| Author |
Message |
sharlein
Member Emeritus
Joined: Nov 19, 2002
Posts: 322
Location: On the Road
|
 Posted:
Mon Jul 26, 2004 11:52 am |
|
Using Sentinel™ 1.2, I was banned, and I wasn't even on the site.| Quote: | Date & Time: 2004-07-26 11:50:02
Blocked IP: my IP
User ID: Anonymous (1)
Reason: Abuse - AGENT
--------------------
User Agent: Mozilla/3.0 (compatible; Indy Library)
|
I used the user agent look up and found the reason - indy library. Is it possible to spoof an IP and add the indy library? I am confused!!  |
_________________
Give Me Ambiguity Or Give Me Something Else!
Last edited by sharlein on Mon Jul 26, 2004 4:31 pm; edited 1 time in total |
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2496
|
| Posted:
Mon Jul 26, 2004 2:24 pm |
|
Tons of browser addons like to change the user agent without permission. I'd check the browsers user agent to see if something has altered it recently. |
_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 |
|
|
|
|
sharlein
|
| Posted:
Mon Jul 26, 2004 2:53 pm |
|
How can I do that, please? |
| |
|
|
|
|
sharlein
|
| Posted:
Mon Jul 26, 2004 4:34 pm |
|
I checked my user agent| Quote: | and your browser is Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)
|
Can I do anything to stop this from happening in the future? Thanks, Steve |
| |
|
|
|
|
sixonetonoffun
|
| Posted:
Mon Jul 26, 2004 4:40 pm |
|
The user agent you have doesn't seem to trigger any resonse in the "Agent Inspector". So I'm a little confused why you got banned. What happens when you unban yourself and go back? |
| |
|
|
|
|
sharlein
|
| Posted:
Mon Jul 26, 2004 4:42 pm |
|
It just happened again, this time on my site.| Quote: | Date & Time: 2004-07-26 17:25:47
Blocked IP: my IP
User ID: Anonymous (1)
Reason: Abuse-Harvest
String Match: indy library
User Agent: Mozilla/3.0 (compatible; Indy Library)
|
Please help, I'm at a loss. |
| |
|
|
|
|
sharlein
|
| Posted:
Mon Jul 26, 2004 5:04 pm |
|
The agent| Quote: | User Agent: Mozilla/3.0 (compatible; Indy Library)
|
brings back| Quote: | Agent: User Agent: Mozilla/3.0 (compatible; Indy Library) is trapped by this Harvester entry: indy library
|
It is my IP, but a diffenent agent. Both times, on different sites, same server, I was not on the site at the time. After I fixed the .htaccess and the database, I can get back on. I tried to get on before the change, and I was blocked. |
| |
|
|
|
|
sixonetonoffun
|
| Posted:
Mon Jul 26, 2004 7:53 pm |
|
Are you blocking IP# or by range? If not number try taking it to number
Options are:
Full IP Specific
1 Octet
2 Octet
3 Octet Broadest
I'd try Full IP or 1 Octet here and see if that resolves it. If you are blocking by Full IP and it is your IP we'll have to dig a little deeper.
G'luck! |
| |
|
|
|
|
sharlein
|
| Posted:
Mon Jul 26, 2004 8:22 pm |
|
Yes, I am blocking by full IP, and the IP getting blocked is mine. Whatever is happening is changing my user agent to trigger the harvester block. It only happened twice, once each on sites that I run. |
| |
|
|
|
|
sixonetonoffun
|
| Posted:
Mon Jul 26, 2004 8:23 pm |
|
For the time being try removing Indy from the harvestor list see if that helps. |
| |
|
|
|
|
sharlein
|
| Posted:
Mon Jul 26, 2004 8:48 pm |
|
It only happened twice Six. Now I am back to my normal user agent (not 3.0 with Indy) I have not changed a thing. Somehow, someone spoofed my IP and added Mozilla 3.0 with the indy harvester. I don't know if I am explaining things correctly, but I wasn't on the site when I got banned. I received the ban notice from Sentinel™. I didn't even recognize my own IP, but I attempted to go to the site and was surprised to see I was banned. I fixed the .htaccess and table, and got back on without incident. This site was using Sentinel™ 1.2.
My other site is running Sentinel™ 2.0 and exactly the same thing happened. I don't think my user agent changed at all. Can someone use my IP and add their own agent? Thanks, Steve |
| |
|
|
|
|
BobMarion
Former Admin in Good Standing
Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)
|
| Posted:
Mon Jul 26, 2004 9:44 pm |
|
Some routers can be programed with ip's. This is a trick that mr. Hitwalker likes to use to try and get by a sites defenses. |
_________________
Bob Marion
Codito Ergo Sum
http://www.nukescripts.net |
|
 
|
|
sharlein
|
| Posted:
Tue Jul 27, 2004 3:54 am |
|
Then I would say that Sentinel™ is an unqualified success. Thank you very much. Having to fix a couple of entries is a small price to pay for security. Thank you all very much. Steve  |
| |
|
|
|
|
BobMarion
|
| Posted:
Tue Jul 27, 2004 9:21 pm |
|
sharlein, would you email please. I monitor 3 different sites sentinel block reports and I just got one from all 3 with the same ip using Indy Library. I want to make sure it's not yours and if it is I want to get the ip cleared on all the sites. |
| |
|
|
|
|
sharlein
|
| Posted:
Wed Jul 28, 2004 6:39 am |
|
Email is on the way, Bob. That is not me, even though it may be my IP. |
| |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Wed Jul 28, 2004 6:43 am |
|
I've gotten several this week and none of them are your IP. |
| |
|
|
|
|
BobMarion
|
| Posted:
Wed Jul 28, 2004 9:42 am |
|
The ip with these are a 209.*.*.* so it's not your ip from the email you sent . |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
