The newest version of sentinel

Posted: Fri Apr 07, 2006 9:23 pm

Just curious if anyone has patched to 2.4.2pl5 yet and if any noted problems.. I don't want to be the guinea pig.. Im most crious about the blocker protection and if its been corrected

registered · Site Admin Joined: Jun 04, 2004 Posts: 6437

Can you be a little more specific about what's wrong with the blocker protection?

Worker Joined: Feb 06, 2004 Posts: 147

I have installed it and I am getting more bans in less than a 3-days span due to Reason: Abuse-Flood-
Previously, I was running 2.4.2pl3 and was not getting such things. At one point, I tried loging and mistyped my passsword and got banned from my site.

Posted: Sat Apr 08, 2006 5:25 am

Sorry about that what I meant to say was have they corrected the flood protection.. yesterday was a very long day for me.. Im at 2.4.2pl4 and the flood protection bans for flood abuse. when there was no flood so I currently have that shut off

Posted: Sat Apr 08, 2006 7:23 am

Thanks for following up. I haven't looked at it in detail yet, but hope to do so soon.

Posted: Sat Apr 08, 2006 1:43 pm

I´m busy to unban myself."lol" The flood is set to 5 and the gfx check to 7. Whenever there is a problem with the security code I´m banned through the flood blocker. This happens also in the version 2.4.2.pl4.
I ´m using Fetch mod and it seems since I upgraded to the newest version there is a problem with the security code.

--------------------------
Reason: Abuse-Flood
--------------------

Query String: mygame.de/modules.php?gfx=gfx&random_num=770579
Get String: mygame.de/modules.php?gfx=gfx&random_num=770579
Post String: mygame/modules.php
------------------------------------------
DNSStuffDNSStuffSorry, you have triggered our rate limiting system.

Anyone else got the same problem ?

There is similar post don´t know his NukeSentinelVersion:

http://www.ravenphpscripts.com/postt9185.html

Btw: The site is my playzone. So i don´t need at the moment an activated flood blocker.

Posted: Sat Apr 08, 2006 2:22 pm

Yeah i have been banned multiple times and whats funny is my ip is in the protected range all i did was shut the flood protection off until they fixed the issue..
I was hoping it was resolved with the new patch but I guess ill have to wait until 2.4.3.. So for now i believe ill stay at 2.4.2pl4

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

You need the other changes in pl5. Just don't use the flood protection. It's pretty much a minor protection spamming anyway. Flood protection needs to be at the server level, not the site level. I could flood your site and no application level protection would even know it, much less stop it.

Posted: Sat Apr 08, 2006 3:04 pm

ohh lol I have flood protection already at server level by default its like 50,000 questions per user per hour I think sound about right?? so ill do the patch if its suggested by you...

Client Joined: Dec 24, 2004 Posts: 194 Location: Michigan

i did it last week and havnt had any " real "
issues that i know of from it specifically that i know of

Posted: Sun Apr 09, 2006 8:56 pm

I never realized there was any issue until I tried to import to block ranges.. They won't go in the database and its really not a big deal just interested if anyone else had the issue

Worker Joined: Jan 07, 2005 Posts: 163

hey everyone, i think i found the security code problem, i turned off flood protection and all codes working correctly.

Posted: Sat Apr 29, 2006 4:38 pm

I'm wondering what the flood protection is set to by default in the installation of the new Ravennuke 2.02. I'm seeing people get banned as they try to get into the test version of my site. I may have caused this myself by copying config tables over from my old site but I'm not sure. I just went into Sentinel and turned Flood protection off but we might want to put a general warning off or correct the defaults until Sentinel can be fixed.

Thank whoever for SEARCH plus FORUMS.

BTW the 50000 questions per hour has nothing to do with floods. It's a limit brain dead HOSTs put on their users which can be easily circumvented if you search the Forums here for suggestions. Or, or course, sign up with Raven.

Posted: Sun Apr 30, 2006 12:30 am

Flood protection is off by default in RN 2.02.02

Posted: Sun Apr 30, 2006 6:59 am

Thanks Guardian. I guess I was "hoist in my own petard". I really didn't feel like digging into the database or code last night and I just wanted to have the problem go away.

Doing my research this morning. There is a table nsnst_blockers. In it is a field block_name. If the value of activate in it is set to 5 then it is on. (That seems to be the most common value, I also see referer set to 1). If the value of activate is 0 then it is off. In my production system I have it on and no problems. In my RN 2.02 system I had it on and had problems, it's now off. Since the only difference is an upgrade of Sentinel code from 2.4.2 to 2.4.5 it would follow that the problem is in the code ... or is this issue well in hand? I'll look anyway since I will learn something.

Posted: Sun Apr 30, 2006 7:39 am

I can't figure it and don't see the answer in a manual or thru Google. I could experiment and will but maybe someone knows ...

In the sentinel.php in the includes directory for 2.4.5 there is the following code in the flood routine:

Code:

         $checkrow = $db->sql_query('SELECT `lastpost` FROM `'.$prefix."_nsnst_flood` WHERE `ip` = '".$nsnst_const['remote_ip']."'");

In the same code for 2.4.2 there is this code:

Code:

      $checkrow = $db->sql_query('SELECT `lastpost` FROM `'.$prefix."_nsnst_flood` WHERE `ip` = `".$nsnst_const['remote_ip']."`");

If my compare software didn't point out a difference and if I didn't look at them side by side I wouldn't see the difference. But the coder seems to go back and forth between ` characters (upper right of keyboard, html equivalent &#96, decimal 96, hex 60) and the ' character (html equivalent &#39, decimal 39, hex 27). Does this make any difference? Does PHP interpret these the same? Is the hex 60 code interpreted by PHP the same as the hex 27 one? Does this have something to do with the difference in the behavior of the flood code between the versions or am I just, so to speak, barking up the wrong tree.

registered · Posted: Sun Apr 30, 2006 8:28 am

The use of quotes here is just fine. The author is trying to make this string concatenation as efficient as possible. The first use of single quotes is appropriate and the fastest method of assigning a string. However, since the single quote is needed for the SQL, he has switched to double quotes on the next set of builds so he can include the single quote as a part of the string.

There are known issues with the flood protection that I do not believe have been fixed as yet and is why it is turned off by default. Have not heard though what the plans were for fixing it.

Posted: Sun Apr 30, 2006 11:02 am

Hey, you know me Montego, I just need confirmation: so the single quote that's on the tilde ~ key on the upper left of the keyboard is the same as the single quote that's on the key with the double quote over by the enter key on the right side. Even though they both have different ascii codes, if that matters. The use of these did change between versions and I wondered why.

Posted: Sun Apr 30, 2006 12:23 pm

Sorry, fkelly, I misunderstood your post and have looked at it again!! Sorry about that. You are absolutely correct. The 2.4.2 code is NOT right. The backquotes are to be used on the field names and table names but NOT around the actual data values.

Thank you for helping to set me straight! The single quote on the double quote key is NOT the same as the one on the tilde key.

Posted: Sun Apr 30, 2006 3:52 pm

This is getting involved. I guess I don't understand the use of backquotes at all. I'm going to need to do some experimenting as soon as I can make some time to just spend an hour here going over it. I'm wondering if maybe, if the 2.4.2 code wasn't right and then it got corrected for 2.4.5 -- well maybe what happened is that the 2.4.2 code wasn't protecting from floods at all (or I should say from the Sentinel definition of floods) and now the 2.4.5 is protecting but that's what's causing the difficulties with "false positives".

Yet again, I have to say that in looking over the flood code I'm not sure exactly what's happening and maybe I should just leave this to the experts. It looks to me like the code that I'm questioning only gets executed when the user is anonymous and maybe is not even involved in the problem that I'm seeing. But without spending hours digging I can't say for sure.

And as Raven pointed out flood protection is only really effective at the server level anyway. Maybe it should just be left out of Sentinel? I don't know.

Posted: Sun Apr 30, 2006 5:20 pm

Quote:

And as Raven pointed out flood protection is only really effective at the server level anyway. Maybe it should just be left out of Sentinel? I don't know.

I agree. I think it really had something to do with the proper "counting" of time or something like that. Been too long...

Regarding the backquotes, take a look at SQL generated by phpMyAdmin. To be honest, I've been using them for so long now I cannot even remember why! Laughing

I believe it was either here or on Nukescripts.net where I first read about it 12 - 18 months ago. Sorry... I just use 'em.