| Author |
Message |
fkelly
Former Moderator in Good Standing
Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY
|
 Posted:
Sun Aug 06, 2006 4:45 pm |
|
Leo:
I am looking. I thought I'd find the problem immediately, a missing space or quote that doesn't match but I don't see it. I will try to take a look tomorrow because the least I can do is duplicate the echoes on my own system even though I have a different version of Sentinel. I can't count the number of times I've thumped myself in the forehead for a simple syntax mistake but I just don't have the energy to try to duplicate it tonight and upload it etc.
The blank screen is why I suggested the backup and unless you feel like fiddling I'd revert. I'm sure I just made some "simple" syntax mistake but I need rested eyes to see it. |
| |
|
 
|
|
leo51
Worker
Joined: Sep 09, 2004
Posts: 106
Location: Canada
|
| Posted:
Sun Aug 06, 2006 5:32 pm |
|
OK, Let me see if I could explain this issue: Looking at the log when a successfully payment is made to Paypal and the results are written to my earning database:
Here is the process: (PayPal uses two ips for the process
(1) I Hit the donate.php
(2) Paypal (IP 1) return get my robots.txt
(3) Paypal (IP 1) need access to these strings in /includes/nukesentinel.php
Code: $db->sql_query('UPDATE `'.$prefix."_nsnst_flood` SET `lastpost` = '".time()."' WHERE `ip` = '".$nsnst_const['remote_ip']."'");
} else {
$db->sql_query('INSERT INTO `'.$prefix."_nsnst_flood` (`ip`, `lastpost`) VALUES ('".$nsnst_const['remote_ip']."', '".time()."')");
$lpdelete = time() - 600;
$db->sql_query('DELETE FROM `'.$prefix.'_nsnst_flood` ORDER BY `lastpost` LIMIT '.$ab_config['flood_del']);
$db->sql_query('OPTIMIZE TABLE `'.$prefix.'_nsnst_flood`');
}
} else {
// let's make a brand new cookie
$lp = intval($HTTP_COOKIE_VARS['nsnst_flood_lastreq']);
|
(4)Paypal (IP 2) must POST /ws_donate.php?action=ipn.
(5) If the payment went through, I am taken back to my site and the ws_donate.php?action=success string is reported in my browser. Also, paypal IP 1 reports back to my site the same string as in condition 5.
Now when I have Sentinel "Enable" condition 2 & 3 are not taking place.
That's it .. In my opinion sentinel is the cause of my problem
Again Thanks for previous suggestions and any new which could help me.
Finally....The Good news
From my thinking, I replaced /includes/nukesentinel.php with version before NS2.5.0 and the results. OKOKOKOK--FINE. Therefore, how safe is it to run as this. I don't want by site to be hacked so I replaced back 2.5 and will hold.
Could the developers of Sentinel HELP ME OUT PLEASE.
============= |
Last edited by leo51 on Sun Aug 06, 2006 9:29 pm; edited 5 times in total |
|
 |
|
fkelly
|
| Posted:
Sun Aug 06, 2006 9:12 pm |
|
Leo ... I will have to defer to higher authorities with Sentinel on this but good luck with it. I can say that unless there is a specific hack attack that you are looking to protect against you don't have to be at the bleeding edge of Sentinel releases to be "relatively" safe. The temporary solution that you've come up with should work fine until someone can do a file comparison and find out what is causing the problem with the most recent release. |
| |
|
|
|
|
leo51
|
| Posted:
Sun Aug 06, 2006 9:36 pm |
|
Very encouraging, fkelly. Constructive conversations always get results and that what you guys have done to help me.
I am still a novice at this while I have been able to solve many of my issues simple because I love the challenge.
Again, Many Thanks and do enjoy the trip ----- play it safe lol |
| |
|
|
|
|
leo51
|
| Posted:
Mon Aug 28, 2006 12:49 pm |
|
OK, I see that there is no further response since I last posted. Yes, my issues still exist and I have been monitoring the activities and trying to solve it but no results.
Here is what I have been able to notice carefully.
When I am use nukesentinel.php from 242pl9, my subscription activity gets added to the earning database and here is how. (I will use xs and also won’t post the entire strings in order not to compromise anything since I am not sure about what these strings represent during the paypal activite)
action (1) [click donate button]: MY Computer IP XXXXXXXX - - [28/Aug/2006:09:32:22 -0500] "POST /ws_donate.php
action (2) get paypal ipn: Paypal IP xxxxxxxx - - [28/Aug/2006:09:33:06 -0500] "POST /ws_donate.php?action=ipn HTTP/1.0" 200 1
action (3) <b>Paypal IP: XXXXXXXXX - - [28/Aug/2006:09:13:53 -0500] "GET /ws_donate.php?action=success&tx=xxxxxxxxxxx&st=Completed&xxxxx…..DELETE the rest.
Action (4) I return to my web site after making successful payment at Paypal: MY IP XX XXXXXX - - [28/Aug/2006:09:14:10 -0500] "GET /ws_donate.php?action=success&tx=xxxxxxxxxx&st=Completed&xxxxxx….DELETE the rest.</b> and the earnings database is updated.
(1) Now when I use nukesentinel.php from 252 my subscription activity will NOT get posted to the earnings database. I think that either the paypal return or my IP is being blocked from posting at this time.
(I update 250 t0 252 same issue)
Therefore, it could have to do with flooding since my IP did already post a few seconds before but I do not have this option activate:
But there is another issue, when using nukesentinel.php-242pl9 and there is a block, the IP is not written to the sentinel database so that user just hit “Home” and is back on the site to start all over again. Yes, the IP is written to the .htacess but its not written on a separate line so therefore, my site is done due to .htacess internal error misconfiguration.
I really need some assistance PLEASE.
I am also looking at the changes from 242 to 252:
CHANGE LOG:
2.5.00 CHANGES (2006-07-10):
+ Includes IP2Country 2006-07-09 updated imports.
- Took , out of filenames.
+ Checks for empty user agent.
+ Re-added flood protection.
+ Added template viewer resource in admin.
+ Added template source viewer resource in admin.
+ Added Tracked User Agents with ability to add agents to the harvester list.
+ Added new setting so that old tracked ip's are cleared only once
per day. (speed enhancement)
+ Added new setting so that expired blocked ip's and ranges are
cleared only once per day. (speed enhancement)
+ Installer adds the installing admin's ip into the protected
ip range table and the excluded ip range table.
+ Added disable switch to allow for testing of interactions between
NukeSentinel(tm) and other modules/addons.
+ Upgraded OverLib 4.0.0 to OverLib 4.2.1 .
+ Updated tracked and blocked ip's tables for better sorting by ip
address.
- Removed unused lang defines.
2.4.2pl9 CHANGES (2006-06-09):
+ CRITICAL UPDATE: phpBB & user injection update.
+ Corrected lang define that caused poor display.
+ Code corrections (Thanks to Technocrat)..
Could some one familiar with this info point out which addition(s) can cause the issue could just disable that line or function and test. I have tried my little nonsense but to no avail.
THANKS |
| |
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Tue Aug 29, 2006 12:42 am |
|
At this point, I would suggest PM'ing BobMarion as I am just doubtful any of us here are knowledgable enough to assist you. We have all, including you, spent alot of time on this issue and, as the author of NS, he may be better able to help you. |
_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
