Noob to nuke evo running sentinel 2.5.08

New Member Joined: Dec 10, 2007 Posts: 4

Hello everyone,

I have just got a new Nuke Evo clan website and I am discovering it.
I am a fast learner but I need some guidance on :

1- how to update Sentinel, I am currently running version 2.5.08 that came with Evo.

2-Configure it properly since we we're hacked twice in the last month.
3-Check with someone if there is anything else I need to do to protect my site.

I will PM my MSN adress or give my clan Ventrilo to any generous person willing to help me and put me on the right track.

Thank you for all your work guys,

Sincerely,

mavphoto

Posted: Mon Dec 10, 2007 7:01 am

Sentinel is fairly easy to update and has been discussed many times before in the forums here, so a search of the forums would probably provide a wealth of information.

...but essentially all you need to do it is upload the files and run the nsnst.php. You will need to run the setup consecutively for each version.

For Example: 2.5.08 to 2.5.09 then 2.5.09 to 2.5.10 etc.

I don't know too much about Evo, but you shouldn't need to do any core edits.

Sentinel won't necessarily protect insecure third party modules, so I would recommend updating any third party modules.

You also need to determine how they got, so you can close the hole.

Have you tried posting in the Evo forums about you problems?

Posted: Mon Dec 10, 2007 7:28 am

You should really ask in the Evo forum why the Sentinel version in the packacke is so behind the current NukeSentinel version wich is 2.5.14 and I believe the next version is coming soon.You should not update without feedback from NukeEvo because they are doing her own thing and maybe there are some more code modification needed to run the newest Nuke Sentinel.
Don´t know because I don´t use Evo.

Posted: Mon Dec 10, 2007 8:52 am

I was running a different forum when all my problems started.
Thsi is why I have switched to an Evo base site instead of the regular PhPbb.

I know the hacker used the SQL injection.

Regarding the update, I will look on the evo forum.
Thanks everyone .

Posted: Mon Dec 10, 2007 1:22 pm

We'll need some more information about the SQL injection to try and close the hole.

Posted: Wed Dec 12, 2007 12:09 am

Here is the website in french he sent me via Messenger.
He seemed to know alot of stuff.
I tried to make him understand that what he's doing isn't constructive at all.
It's not destructive since he only gets in and post in our forum, rearange some words to make jokes and all.

anyhow,I could give his name and MSN adress
here is the website link in french:
http://www.kachouri.com/tuto/tuto-43-attaques-par-injection-sql.html

Posted: Wed Dec 12, 2007 1:15 am

Have you got the captcha turned on?

Posted: Wed Dec 12, 2007 3:07 am

I'm not sure why I made that last post, the captcha won't help against an SQL injection. Need more sleep.

I believe with the latest patched files and sentinel you should be protected against that kind of SQL injection.

Update your sentinel and make sure you are using the latest patched files.

Posted: Wed Dec 12, 2007 8:07 am

I will have to wait for Nuke Evos to come up with their update since it's build in.

registered · Posted: Wed Dec 12, 2007 10:38 am

I am not sure why you asked this here vs our site, but what ever.

You cannot update sentinel in Evo this way because of the changes we made to it such as caching. However you most likely do not need to update. The core files have been updated and are always kept up to date as long as you either download the package after I post the fixes, or download the fixed files in the patch forum. I always keep those current.

The reason it says 2.5.08 is I haven't released the remaining fixes because it would take some time to take them apart, and repack them for the minor changes that were made outside of security. Things like table width, and printing ip lists. I don't have the time and I suspect most people would never even notice those minor changes. Though it might get people to stop asking all the time. Sad