Problems with Nuke Sentinel

New Member Joined: Jul 07, 2006 Posts: 3

Ok, Im completely aggravated here, wish there was a way to uninstall NS! At any rate here is my problem.

For some reason, I and all the other admins are locked out. This just doesnt make any sense. I have checked to make sure were were not banned by IP or anything. I emptied the nuke authors and NS admins, and still doesnt let me in. After I empty out the nuke author, I was able to recreate a new super admin account. Logged on and got the admin menu, but then when I click on any button, I get blocked out by NS for an unknown hack attempt. I cant even get into admin my forums or anything, this is so frustrating. Can anyone help? This is the message I get after clicking an admin button after logging in. I keep checking the blocked sections with phpmyadmin, and there is nothing there. Help!

You have been blocked from entering this site.

You have attempted an unknown attack on this site.

All of the following information has been gathered to assist the webmaster should this need to be reported to local or federal law enforcement.

If you think this is a mistake you can contact the site webmaster at feelgood(at)clanjyd(dot)com.

Be SURE to include the following information in any email!
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7
Query String: op=CenterBlocksAdmin
GET String: op=CenterBlocksAdmin
POST String:
Referer: http://clanjyd.com/admin.php
Request Method: GET
Remote Address: xx.xxx.xxx.xxx
Client IP: none
Forwarded For: none
Date Blocked: 2007-10-18 @ 21:22:44 CDT GMT -0500
Block expires: Permanent

registered · Posted: Thu Oct 18, 2007 9:03 pm

You can disable the changes to your nuke files to uninstall Nuke Sentinel.
Sounds like your admin cookie is not sticking for some reason

Posted: Thu Oct 18, 2007 9:58 pm

Ok, which files do I have to edit to disable NS? And why would all of a sudden the cookies stop working? Makes no sense. I was thinking it was a cookie issue as well. I even went in and cleared the cache, in my browser, to be sure. This problem is happening with all the admins, not just me. Just seems strange it happened all of a sudden. I just need to disable it long enough to regain control of the website. Then I will just grab the latest NS and re-install.

Subject Matter Expert Joined: Feb 23, 2004 Posts: 358

In mainfile.php (in your web root), look for:

Code:

@require_once(INCLUDE_PATH.'includes/nukesentinel.php');

comment that line out:

Code:

// @require_once(INCLUDE_PATH.'includes/nukesentinel.php');

Sentinel should not bother you until you get it sorted...

PHrEEk

Posted: Fri Oct 19, 2007 1:23 am

You haven't changed any Cookie settings recently in Security?

Also what browser are you using?

Have you tried it on a nother computer?

I'm not at home at the moment, but I believe there is a way of uninstalling Sentinel, possibly using the nsnst.php file, I'll have to check. The other option is to drop the NS tables and delete the NS files from your server, also don't forget the core file edits.

Posted: Sat Oct 20, 2007 10:02 pm

jakec wrote:

You haven't changed any Cookie settings recently in Security?

No.

jakec wrote:

Also what browser are you using?

Firefox latest version.

jakec wrote:

Have you tried it on a nother computer?

Yes. I and the other admins cannot get on. We all get the same error.

jakec wrote:

I'm not at home at the moment, but I believe there is a way of uninstalling Sentinel, possibly using the nsnst.php file, I'll have to check. The other option is to drop the NS tables and delete the NS files from your server, also don't forget the core file edits.

If I drop the NS tables and files, wont that stop everything from working? It seems NS integrates itself into EVERYTHING. Almost like a virus. Looks to me like trying to remove it will be a colossal nightmare. When I commented things out, like suggested above, the site stopped working entirely. I deleted all the nuke authors, and recreated the Super Admin account. I can log into the website admin, but when I click on anything in the admin menu, I get booted out with an unknown attack by NS.

Any help or ideas is greatly appreciated.

registered · Posted: Sat Oct 20, 2007 10:14 pm

I suggest you comment out that one line that Phreekie mentioned, then temporarily move or rename the file includes/nukesentinel.php.

Commenting out that one line will stop Sentinel from running. However some additional functions, mainly in mainfile.php and Your_Account, check for the presence of that file, and if it is there, look up stuff in global variables that sentinel maintains. (That is, if you did the core edits as per the instructions). So renaming that file should also be done.

registered · Posted: Mon Oct 22, 2007 5:26 am

NukeSentinel 2.5.x also lets you switch it on/off right in the NS admin panel...

Posted: Mon Oct 22, 2007 8:05 am

The fact that you are getting this message:

Quote:

You have attempted an unknown attack on this site.

has been bugging me. I've been looking around inside of NukeSentinel and you only get that message from the /abuse/abuse_default.tpl file (I believe). There are about a dozen reasons for blocking ips and these are listed in the table nsnst_blockers and loaded into a blocker array in NS. Only if the reason for blocking is a zero (which has the block_name of "other") will you load the abuse_default.tpl file. So most of the reasons for blocking: filters, referers, script attacks, even admin attacks would not result in your seeing what you are seeing.

I can't quite figure out under what conditions NS triggers the "unknown" attack message. One thing that you might want to check is your /abuse directory and make sure that there are a bunch of files there for the various attack types. I think that if these files are missing you might be seeing what you are seeing.

The other thing you could do is backup the Sentinel code and then put some echoes into the block_ip function of the /includes/nukesentinel.php file to trace what it is doing. Of course if you aren't familiar with programming php this isn't an option. Or you could just go thru and install NS 2.5.13 again and make sure everything is set up right. A lot of other people are using this with success.

New Member Joined: Oct 30, 2007 Posts: 2

Hi everybody, my first post here

Sorry if I sound dumb as I am new to NS, but I found this topic doing a search after being locked out by Sentinel as an Admin as well

I wanted to ask you - did you have NS writing the banned IPs to .htaccess?

And if so, did you make sure you edited them out from the file?

That's what I did (cleared IPs from database and .htaccess) and I was able to get in again

Posted: Tue Oct 30, 2007 6:48 am

Yes that is the usual drill. Also add your IP to the Protected Range to stop it from happening again. Wink

Posted: Wed Oct 31, 2007 9:27 pm

Actually, unless something's changed in the last 6-12 months, you should make sure your Admin login is PROTECTED, and always keep your Admin name logged in. Sentinel will not write .htaccess bans or issue database bans against you, regardless of your IP. T'was designed this way to allow you to test attack URLs.

PHrEEk