What to do with Edits_For_Core_Files?

Posted: Tue Nov 20, 2007 4:27 am

Eya all,
Im new here and came here trough Montego's site, thnx for the help again with those Dynamic Titles Cool

But ontopic;
I started to read more about NukeSentinel and decided it might be a good add-on for our forum since our nmbr of visitors/pageviews have increased a considerable amount this last half year. Its a gaming forum so the risk of scriptkiddies is there as well of course.

I downloaded the 2.5.14 full version from NukeCops and noticed that the basic installation is pretty straight forward.

But i cant find a lot about the Edits_For_Core_Files -folder, at least not in the readme. I did read some things about it here on this forum but its still a bit vague.

I know that our forum uses PHPNuke 7.9 but dont know how i can check this; 'plus Patched 3.3' ?

I also dont know what i have to do with those Edits_For_Core_Files?
- Do i need to do them all?
- Do i have to change them before i run the NukeSentinel Install or after?
- Can I mess things up with it? (the db for example)

Changing the Nuke version isnt really an option for me but i dont know if this particular version will cause problems? I red here that people had problems with 8.0 so im a bit cautious.

Some help and info would be very much appreciated Very Happy

Posted: Tue Nov 20, 2007 7:22 am

Patch 3.3. is good.The nsbybass.php is only information about that the location of this file moved so you don´t need to do anything with this file. But you need to edit your files like mainfile.php, Your Account etc. described in the examples Edit For Core Files otherwise your NukeSentinel Installation will not work.
So change this files before you run NukeSentinel.
And backup your old files !

Posted: Tue Nov 20, 2007 8:03 am

Thnx for the reply Smile

Susann wrote:

Patch 3.3. is good.

Hmm.. but like I said, I dont know if i have this installed, how can I check this?

Cause the readme also says; "If you are not using Patched 3.3 you can still use it, but you will need to make several modifications."

but what modifications?

Quote:

But you need to edit your files like mainfile.php, Your Account etc. described in the examples Edit For Core Files otherwise your NukeSentinel Installation will not work.

Aah okay, yes; admin.php, header.php, mainfile.php and then your_account/index7.9.php probably ^^

Quote:

So change this files before you run NukeSentinel.

But wont this cause any problems in the meantime? I mean, do i have to close down the site for a moment so i can install NukeSentinel or doesnt that matter?

And how about uploading the NukeSentinel do i have to do that before i made those core file changes or after?

Quote:

And backup your old files !

Yep, was planning to do that Cool

P.S. sorry if i may sound a bit whiny/naabie but i like to check things twice before making any changes Very Happy

registered · Posted: Tue Nov 20, 2007 8:33 am

Make all your edits offline. We highly recommend you download something like XAMPP, which will allow you to run an apache server and database on your local pc. This will give you a sandbox to play in without fear of messing up your live site. Make your changes in that environment. Once you get it all worked out there you can upload your changed files to your live server.

Posted: Tue Nov 20, 2007 11:37 am

Thought you site is already patched. You can check this in different files like mainfile.php, modules.php and possible config.php

If you don´t have the Patch you need to overwrite your files.This means you ´ll loose your modifications.So like Gremmie said with Xampp you can do this all offline.
You ´ll find the patch for your version at:

http://www.nukeresources.com

You can forget the thought to use NukeSentinel on a non patched site particularly your version because its not recommend to use 7.9.
Yor know already the readme file from NukeSentinel but here again:

"While NukeSentinel(tm) runs with PHP-Nuke 6.6/8.1 it is recommended that you use 7.6
or below due to the many security issues introduced in 7.7-8.1 "

Btw:Don´t forget to activate all blockers.
Good luck !

Posted: Tue Nov 20, 2007 12:30 pm

Thnx both for the replies.

@ Grmmie
Thnx, offline changes is a good tip (I usually edit stuff directly on the server, after making a backup of course) Very Happy

but dont know much about XAMP and setting up a temp. sandbox, I also dont have a lot of free time for it Crying or Very sad

@ Susann
Aah okay, i checked config.php and mainfile.php, couldnt find anything about it in modules.php

config.php:
Nuke Patched 4.0 - Oct. 25, 2005 (almost at the bottom)

mainfile.php:
Additional Security and Code Cleanup for Patched 3.1
Commited by the Nuke Patched Development Team 2005
chatserv, Evaders99, Quake
http://www.nukeresources.com - Download location
http://www.nukefixes.com - Development location
http://sourceforge.net/projects/nukepatched/ - CVS

(in top of the file)

Edit:
And further down, mainfile.php:
// Beta 3 code by Quake 08/19/2005
// Written for Nuke-Evolution and Nuke Patched

Does this mean i'm good to go? Cool

Posted: Tue Nov 20, 2007 4:18 pm

This means your site is patched and I think NukeSentinel will work with this patch version 3.1 I don´t use 7.9 so I haven´t checked this out.
But there is a newer patch for your Nuke version available:

http://www.nukeresources.com/downloadview-details-1082-Nuke_7.9_Patched.html

Its your desicion to use the newest patch or not but I would highly recommend use the newer patch and afterthat check what you have to change for NukeSentinel in the required files we talked above.
When you try it directly online maybe change the robots.txt so that nobody is allowed to spider your site for this time.
I had an accident a time ago with an update while I had spiders on my site.The files of this "accident" get indexed that should normally not happen but who knows this before.

registered · Posted: Wed Nov 21, 2007 6:06 am

warren-the-ape, just wanted to welcome you over here as well and I see that you are being well taken care of. Wink

Posted: Wed Nov 21, 2007 6:49 am

@ Susann
Thnx for the link but I already see that this update will probably cost me a whole day Very Happy

so will see when i have time for it.

And good tip about the robots.txt - when i update i will just lock the entire domain for a while, those bots can then wait for a couple of hours Razz

@ Montego
Ey Montego, thnx for the welcome Cool

Posted: Wed Dec 19, 2007 1:14 pm

Eya guys, just a little kick + update from my side.

I manged to succesfully apply patch 3.3, nothing too hard just needed to stay focussed Wink

And im now busy with those core file edits for NukeSentinel. But while i was busy with the 1st one in admin.php i noticed this part;

Code:




//Uncomment the following lines after setting the site url in the Administration


//global $nukeurl;


//if (!stripos_clone($_SERVER['HTTP_HOST'], $nukeurl)) {


//  die("Access denied");


//}

It is located directly above the part i needed to comment out.
But i guess i can just un-comment this part since the site url is already setted in the administration > preferences, a long long time ago?

You guys know if it can do any harm?

Posted: Wed Dec 19, 2007 5:23 pm

Yeah, go ahead and uncomment that (you can always comment it back out if you run into troubles). I am pretty sure that I have never remembered to uncomment that code... lol.

Posted: Thu Dec 20, 2007 8:04 am

Hmm okay, but i dont want to run into any problems while installing sentinel, will uncomment it afterwards then Wink

But do you know what it does? Cause it looks like some security access prevention but as a phpnewb i can only guess Razz

Posted: Thu Dec 20, 2007 8:19 am

It is checking the Host: header to see if it contains part of your site name. If not it dies. I think it is a feeble attempt to stop people from coming out of nowhere to your admin.php file. It would also block you if you tried to bookmark your admin page, wouldn't it?

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

I highly recommend not using that piece of code at all. Just my $.02 Wink

Posted: Thu Dec 20, 2007 11:57 am

@Gremmie
Aah ke tnx for the info Very Happy

@Raven
Hehehe okay then i will comment it back again, but could you explain why you dont recommend it, is it unsafe? unnecessary?

Posted: Thu Dec 20, 2007 12:04 pm

Unnecessary and has caused unneeded problems on some sites. Just my opinion Wink

Posted: Thu Dec 20, 2007 6:07 pm

warren-the-ape, I thought you said you already had everything set up. Sorry.

Raven, didn't know that. Good to know that I haven't been leaving my site open for anything all these years because I kept forgetting to uncomment it. Laughing

Posted: Fri Dec 21, 2007 5:40 am

@Montego
Ya sorry, should have been more clear about that.
I ment that while i was editting my core files > Offline, i noticed that little part.

But... Hip Hip Hooooraay

NukeSentinel is now installed without any problems whatsoever
So thank you all for your assistance, Thnx Cheers

But the configuration is still a bit vague, especially the 'Blocker Configuration' and the 'IP 2 Country' setup.

- Do i need to change anything in the blocker config or is the standard setup already sufficient?

- With 'import data' i imported to IP2Country but when i clicked on 1 country (think it was afghanistan, 1st one) it just started to refresh a whole lot of times.

Although 'IP to Country' is now active in the administration menu (at first it wasnt), im not sure if i done it correctly Embarassed

Not sure if i need to open a new topic about this?

Posted: Fri Dec 21, 2007 5:58 am

warren-the-ape wrote:

@Montego

But the configuration is still a bit vague, especially the 'Blocker Configuration' and the 'IP 2 Country' setup.

- Do i need to change anything in the blocker config or is the standard setup already sufficient?

- With 'import data' i imported to IP2Country but when i clicked on 1 country (think it was afghanistan, 1st one) it just started to refresh a whole lot of times.

Although 'IP to Country' is now active in the administration menu (at first it wasnt), im not sure if i done it correctly Embarassed

Not sure if i need to open a new topic about this?

No you don´t need to open a new topic. Check the blocker setttings, activate the blocker, use the help icons from NukeSentinel and read about the blocker settings within the forum.Use the search function because this has answered already before 1000 times. Smile

IP2Country is designed that way. You click the first country and it goes automatically until the last country is installed.

Also you don´t need to activate NukeSentinel as modul if you don´t want to show it public.

Check if you edited the Unknow Country to IANA reserved.

Posted: Fri Dec 21, 2007 6:46 am

Susann wrote:

Check the blocker setttings, activate the blocker, use the help icons from NukeSentinel and read about the blocker settings within the forum.Use the search function because this has answered already before 1000 times. Smile

Yep will do probably a little sponaneous lazyness from my side Razz

Quote:

IP2Country is designed that way. You click the first country and it goes automatically until the last country is installed.

Aah ke, i see all countries in there so i guess its good now.

Quote:

Also you don´t need to activate NukeSentinel as modul if you don´t want to show it public.

Never enabled it as module, just have the little side block enabled.

Quote:

Check if you edited the Unknow Country to IANA reserved.

Hmm yah this is something i didnt get either.
Cause there already is a IANA_Reserved.data in the 'Import' folder, must i overwrite it or add the infor from the unknown.data to it?

Posted: Fri Dec 21, 2007 6:56 am

Step 1:

import.txt included in NukeSentinel files.
Step:2 Search for IANA Reserved if you don´t know how to change this.

Posted: Fri Dec 21, 2007 7:03 am

Jah thats the problem that import.txt is pretty vague for a NS beginner like me.

+ Not to mention that some of the readme files miss essential info and are incomplete.

Edit:

Quote:

The "IANA Reserved" is just that,
IP Ranges that have been found to not be assigned to a country. The "Unknown"
is a single entry that is equal to 192.168.0.0 to 192.168.255.255 . On a live
site you should edit it to "IANA Reserved" for proper blocking of that range.

Doesnt make any sense to me Neutral

Edit2:
I noticed this Russian guy when a viewed IP's but it didnt block anything.
Dunno what it is but seems kinda smelly to me Wink

Code:

/modules.php?name=Your_Account&username=extraction of hydrocodone from vicodin of hydrocodone from vicodin&random_num=590624&gfx_check=extraction of hydrocodone from vicodin&op=login&create=Login

Hmm seems just a dumb spambot looking at the gfx check Cool

Posted: Fri Dec 21, 2007 7:27 am

Rereading helps often and the essential information is there I think.
Click in NukeSentinel administration IP2Country there IP2C Range Listing select Unknown and edit it to IANA reserved save it.

"The "Unknown"
is a single entry that is equal to 192.168.0.0 to 192.168.255.255 . On a live
site you should edit it to "IANA Reserved" for proper blocking of that range.
It is listed as "Unknown" for testing on local servers so you are not blocked
from your test server ".
I believe thats clear enough and if you don´t know whats IANA reserved is just search.

Posted: Fri Dec 21, 2007 7:38 am

Aaaah okay, thnx found it and editted it. So it has nothing to do with editting those *.data files?
Can i remove that 'import' folder from my server btw or does it have to stay online?

If they just included this it would have been a lot more helpful for me as a beginner Wink

"Click in NukeSentinel administration IP2Country there IP2C Range Listing select Unknown and edit it to IANA reserved save it."

I also see that '127.0.0.0 to 127.255.255.255' is listed as 'unknown', i guess i can leave this as it is?

Posted: Fri Dec 21, 2007 8:02 am

"You will find an
"IANA Reserved" and an "Unknown" country. The "IANA Reserved" is just that,
IP Ranges that have been found to not be assigned to a country. The "Unknown"
is a pair of entries that are equal to 192.168.0.0 to 192.168.255.255 and
127.0.0.0 to 127.255.255.255." So edit it also.
I had the import folder always online. So I can´t tell you anything about conflicts if you have an empty Import folder with only a .htaccess or later none folder online.