I am now considering blocking China, Brazil and Asia Pacific completely, but have yet to do so.

I have been saved MANY times by Protector, but also by Raven's Script (pardon me a second while I bow down to Raven and say "I'm not worthy" in an attempt to show my extreme gratitude and respect).

I've been cruising around for the past few weeks reading about Sentinal. Generally, my position has always been, "if Raven says to use it, I use it". In the past, I haven't wasted any time running around trying to read up on a subject, I just immediately implement it. It's like going to the dentist.... If he says, "I've gotta fill that cavity". You don't read up on cavities or get a second opinion, you tell your dentist to do it because you know if you don't deal with it now, it's going to hurt really bad later.

What I don't understand is what REALLY distinguishes Sentinal from Protector (with RavenScript protection).

I've heard, "Opinions" but nothing about the code itself or why the authors chose to re-invent the wheel versus modifying Protector and/or RavenScripts to do the job.

So far, I've been lucky. The many attempts to hack my site have had no successes. What I want to know is this.

1) If I install Sentinal:
a) Do I need to uninstall Raven Script Protection?
b) Do I need to uninstall Protector (now at 1.15b2 - Latest Version)
c) Do I need to install the latest Chatserv updates BEFORE or AFTER Sentinal? Or is there no impact? (NOTE: In all previous Chatserv fixes, I've had to do extensive modifications to get them to work with my protection scripts/programs and my themes.)
d) Should I (can I) consider running Sentinal WITH Protector? Is there any real benefit or liability?

I don't yet use GoogleTap as I feel that it creates more problems than it solves in its current form (My beta server went to 83% utilization after installing it).

Are there any automated benefits to utilizing Sentinal instead of what I have now? For example, would Raven blocked addresses be added automatically to my banned list?

Input is appreciated and again (directed at Raven) THANKS for everything you have done already to help make my site popular and secure!

Finally, I wanted to mention that I was recently asked by an industry press reporter who I thought were the most influential people in the Nuke Community. My answer was swift, "The host of [ Only registered users can see links on this board! Get registered or login! ] has provided the most valuable contributions to enhance and secure my site since migrating from a totally Microsoft solution to the Open-Source Solutions of Linux and Nuke. While there are many great Nuke community sites, this is the only site that has managed to remain free of personal politics and attacks amongst the many developers. If there is one site out there that develops and promotes the best solutions (even created by others) while upholding the highest levels of ethics and morals, it is ravenphpscripts."

Again, just my 2 cents
Steph

Posted: Sun Jun 13, 2004 10:20 am

Before I begin responding, I'd like to thank you for your support and encouragement! Seriously, I, as well as others of course, take a lot of hits (personally) and it it always refreshing to receive this kind of positive feedback. Thanks Steph!

64bitguy wrote:

1) If I install Sentinal:
a) Do I need to uninstall Raven Script Protection?

No, but there is no need to have it and Sentinel™ as Sentinel™ does much more and HA will actually keep Sentinel™ from using its blocking prowess.

Quote:

b) Do I need to uninstall Protector (now at 1.15b2 - Latest Version)

Probably not. To be truthful I am not familiar with it and only know what I read. Sentinel™ adds blocking at the server level and from what I understand Protector has a tendency to drag on your server. The two may conflict in the efficiencies and timing of protection.

Quote:

c) Do I need to install the latest Chatserv updates BEFORE or AFTER Sentinal? Or is there no impact? (NOTE: In all previous Chatserv fixes, I've had to do extensive modifications to get them to work with my protection scripts/programs and my themes.)

Those fixes are independent of Sentinel™. However, you should always install his fixes.

Quote:

d) Should I (can I) consider running Sentinal WITH Protector? Is there any real benefit or liability?

I only run Sentinel™. I see no need and have no need for anything else.

Quote:

Are there any automated benefits to utilizing Sentinal instead of what I have now? For example, would Raven blocked addresses be added automatically to my banned list?

Your IP's that you have manually added to .htaccess will not be affected. They will not show up in Sentinel™ blocked IP's though, unless you manually add them to Sentinel™'s database through the Admin function.

Quote:

What I don't understand is what REALLY distinguishes Sentinal from Protector (with RavenScript protection).

As I said, I do not use protector. I tried it early on and (personally) decided at that time (release 1.12 or 1.14 if I remember right) and I felt the release was premature and it created more problems than it solved. Having said that, I do not know what the current release offers. I would assume that it is more mature now. Sentinel™ carries a light footprint and offers individual control over all of the exploits that it protects against. The code is very easily modifiable, more compartmentalized if you will, so if you are a coder you can easily extend it yourself.

Quote:

I've heard, "Opinions" but nothing about the code itself or why the authors chose to re-invent the wheel versus modifying Protector and/or RavenScripts to do the job.

We did not, in any way, reinvent the wheel Smile

. Sentinel™ is the result of a collaborative work by Bob Marion, myself, and Chatserv. Bob was actually just looking to upgrade a product that he already had (IP Banner) and he solicited permission to use certain elements of my HA script. As we talked we decided to join together and expand the product and change the name. Sentinel™ is its own animal and we believe it is the best Nuke protection system available. And with the upcoming 2.0 release, it will set itself even more apart and above the others Wink

I chose not to continue enhancing HA as I felt this would detract from Sentinel™ and could be perceived as competition. I thoroughly recommend removing HA and installing Sentinel™!

In closing, thank you once again for your support and recognition that you have afforded this website!

New Member Joined: Feb 02, 2004 Posts: 6

i've one question after reading these posts.

does Sentinal have a function to counterattack against those ddos attacks?
like hammer protection in Protectors?

thx

Posted: Wed Jun 16, 2004 4:45 pm

conma2cang wrote:

i've one question after reading these posts.

does Sentinal have a function to counterattack against those ddos attacks?
like hammer protection in Protectors?

thx

Would be nice......especially since they have the PC Killer function to kick back somewhat......erm...I mean "Defend" against.... Wink

Posted: Wed Jun 16, 2004 5:23 pm

Protector does nothing to stop a true dDos attack Smile

. A dDos attack occurs at the server level, not the port 80 website level. That takes a more sophisticated tool at a much lower level. Sentinel™ is designed to be a script attack protection and it's a very good one. We might look at the hammer guard, but there is a danger in trying to become all things to all people. You can end up with alot of overhead, and you need to see if the end justifies the means.

Regular Joined: May 03, 2004 Posts: 62 Location: USA

64bitguy wrote:

In staying on topic I just wanted to throw my 2 cents in and ask a few questions.

First let me say that I need security. I get hit about 15-20 times a day in attempts to exploit Nuke in every way possible from SQL injections to attacks to crack the site & server... all of which to date are originating overseas.

I am now considering blocking China, Brazil and Asia Pacific completely, but have yet to do so.

d) Should I (can I) consider running Sentinal WITH Protector? Is there any real benefit or liability?

Are there any automated benefits to utilizing Sentinal instead of what I have now? For example, would Raven blocked addresses be added automatically to my banned list?

Input is appreciated and again (directed at Raven) THANKS for everything you have done already to help make my site popular and secure!

Finally, I wanted to mention that I was recently asked by an industry press reporter who I thought were the most influential people in the Nuke Community. My answer was swift, "The host of [ Only registered users can see links on this board! Get registered or login! ] has provided the most valuable contributions to enhance and secure my site since migrating from a totally Microsoft solution to the Open-Source Solutions of Linux and Nuke. While there are many great Nuke community sites, this is the only site that has managed to remain free of personal politics and attacks amongst the many developers. If there is one site out there that develops and promotes the best solutions (even created by others) while upholding the highest levels of ethics and morals, it is ravenphpscripts."

Again, just my 2 cents
Steph

Hi Steph,

You sound alot like me a few weeks ago. I was receiving 20 - 30 hack attempts per DAY! It was absolutely crazy. This was after 2 successful hacks. I then installed Protector .. and then found Raven's site (thank you Raven) who helped me tremendously. Like you ... if I see it said here that "This works" ... I don't ask too many questions ... I just install it. I have that much faith in the work they do here.

Now ... it's just another opinion ... but thought you might be interested in it, since I was basically in the same boat as you with the need for security facing several attempts from all sources and angles daily.

Like I said, I had Protector first ... then installed Raven's Hack Alert ... and now I'm running Sentinel as well. I also have the Admin Secure. They are all running very well together and sometimes one will catch something the other misses.

After a couple weeks running the combo ... the hack attempts started dying off ... I guess the script kiddies got tired. Recently the attempts have picked back up again with the new attempts at creating an admin account via a remote script ... but I'm feeling very secure. Even if they were able to manage to create the admin account ... they'd then have to go through the various security steps that even us Admin have to go through before we can get into the admin area Wink

Anyway ... just a long way of saying that yeah, they all work together, and very well ... and I am much more at ease than when I first showed up here.

Take care.

Worker Joined: Feb 16, 2004 Posts: 164

Sentinal v2.0 Works fine with Osc2nuke if anyones interested with a few additions to the code in the includes/sentinal.php file.

You need to tweak the Sentinel Include php to make sure that the tep_session_is_registered() or it will return the following error:

Code:







PHP Fatal error: Call to undefined function: tep_session_is_registered() in mainfile.php on line 233 


It's a simple fix, just open up include/sentinel.php and look for the following code: 





// Load required scripts if ($forum_admin == 1) { require_once("../../../config.php"); require_once("../../../db/db.php"); $lang_dir = "../../../"; } elseif ($inside_mod == 1) { require_once("../../config.php"); require_once("../../db/db.php"); $lang_dir = "../../"; } else { require_once("config.php"); require_once("db/db.php"); $lang_dir = ""; } 





Just replace it with the following, and all will work just fine. 





// Load required scripts if ($forum_admin == 1) { require_once("../../../config.php"); require_once("../../../db/db.php"); require_once("../../../includes/application_top.php"); $lang_dir = "../../../"; } elseif ($inside_mod == 1) { require_once("../../config.php"); require_once("../../db/db.php"); require_once("../../admin/modules/oscnuke/init.php"); $lang_dir = "../../"; } else { require_once("config.php"); require_once("db/db.php"); require_once("admin/modules/oscnuke/init.php"); $lang_dir = ""; }