| Author |
Message |
p17blo
Regular
Joined: Jul 27, 2007
Posts: 77
|
 Posted:
Sun Aug 26, 2007 3:30 am |
|
I am subscribed in to a programme called Hacker Safe by Scan Alert. They use bots to find exploits on sites and then notify the owners that fixes are required.
As my site was live over night my Scan Alert bot started scanning my site which generated a couple of hundred Abuse emails to me. I am glad to see that sentinel is working but as this scan happens daily is there anyway to stop it generating emails?
I obviously don't want to stop sentinel blocking, neither do I want to turn email notifications of in entirety other I will miss other abuse attempts.
Paul |
| |
|
|
|
fkelly
Former Moderator in Good Standing
Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY
|
| Posted:
Sun Aug 26, 2007 8:17 am |
|
The first thing to do would be to verify exactly what is causing the block in NS. In the blocker configuration you could turn off the admin blocker. That's just one of a number of protections NS gives you and this way you could verify whether that makes the problem go away. If it does you have the option of leaving that off (with the attendant risks that you've noted).
There is only one small section of code in NS that says it explicitly deals with admin protection. And it doesn't look to me that is what's causing your problem. There is another section that deals with XSS exploits and it is more likely your problem lies there. If you are into code hacking look under the comment: //check for XSS attack. You might be able to code an exemption into that if you can confirm what the problem is. Or ditch the tool you are using.
To do any of this you are going to have to capture some "diagnostic" variables as NS is executed so you can isolate the problem. If this isn't your cup of tea you are kind of stuck. |
| |
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Sun Aug 26, 2007 9:44 am |
|
Yeah, you are the first person to even mention this type of service. I don't think it is necessary for your RavenNuke site (way overkill), but that is just my opinion. Unfortunately, what you are asking and what NukeSentinel is doing (its job) are in conflict. I don't know how you could possibly fix it unless you can somehow modify includes/nukesentinel.php (up top) to ignore all the checks for this particular service of yours. However, you would need to be VERY careful and keep in mind that others can SPOOF just about anything with the HTTP Headers (e.g., referrer, user agent, etc...).
Yes, you might be stuck. If so, I would suggest keeping the protection of NukeSentinel and turn off the auto-security check for your domain. |
_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
p17blo
|
| Posted:
Sun Aug 26, 2007 10:12 am |
|
I want to keep the sentinel protection on as if I were to turn it off and a vulnerability were found I would loose my hacker safe certification. This was one of the reasons I finally opted for RN over any other form of Nuke.
I need hacker safe as part of the greater offerings from my site which include handling large sums of money.
What I was essentially asking for was a way to stop notifications being send to me when alerts are generated by certain ip addresses. Just the notification ONLY.
In the mean time I will just set up a rule in my mail client.
Thanks
Paul |
| |
|
|
|
|
fkelly
|
| Posted:
Sun Aug 26, 2007 10:24 am |
|
Others might know better than I, but I would never handle large amounts of money on a shared web server using any version of PHPnuke. I pass that part off to Paypal on my site. Unless you have https running anyone with the right tools in the server factory or really anywhere along the path your data takes can access it easily.
edit: and it really doesn't have anything to do with PHPnuke. If someone can stick a line monitor on and capture your data and it's not encrypted they can figure out account codes, amounts and the like. It just ain't safe. Maybe you do have a dedicated and physical secure server and HTTPs but most of use don't. |
| |
|
|
|
|
p17blo
|
| Posted:
Sun Aug 26, 2007 10:51 am |
|
To clarify, I am not using NUKE for any commercial transactions. Nuke is a migration for me from PHPBB to something that has more than just forum.
The money transactions are handled through SSL on another server but to be Hacker Safe compliant my entire site needs to meet certain criteria.
Paul |
| |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Sun Aug 26, 2007 7:51 pm |
|
If its from one set IP or IP range, you can add those into Sentinel's protected or excluded region |
_________________
- Only registered users can see links on this board! Get registered or login! -
Need help? Only registered users can see links on this board! Get registered or login! |
|
|
|
|
p17blo
|
| Posted:
Mon Aug 27, 2007 1:41 am |
|
| evaders99 wrote: | | If its from one set IP or IP range, you can add those into Sentinel's protected or excluded region |
Yes it is, would adding this into protected or excluded ranges actually stop sentinel's protection or just the notification?
Paul |
| |
|
|
|
|
montego
|
| Posted:
Mon Aug 27, 2007 6:17 am |
|
It would only just allow Hacker Safe process from getting banned. I don't recall if the emails still go out. I think that they might. I hadn't thought of that earlier. Thanks Evaders! |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
