Problem after update NS v2.6.01 + IP2Country2008-09-0 EDITED

Worker Joined: May 26, 2006 Posts: 153

I have just updated my RavenNuke 2.20.01 websites and have had some problems (I was going to wait untill v2.30 was released but one of the users was getting banned for no reason and I couldn't find the IP in any table or .htaccess files).

First a number of the modules didn't install properly and left black screens, most of these have now been sorted I think after resorting to the full install (not upgrade). The IP2Country updates don't seem to have worked properly from the installer, as before you had feedback that something was happening, nothing this time and a lot of unknown countries now in the database.

I have also had to turn of the string blocker as each time I turn it on and try to change content on the website I get the following message (The IP address doesn't get written to database of .htaccess file).

-------------------------------------------------------------------

You have been blocked from entering this site.

You have attempted a String attack on this site.

All of the following information has been gathered to assist the webmaster should this need to be reported to local or federal law enforcement.

If you think this is a mistake you can contact the site webmaster at admin(at)*****(dot)**(dot)**.

Be SURE to include the following information in any email!
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 (.NET CLR 3.5.30729)
Query String:
GET String:
POST String: title=Clubs ((edited) removed html page text from this message)
Remote Address: 87.115.*.* (edited)
Client IP: none
Forwarded For: none
Date Blocked: 2008-09-07 @ 17:56:32 BST GMT +0100
Block expires: Unknown
PLEASE: bear in mind that even if you have done nothing wrong, you may be getting this page due to someone's misuse of the site in your ip range

---------------------------------------------------------------------------

Any pointers?

John

registered · Posted: Sun Sep 07, 2008 4:53 pm

Probably the string blocker is the same as being blocked on this site. We really need to see the POST String that you editted out. Just put it as a .txt file and link us to it so we can few the entire message

Posted: Mon Sep 08, 2008 3:08 pm

evaders99 wrote:

Probably the string blocker is the same as being blocked on this site. We really need to see the POST String that you editted out. Just put it as a .txt file and link us to it so we can few the entire message

Have just sent the POST string as a PM to you.

John

Posted: Mon Sep 08, 2008 3:17 pm

No sure if this is related but I also have someone getting the following error message, but only from work on IE. Have asked them to do the usual cookie and browser cashe clear and restart. No change and again there is no sign of the IP addresses in the database or .htaccess file.

You have been blocked from entering this site.

You have attempted to improperly access the admin area of this site.

All of the following information has been gathered to assist the webmaster should this need to be reported to local or federal law enforcement.

If you think this is a mistake you can contact the site webmaster at admin(at)zenjudo(dot)co(dot)uk.

Be SURE to include the following information in any email!
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.1; .NET CLR 3.0.04506.648)
Remote Address: 81.145.*.*
Client IP: none
Forwarded For: 10.226.*.*
Date Blocked: __TIMEDATE__
Block expires: __DATEEXPIRES__

John

Posted: Mon Sep 08, 2008 3:58 pm

j4rdin - if he is trying to access the admin area and gets this message then the IP would not appear in the database or htaccess
Is your NS and IP2C information up to date?

Posted: Mon Sep 08, 2008 7:34 pm

I can't seem to get any blocked pages with what you sent me. Or are those "ody2" classes supposed to represent "body2"

Basically anything that can't be posted here because of NukeSentinel could be the same issue. So a .txt file with exactly what it outputted is better.

Posted: Tue Sep 09, 2008 10:17 am

Guardian2003 wrote:

j4rdin - if he is trying to access the admin area and gets this message then the IP would not appear in the database or htaccess
Is your NS and IP2C information up to date?

Using latest RN and NS v2.6.01 and IP2Country_2008-09-0. But not entirely sure that the IP2Country files have uploaded correctly. The problems don't seem to occur on my other site which I upgraded after this one. Have just upgraded Beyond Compare to v3 and will try running it to see what the differences are between the two sites.

Posted: Tue Sep 09, 2008 11:43 am

evaders99 wrote:

I can't seem to get any blocked pages with what you sent me. Or are those "ody2" classes supposed to represent "body2"

Basically anything that can't be posted here because of NukeSentinel could be the same issue. So a .txt file with exactly what it outputted is better.

Yes the "ody2" classes seem to be a hang over from the original page which was linked to a style sheet and should have been "body2". Both of these pages had been put together in Dreamweaver for a straight html website and have then been included when the site was brought over to RavenNuke.

I have just checked the original page that generated the errors and it doesn't include any classes or links to that style sheet. I have included the full text in this post and checked it will PREVIEW ok, have now sent the complete POST text to you as PM.

NukeSentinel(tm)
You have been blocked from entering this site.

You have attempted a String attack on this site.

All of the following information has been gathered to assist the webmaster should this need to be reported to local or federal law enforcement.

If you think this is a mistake you can contact the site webmaster at admin(at)zenjudo(dot)co(dot)uk.

Be SURE to include the following information in any email!
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 (.NET CLR 3.5.30729)
Query String:
GET String:
POST String: title=Zen Judo Clubs Page&cid=7&subtitle=&page_header=<hr width=\"100%\" size=\"2\" /> <h4> </h4> <h4>This Clubs list contains information and contact details for clubs with links to the Zen Judo Family or British Zen Judo Family Association.</h4> <hr width=\"100%\" size=\"2\" />&text=<table width=\"598\" cellspacing=\"0\" cellpadding=\"4\">  <tbody> <tr> <td width=\"588\"> </td> </tr>

(EDITED BY SENDER - HAVE PM FULL TEXT TO YOU)

<hr /> </td> </tr> </tbody> </table>&page_footer=&signature=&clanguage=english&active=1&pid=3&op=content_save_edit
Remote Address: 87.112.*.*
Client IP: none
Forwarded For: none
Date Blocked: 2008-09-09 @ 18:28:17 BST GMT +0100
Block expires: Unknown
PLEASE: bear in mind that even if you have done nothing wrong, you may be getting this page due to someone's misuse of the site in your ip range
NukeSentinel(tm) 2.6.01 by: NukeScripts.net

--------------------------------------------------------------------
EDITED BY j4rdin -----------------------------------------------
---------------------------------------------------------------------
Have just found these orphan files in my Nuke folder, which don't seem to be in the full NukeSentinel package, should they now be deleted from the website and could they be causing some of the problems:-

admin/modules/nukesentinel/ABAuthListScan.php
admin/modules/nukesentinel/ABBlockedIP.php
admin/modules/nukesentinel/ABBlockedOverlapCheck.php
admin/modules/nukesentinel/ABBlockedRange.php
admin/modules/nukesentinel/ABDBDownload.php
admin/modules/nukesentinel/ABDBDownloadDelete.php
admin/modules/nukesentinel/ABDBDownloadGet.php
admin/modules/nukesentinel/ABDBMaintence.php
admin/modules/nukesentinel/ABImport.php
admin/modules/nukesentinel/ABImportBlockedRange.php
admin/modules/nukesentinel/ABImportIP2Country.php
admin/modules/nukesentinel/ABIP2Country.php
admin/modules/nukesentinel/ABPrintBlockedIP.php
admin/modules/nukesentinel/ABPrintBlockedIPView.php
admin/modules/nukesentinel/ABPrintBlockedRange.php
admin/modules/nukesentinel/ABPrintBlockedRangeView.php
admin/modules/nukesentinel/ABPrintExcludedList.php
admin/modules/nukesentinel/ABPrintExcludedView.php
admin/modules/nukesentinel/ABPrintProtectedList.php
admin/modules/nukesentinel/ABPrintProtectedView.php
admin/modules/nukesentinel/ABPrintTracked.php
admin/modules/nukesentinel/ABPrintTrackedAgents.php
admin/modules/nukesentinel/ABPrintTrackedAgentsPages.php
admin/modules/nukesentinel/ABPrintTrackedPages.php
admin/modules/nukesentinel/ABPrintTrackedRefers.php
admin/modules/nukesentinel/ABPrintTrackedRefersPages.php
admin/modules/nukesentinel/ABPrintTrackedUsers.php
admin/modules/nukesentinel/ABPrintTrackedUsersPages.php
admin/modules/nukesentinel/ABSearchResults.php
admin/modules/nukesentinel/ABTracked.php
admin/modules/nukesentinel/ABTrackedAgents.php
admin/modules/nukesentinel/ABTrackedDeleteUser.php
admin/modules/nukesentinel/ABTrackedDeleteUserIP.php
admin/modules/nukesentinel/ABTrackedRefers.php
admin/modules/nukesentinel/ABTrackedUsers.php

Posted: Tue Sep 09, 2008 4:35 pm

Ok have deleted the files above and un-installed and re-installed NukeSentinel and the IP2Country files and the string blocker seems to be working on both sites now.

The IP2Country installer on the full Nuke version doesn't seem to work properly as it gives no feedback when each file has been loaded, so just worked through each one in turn.

I still seem to have blank screens returned when trying to use the "Clear Expired Blocked IP's" and "Clear Expired Blocked Ranges" menu's, but can't find what is missing from the download v website. I assume that the download might be corrupted in some way, as this will be the third time of un-installing and installing Nuke.

Posted: Tue Sep 09, 2008 7:37 pm

With Javascript on, the Import IP2Country will cycle through each one until it finishes at the end. Let it go Smile