| Author |
Message |
shotokan
Worker
Joined: Aug 27, 2006
Posts: 172
|
 Posted:
Wed May 23, 2007 5:52 pm |
|
After i have installed the NS and setup all the blockers i notice that the flood blocker is actually blocking at least 10 members a day which is very bad and they have been complaining a lot.
So i try increasing the number of seconds up to a point that i said... why should a have that with something more than 10 seconds or so, then i decided to ask for the real NS knowledge people which are the blockers that really make sense to have it on and ther is a couple of them that i really don't quite get why and if i would need to turn them on.
1. Flood - What is really this one intended and what is the risk i am running leaving this off?
2. Harvester - What is really this one intended and what is the risk i am running leaving this off?
3. Referer - What is really this one intended and what is the risk i am running leaving this off?
4. String - What is really this one intended and what is the risk i am running leaving this off?
5. Filters - What is really this one intended and what is the risk i am running leaving this off?
6. Clike - What is really this one intended and what is the risk i am running leaving this off?
The other I think i got the idea but i really want make sure i am ot overdoing the blockers by understanding the real meaning of those above. I did read the little explanation on the FAQ but i guess that was not quite enough for me to decide which one to use.
Thanks, |
_________________
Shotokan |
|
|
|
Gremmie
Former Moderator in Good Standing
Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA
|
| Posted:
Wed May 23, 2007 9:14 pm |
|
I never use flood. My impression is that it is something you turn on when you are getting a flood attack, otherwise it is too intrusive. |
_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module |
|
|
|
|
shotokan
|
| Posted:
Thu May 24, 2007 8:23 am |
|
| Gremmie wrote: | | I never use flood. My impression is that it is something you turn on when you are getting a flood attack, otherwise it is too intrusive. |
That's a good advice Gremmie thanks.
But what about the others? Have turn them on? |
| |
|
|
|
|
Susann
Moderator
Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support
|
| Posted:
Thu May 24, 2007 9:08 am |
|
Yes, turn the blockers on and use the search function for "flood blocker" maybe your settings for the flood blocker aren´t correctly. |
| |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Thu May 24, 2007 9:10 am |
|
Flood stops fast reloading of pages within a certain timeframe from one user... a flood. Really it may stop some traffic, but your server is still doing work. A proper Denial of Service flood will use many many connections, from many different users. Flood protection here is much more effective on the server level. Keeping it off won't hurt your site.
Harvester protection is used to stop robots from scanning your site. It most useful in preventing known harvesters of email addresses.. ala for spammers. Keeping it off won't hurt your site.
Referer protection is used to stop spam through referral messages. This is to add URLs into your stat logs. If those are published publically, then they are indexed and used to draw traffic for the spammers site. Keeping it off won't hurt your site.
String protection is used to stop specific strings from being posted. This is most effective for known spammer texts, URLs, etc. Keeping it off won't hurt your site.
Filters protection is used to block known abuses, much like the phpNuke's own protection. Code such as JavaScript should be properly filtered. Keep this on - it replaces the default phpNuke protection and could potentially increase your site's vulnerability if its off.
Clike protection is used to block known abuses, specifically the usage of C-like strings - comment code, etc. These are mainly used in SQL injection attacks. Keep this on - it replaces the default phpNuke protection and could potentially increase your site's vulnerability if its off. |
_________________
- Only registered users can see links on this board! Get registered or login! -
Need help? Only registered users can see links on this board! Get registered or login! |
|
|
|
shotokan
|
| Posted:
Thu May 24, 2007 9:24 am |
|
| evaders99 wrote: | Flood stops fast reloading of pages within a certain timeframe from one user... a flood. Really it may stop some traffic, but your server is still doing work. A proper Denial of Service flood will use many many connections, from many different users. Flood protection here is much more effective on the server level. Keeping it off won't hurt your site.
Harvester protection is used to stop robots from scanning your site. It most useful in preventing known harvesters of email addresses.. ala for spammers. Keeping it off won't hurt your site.
Referer protection is used to stop spam through referral messages. This is to add URLs into your stat logs. If those are published publically, then they are indexed and used to draw traffic for the spammers site. Keeping it off won't hurt your site.
String protection is used to stop specific strings from being posted. This is most effective for known spammer texts, URLs, etc. Keeping it off won't hurt your site.
Filters protection is used to block known abuses, much like the phpNuke's own protection. Code such as JavaScript should be properly filtered. Keep this on - it replaces the default phpNuke protection and could potentially increase your site's vulnerability if its off.
Clike protection is used to block known abuses, specifically the usage of C-like strings - comment code, etc. These are mainly used in SQL injection attacks. Keep this on - it replaces the default phpNuke protection and could potentially increase your site's vulnerability if its off. |
That's was really great evaders. Thanks a lot. |
| |
|
|
|
|
shotokan
|
| Posted:
Sat May 26, 2007 2:15 am |
|
Should "DOS Protection" be activated?
What is the "Santy Worm Protection" for?
What is teh "Site Swtich" for? |
| |
|
|
|
|
Susann
|
| Posted:
Sat May 26, 2007 1:06 pm |
|
Well, SantyWorm was active before you registered here. It was in the year 2004 the hole was found in version 2.0.10 and Santy defaced 100.000 of sites but with the search function you´ll find a lot of topics about this problem or use google. The site switch is self explaining I think.
Its your decision to activate the Dos protection but I would use the option.
I also have activated Santy Worm protection that won't hurt. |
| |
|
|
|
|
Gremmie
|
| Posted:
Sat May 26, 2007 3:09 pm |
|
DOS is denial of service. I think it is another one of those things that you turn on if you are currently under a DOS attack, otherwise it is fairly intrusive. If you are under a DOS it is better to have protection at the server level anyway, but there isn't a lot you can do really. It hopefully won't be a common occurrence for you.  Mine is off.
Santy Worm: http://www.ravenphpscripts.com/posts11386-highlight-santy+worm.html
I leave it off since it tripped up someone trying to register on my site with rush in his name I think. phpBB has been patched so it should not be a problem on a recent Nuke.
Site switch allows you to disable your site so that you can do maintenance, upgrades, or whatever. Only admins can access the site if it is disabled. It is very handy. |
| |
|
|
|
|
shotokan
|
| Posted:
Sun May 27, 2007 10:29 pm |
|
Thanks gremmie
Now i got the site exchnge thing and agree with you.
I will leave the other off like you said. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
