I'm *banned* from nukediva...

Involved Joined: Feb 08, 2005 Posts: 290 Location: USA

OK this is kinda dumb, and I apparently can't contact her to tell her about it. I accessed her site through google and here's the info...

BLOCKED / BANNED FROM... [ Only registered users can see links on this board! Get registered or login! ]

I accessed the site via google ... is that a crime?
http://www.google.com/search?q=error+header.php:32&hl=en&lr=&start=10&sa=N

You have been blocked from entering this site.

You have attempted a Scripting attack on this site.

All of the following information has been gathered to assist the webmaster should this need to be report to local or federal officers.

User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Remote Address: xxx.xxx.xxx.xxx
Client IP: none
Forwarded For: none
Date Blocked: 2005-02-12 19:40:16
Block expires: Permanent

So what, my IP gets scrolled on her site as a hacker now??? We can't get refers from Google? Or is she overly paranoid so as to have it set so anyone coming from google is a hacker? *Blooooooooooooonde*

If anyone can contact her and she needs my *true IP* she can contact me via PM here and I'll send it to her so she can UNban me : o/

How do I turn THAT off in my Sentinel 2.1.3 so I don't do it to other unsuspecting souls (*doesn't want to block someone because they find my site on google*)?

Smack

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Why do you feel that this is a NukeSentinel Bug?

Posted: Wed Feb 23, 2005 3:46 am

Perhaps it's not, perhaps it's user misunderstanding ... perhaps she's not aware that she's banning traffic from google ... or maybe she is aware? Would someone purposely block google or any other search engine traffic when it is generally used to bring visitors to your site and may bring you business if you sell things?

It said it was a scripting attack tho, not a referring attack ...

If I posted in the wrong place I apologize.

Posted: Wed Feb 23, 2005 7:41 am

Sure they would. If misinformed. If google was spidering a post that had the script tag in it, they would get banned. That's why we set up the 'Excluded Ranges' facility.

Posted: Wed Feb 23, 2005 8:48 am

Well I sure wish someone would tell her about it : o/ ... *innocently counted amongst the bad people now* Crying or Very sad

Posted: Wed Feb 23, 2005 8:57 am

Can you email her?

Posted: Wed Feb 23, 2005 9:00 am

Well, I can't get on her site to get her email so I'd hafta say no LOL ...

What I'd really like to see is a known list of IPs of troublesome people ... perhaps by several sentinel users getting together and comparing notes. I just think if I got banned how many others are getting banned for the same misconception.

*Really, I'm a good peeps, not a bad peeps ... honest*

Posted: Wed Feb 23, 2005 9:05 am

I contacted her via her Feedback and asked her to review this thread

Posted: Wed Feb 23, 2005 9:13 am

Thanks Raven you rock! Hugzzz

RavensScripts

Posted: Wed Feb 23, 2005 9:22 am

Are there clear instructions somewhere on how to exclude IPs? Say on my Sentinel I want to allow google and other search engines ... do I have to know the IP ranges or what? Sounds complicated LOL ... I mean really, how can you tell if someone is truly trying to hack you verses an innocent *visitor*?

Or rather than exclude the search engine IPs you just unban those that complain about being banned or what? How's that work? I guess leave the settings as suggested and if you get notified of a ban it should be up to you to investigate what happened huh? Rather than being comfy that your Sentinel is doing it's job and assuming everyone that gets banned deserves it?

Well, this has taught me that if/when I'm notified of such an offence on my site I'll be sure to follow up and check the IP out with others, etc. *Thinks we need a bad peeps database* LOL ... boxingself

Posted: Wed Feb 23, 2005 10:34 am

Excluded Ranges are those that you do not want to track, i.e. Google, MSN, Yahoo

You can find the range by clicking on the ip and it will open a new page that shows the complete range Smile

Excluded is different then Protected though. Protected ranges do not get banned, they will see the abuse page but not be entered into the database or htaccess file. Even if you protect the Google ip ranges it will not stop a user from being blocked since their ip is seen when going from google to the site.

Posted: Wed Feb 23, 2005 12:06 pm

Bluezzz wrote:

*Blooooooooooooonde*

Trying to get on my good side? Smile

In all the time I've used Sentinel, I've only had one other Google-related complaint. That person sent me feedback about getting the ban message and I unbanned his IP.

Some info I hope will be helpful:

1. I clear IP ranges at least once a month, so nobody is blocked forever.

2. If site access is blocked, email sent to webmaster@, admin@, support@, ect... at any of my active domains should reach me.

3. If you were able to access the site before this occurred (which I realize might not be the situation), the welcome message at nukediva.com has this statement:

Quote:

Please take a few moments to read the Site/Forum FAQs as both contain necessary information to make the best use of this website.

In site FAQs I have ban information outlined:

Quote:

If you were banned from the forum, you can ask one of the moderators to reinstate you. Unless your behavior was way out of line, you will generally be given another chance.

If you were banned from using a feature, such as Classified Ads, that ban was made at administrator level. You will have received an email from the site admin telling you why you were banned from access. You may not be able to regain rights to access this feature. It will depend on the reason you were banned.

If you were banned for using a site-ripper or email-harvester, access may be restored if you stop using this tool while visiting the website. Contact the webmaster with your IP address to have it removed from the list. But please be advised that our security system scans for these tools each time you visit and will ban you automatically if they are detected. The webmaster will not keep removing your IP from the ban list if you continue to use these tools at this website.

If you were banned from the site for attempted hacking or other exploits, your IP address will be automatically banned and your account will not be reinstated. No exceptions.

Please be aware, too, that proxies are public facilities. If you are surfing in on a proxy, it is entirely possible that the last person who used the proxy attempted an exploit and was banned. Banning is strictly by IP address or range. The banning system has no way of knowing that you are not the same individual who attempted an exploit, only that you surfed in from the same IP or IP range. It is not personal, and if you contact the webmaster with the IP address it will be cleared from the ban list in most circumstances.

If you feel you were banned unfairly, please contact the webmaster with details of what you were doing when site security was triggered and the ban occurred. If it was an accident or mistake, we will restore your account access.

If you have any access problems with nukediva.com, please email me with your IP and I'll unban you asap.

Posted: Wed Feb 23, 2005 1:32 pm

= I didn't even realize that was your site Smack

I would say I'm embarrased but then, you're not really blonde, are you? How are you? Whare have you been?

Posted: Wed Feb 23, 2005 4:10 pm

My apologies for the *Blooooooooooooonde* comment. This is my first ban experience, and I was ticked, mainly because the ban was unwarranted since I was clicking a link in google and poof ... banned for no apparent good reason.

Then my next concern was how many other sites is one getting banned from just for clicking a google link, thus this thread.

Ane yes, I had been to your site before but usually when I'm surfing PHP sites I have a mission ... I'm looking for something specific such as blocks, modules, themes or help/info on a problem ... I seldom look at any site FAQ unless that's what I'm specifically in need of. I could not have known at the time of my last visit for instance, that I would be banned. The ban said *Permanent* ... again, I could not know different ... and I didn't take any email info the when I was there previously so I couldn't know that either. Unfortunately one can't get to the site FAQ once they've been banned. Perhaps a redirect to that page, or something similar offsite?

Again, my apologies, I am blonde and not afraid to admit it when I act so ... worship

Posted: Wed Feb 23, 2005 4:27 pm

I am unbanned ... weeeeeeeeeeee!

Wave

Posted: Wed Feb 23, 2005 7:27 pm

If you ever get banned then go to google and search for: proxy servers

1) Pick a proxy (prefered is a anonymous one)
2) Setup your browser to use that proxy
3) Travel on the "banned" website untill you've found what you looked for

Posted: Wed Feb 23, 2005 11:08 pm

Cool. Can someone please knock heads at nukemods.com for me for banning me several weeks ago for Harvesting??? I wouldn't even know how to do that. All I did was click on my IE Favorites link one day to see if they had any updates to one of their themes I use and BOOM... banned!

Uuuuggghhhhhh...

That has given me an idea, though, for possibly a NS enhancement: is it possible to allow a configuration setting to show/hide a message with link towards the bottom of each banned pages with some way to send the webmaster an email or something which states your case on how you have been improperly banned? I certainly don't want that kind of problem to occur on my sites.

Just a thought...
montego

Posted: Wed Feb 23, 2005 11:19 pm

Defeats the purpose Smile

. I ban at the server level so you never even get to my site. I understand the what and why of your post but for me it's impossible.

Posted: Wed Feb 23, 2005 11:26 pm

It just seems a shame to completely ban them from even presenting their case. Is there a way to possibly allow access to only ONE php script and that script somehow manages the "complaint resolution process"??? Just a thought...

Posted: Wed Feb 23, 2005 11:38 pm

Not if you ban at the server level. I also nail them to PC Killer. DJ has the answer. Just pop in as some other server. Or, just refresh your DHCP. That almost always works.

Posted: Thu Feb 24, 2005 2:17 am

I agree with montego, especially if the ban was unwarranted in the respect that the visitor was not trying to hack the site. Thankfully you were able to get ahold of Diva and it all worked out for me. But montego's post does reiterate what I was saying about a person seemingly having no recourse should the ban be unwarranted.

I see Sentinel has a forwarding url (I assume you use that to send the offender once they've been banned) for each configuration (all mine are blank like yours are) ... perhaps that could be used to send them to another site or page that explains why they may have been banned and how to contact you if the ban was unwarranted, etc?

Posted: Thu Feb 24, 2005 2:21 am

Regarding DJ's post about using a proxy ... doesn't that just sort of make Sentinel null and void? I appreciate his post and might certainly have to use that tactic for future unwarranted bans ... but to post that makes Sentinel seem null and void if all you have to do is log on via a proxy.

I guess I don't really understand the who ban thing yet but I am trying to learn.

I should add ... THANKS DIVA ... : o}

Posted: Thu Feb 24, 2005 2:28 am

Not at all. Remember that if a person has been banned (legitimately) they will be banned again and again if they try the same stupid stunts. However, if they were banned in error, then they can use the proxy and get the the email addy to contact the web master. I am just not understanding the issue here. If you are banned by mistake then the proxy clears it it up. I read every banned email I receive to see if it was real or memorex. I'd would say that in the past year, less than 1/10 of 1% were mistakes.

Posted: Thu Feb 24, 2005 3:13 am

I guess the issue is being banned *by mistake* ... it's sorta like being hung without a trial or jury (from the receiving aspect I mean) and I'm sure there is no way around that (from the security standpoint).

I, for one, don't relish the thought of my *Bad People* IP being scrolled for all to see when I didn't do anything wrong (well, certainly not on purpose). Now, since my issue was resolved let me play devil's advocate and use a hypothetical case such as mine or even montego's ... being an innocent surfer clicking a google link, or my favs link, I get

1) Banned Permanently
2) My IP scrolled in the Hacker block

Now my case was resolved quickly and I thank you all for that. I'm not complaining now ... just trying to clarify what the *issue was* for me, and I'm sure montego feels the same. I at least have here to come back to and post a *what the heck!?* Others may not know how to get resolution.

But from the other standpoint, of a website owner using phpnuke, I see where *better safe(r) than sorry* has to be the case here, phpnuke being what it is. It's nice to know that you do read those emails when you get them, I'm wondering how many do. Again, I'm sure the strictness of the features is set by the admin and perhaps (like me) not all of us understand what that means/entails. I set all mine to defaults as you have in your tut but quite frankly I'm not sure what the end results will be LOL, I'm just following your lead. Ultimately it is my responsibility as site owner to check any emails that do result from Sentinel and, if possible, verify if the person is a real hacker. I have learned that much from all this!

Hopefully montego will be able to log on via proxy as suggested and contact nukemods with an explanation.

Posted: Thu Feb 24, 2005 4:24 am

Seriously, you're taking this way to seriously ROTFL

Do you know what my IP is? If you saw 30 IP's scrolling on LS's site, can you pick mine out? See what I mean? It really isn't like that. I have been "banned" from sites both rightly and wrongly. 100% of te time I hop on an anomimizer and continue right on. Takes an extra 5 or 10 seconds. I'm not arguing with you nor Montego. Sh*t happens, as they say, and so does mistaken banning. It's trivial at the most.