NukeSentinel Explanation of Protection Groups

Client Joined: Apr 10, 2004 Posts: 649 Location: UK

Can someone explain what each of the groups are that Sentinel protects us from

I know Authors are people trying to hack into our sites either via Admin or other ways, and Harvesters are bots that go round sites getting email addresses and things to use for companies to send us spam for their products (I think), but I dont have a clue what the others are or what they do.

Anyone want to educate me please? Thanks.

registered · Posted: Sun Jul 25, 2004 9:29 am

A quick run down:
Admin Blocker: attacks that target the nuke_authors table.
CLIKE Blocker: Comment Like attacks that use / * to inject into your database.
UNION Blocker: Attavcks that use the union command to inject into yoru database.
Filters Blocker: Primarily for XSS attacks.
Harvester Blocker: Blocks the use of selected user agents, like you pointed out bots that harvest email addresses, graphics, and other data they can get to.
Referer Blocker: Block selected sites from referering visitors to yoru site, I person wrote this to block the use of Anonymizers that use porno site as referers.
Scripting Blocker: Blocks the use of many html tags that could be used to breach your site.
Request Method Blocker: Allows you to prevent the use of request methods such as HEAD, SEARCH, but do not use it to block POST or GET since you will crash you site on those two.
String Blocker: Allows a webmaster to block any string that they feel could be hack attempts from the query string.

Posted: Sun Jul 25, 2004 9:30 am

Bob beat me to it lol

Posted: Sun Jul 25, 2004 9:38 am

Posted: Sun Jul 25, 2004 9:50 am

Many thanks I understand now.

So with the Request Method Blocker does that have to be set to ON even tho there is nothing in the text box where you can put request methods, or is it best to leave this switched off?

Thats the one that confuses me the Request Method Blocker lol

Site Admin Joined: Jun 04, 2004 Posts: 6437

I really like the pop-up help in 2.0. Thanks! Why not take the info Bob provided and put similar help for the various settings / group? Beyond that and the existing installation guide and the current help, additional documentation may not be necessary.

Also, (VERY low priority) check the spelling of "strings" in the help text for string list in the String Blocker settings.

Posted: Sun Jul 25, 2004 5:01 pm

kguske

The spelling of strings can be corrected in the /language/sentinel/lang-english.php file. It's on line 119

Code:

define("_AB_HELP_22","22) Enter 1 string per line.<br />Here you may block any <b>String</b> you want.<br />Strings will be matched against the <b>Query String</b> so use caution when blocking strings.");

Just make the changes and save them and you can correct it yourself

Posted: Sun Jul 25, 2004 5:22 pm

kguske wrote:

I really like the pop-up help in 2.0. Thanks! Why not take the info Bob provided and put similar help for the various settings / group? Beyond that and the existing installation guide and the current help, additional documentation may not be necessary.

Also, (VERY low priority) check the spelling of "strings" in the help text for string list in the String Blocker settings.

I have been doing some prelim work on RC 5 and I was planing on adding the mouseovers to the admin menu to help clairify what each link is for.

Posted: Sun Jul 25, 2004 5:44 pm

Its a lot of work but it sure makes for a great help hints system!

Posted: Sun Jul 25, 2004 6:18 pm

The mouseover idea is great, especially for people with poor memories like myself lol

There's so much to learn and remember.

registered · Regular Joined: May 03, 2004 Posts: 62 Location: USA

BobMarion wrote:

Request Method Blocker: Allows you to prevent the use of request methods such as HEAD, SEARCH, but do not use it to block POST or GET since you will crash you site on those two.

Hi Bob,

I really appreciate your work and the help you provide.

The comment above got my interest, since I still have the Protector on my site. I am probably going to remove it to cut down on the resources used, since Sentinel 2 seems to provide everything that Protector had that Sentinel 1.2 didn't yet have.

But my question is about the blocking POST and GET methods. I had that enabled through Protector. Now I'm curious if I may have set myself up for crashes by doing so.

Is this a "standard" risk or something that is specific to settings in Sentinel?

Thanks much.

Posted: Sun Jul 25, 2004 7:05 pm

In NukeSentinel(tm) blocking POST or GET will trigger the IP being blocked if you have it set for that. This means that 90% of your site traffic that uses one of your forms would be blocked from coming back and in certian cases it will put your site into and endless loop of POST or GET triggering the blocker. This is primarily for Protected admins as anyone else would only be able to trigger the blocker once.

Client Joined: Jan 29, 2004 Posts: 624

What I'd like is an explanation of the admin auth setting. I turned this on, thinking there'd be no problem, but the Sentinel admin doesn't accept the password I have for admin auth... it appears I'm now locked out of both the Sentinel admin and my site admin. Sad

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Try using your nuke admin id and password the first time.

Posted: Tue Jul 27, 2004 3:22 pm

I did. The thing is my nuke admin password is different from my admin auth password, and Sentinel expects the admin auth one. When I click the admin.php shortcut the admin auth window opens and I enter the admin auth md5 password and after three tries it's Get out of here! No access to the nuke admin area or Sentinel admin.

Posted: Tue Jul 27, 2004 3:36 pm

Make sure that you have disabled my old http auth hack if you were using it. Then, Sentinel should be defaulting to your nuke admin id/pass. After you get in then you can change the Sentinel id/pass and that will not affect your nuke admin/pass.

Posted: Tue Jul 27, 2004 3:50 pm

Ok... now how to disable the admin auth? The 'old' one that is.

Posted: Tue Jul 27, 2004 4:11 pm

OK, turned off admin auth, 'old' one, and now I can access my nuke admin and the Sentinel admin... so I turned off the admin auth setting for now. I kind of like your 'old' admin auth so I'm going to keep using it. Smile

Posted: Tue Jul 27, 2004 4:36 pm

I'm confused. To turn off my other one you comment out the 2 lines in auth.php. That's all you need to do. It is the same script, just administered in another way. But, do what makes you happy Smile

Posted: Tue Jul 27, 2004 5:38 pm

You're confused? What's that make me?! Smile

As soon as I figure out the admin http auth in Sentinel I'll use it but for now I'm going to continue to use your 'old' admin auth scripts. I commented out those lines in admin.php so I could access my nuke admin. I thot the admin auth in Sentinel is the same as the 'old' admin auth but it seems it's different- it uses my nuke admin name and password, not the md5 password in the 'old' admin auth scripts.

Posted: Tue Jul 27, 2004 6:31 pm

Raven wrote:

Make sure that you have disabled my old http auth hack if you were using it. Then, Sentinel should be defaulting to your nuke admin id/pass. After you get in then you can change the Sentinel id/pass and that will not affect your nuke admin/pass.

You have to set it up the first time. Select the List Admins and then Click on the admin name and then change the http auth id and password.

Posted: Tue Jul 27, 2004 7:32 pm

And once you update the admin HTTP Auth login and password it will email it to them so you don't have to yourself Smile

Posted: Tue Jul 27, 2004 8:39 pm

That's great, peeps. I'll do it first thing this time. I just had to turn off the 'old' admin auth so I could even get into my nuke admin. Everything is fine now, I just ran into a security feature that works as you intended. Smile

At least I didn't ban myself from the whole site this time.

New Member Joined: Dec 23, 2004 Posts: 9

When you use CGIAuth Setup it gives you a script to place in your .HTACCESS file.

There is a line

Code:

AuthName "Restricted by NukeSentinel(tm)"

I had to change mine to

Code:

AuthName "my admin.php login name"

Before it never worked properly........Before I did this all i got was three attempts to log in then a 401 error.

By the way.........I am totally confused about setting up PC Killer.

Think I'll just give up Sad

Posted: Thu Dec 23, 2004 12:26 pm

You went through the trouble to register here, then post this message, but you're not going to try to resolve this problem? That's really unfortunate, because admin authentication is critical to securing your PHP-Nuke site.

Using PC Killer isn't critical, so let's focus on the authentication. The AuthName is just text that describe why you're entering a user ID and password. I'm pretty sure changing that had nothing to do with the success or failure of your effort.

CGIAdminAuth provides server-level security on Apache servers only for your admin.php file. It does this using the .htaccess file and an authentication file (NukeSentinel calls it .staccess). Once you go through that level of security, you must go through the PHP-Nuke security.

Since it prompted you for a user ID and password (i.e. your htaccess is probably configured correctly) and you did not make it through the admin security, It sounds like there may be a problem with the authentication file. Several things could cause what you're describing. Among others, these come to mind:

the .staccess file isn't where it's defined in htaccess
the password in .staccess isn't encrypted
the user id and / or password is different that what you're entering

How did you create / update htaccess and staccess? If you post either or both, please remove the sensitive info (your root directory, user ID, encrypted or unencrypted passwords, etc.).