Union Protection 2.0.0 and 2.0.1

Posted: Sat Aug 07, 2004 10:25 pm

Hi Folks

I'm still unable to get sentinal to provide Union protection. Reverts to "Off" regardless of what I set it at.

Also, I'm uncertain why I'm still getting failures in creation.

Quote:

- Create nuke_nsnst_admins succeded
- Import into nuke_nsnst_admins succeeded
- Create nuke_nsnst_blockers succeded
- Add field nuke_nsnst_blockers succeded
- Add field nuke_nsnst_blockers failed
- Add field nuke_nsnst_blockers succeded
- Add field nuke_nsnst_blockers succeded
- Add field nuke_nsnst_blockers succeded
- Add field nuke_nsnst_blockers succeded
- Add field nuke_nsnst_blockers failed
- Add field nuke_nsnst_blockers succeded
- Add field nuke_nsnst_blockers succeded
- Add field nuke_nsnst_blockers succeded
- Create nuke_nsnst_ips succeded
- Create nuke_nsnst_config succeded
- Add field nuke_nsnst_config succeded
- Add field nuke_nsnst_config succeded
- Add field nuke_nsnst_config succeded
- Add field nuke_nsnst_config succeded
- Add field nuke_nsnst_config succeded
- Add field nuke_nsnst_config succeded
- Add field nuke_nsnst_config succeded
- Add field nuke_nsnst_config succeded
- Add field nuke_nsnst_config succeded
- Add field nuke_nsnst_config succeded
- Add field nuke_nsnst_config succeded
- Add field nuke_nsnst_config succeded
- Add field nuke_nsnst_config succeded
- Add field nuke_nsnst_config succeded
- Add field nuke_nsnst_config succeded
- Add field nuke_nsnst_config succeded
- Add field nuke_nsnst_config succeded
- Add field nuke_nsnst_config succeded
- Adjust Order nuke_nsnst_config succeded

--------------------------------------------------------------------------------
Operation Complete!
Goto NukeSentinel™ Config

While I'm not told exactly what fields are succeeding, (all the same name) I think someone probably knows what's going wrong.

"Succeeded" for the next language file. Smile

Ideas?

Posted: Sat Aug 07, 2004 11:30 pm

64bitguy,

From the nsnst.sql file, I can see that it created the admins table and the blockers table. Then it tries to insert the following:

Code:

INSERT INTO nuke_nsnst_blockers VALUES (0, 'other', 0, 0, 0, '', 'Abuse-Other',


INSERT INTO nuke_nsnst_blockers VALUES (1, 'union', 0, 0, 0, '', 'Abuse-Union',


INSERT INTO nuke_nsnst_blockers VALUES (2, 'clike', 0, 0, 0, '', 'Abuse-CLike',


INSERT INTO nuke_nsnst_blockers VALUES (3, 'harvester', 1, 3, 1, '', 'Abuse-Harvest',


INSERT INTO nuke_nsnst_blockers VALUES (4, 'script', 0, 0, 0, '', 'Abuse-Script',


INSERT INTO nuke_nsnst_blockers VALUES (5, 'author', 0, 0, 0, '', 'Abuse-Author',


INSERT INTO nuke_nsnst_blockers VALUES (6, 'referer', 0, 0, 0, '', 'Abuse-Referer',


INSERT INTO nuke_nsnst_blockers VALUES (7, 'filter', 0, 0, 0, '', 'Abuse-Filter',


INSERT INTO nuke_nsnst_blockers VALUES (8, 'request', 0, 0, 0, '', 'Abuse-Request',


INSERT INTO nuke_nsnst_blockers VALUES (9, 'string', 0, 0, 0, '', 'Abuse-String',

NOTE - the above lines were edited and don't show the whole line

So it shows 'Abuse-Union' and 'Abuse-Referer' failed.

We had a similar situation on my sons website. I would use the nsnst.php and uninstall NukeSentinel™. Then run the file again and reinstall it.

Post here and let us know if it worked the second time

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Manually delete this table
nuke_nsnst_blockers

Then run the sql manually from the sql file with the 2.0.1 download to create the table.

Posted: Sun Aug 08, 2004 12:18 am

hmmmmm

I went ahead and deleted nuke_nsnst_blockers

THen I rean a manual query of the SQL file included with 2.0.1 and got this:

Quote:

Error

SQL-query :

CREATE TABLE nuke_nsnst_admins(

aid varchar( 25 ) NOT NULL default '',
login varchar( 25 ) NOT NULL default '',
passwd varchar( 40 ) NOT NULL default '',
protected tinyint( 2 ) NOT NULL default '0',
PRIMARY KEY ( aid )
)

MySQL said:

#1050 - Table 'nuke_nsnst_admins' already exists

Seems like it's all gone to heck now. Not sure what is going on yet...

UPDATE:

I went ahead and manually dropped all of the nuke_nsnst tables.
I then manaully loaded the 2.0.1 .sql script.

This is what I got:

Edited by Admin - text too wide - It appeared to be a successful load.

Posted: Sun Aug 08, 2004 12:22 am

Uh, you ran the wrong sql Smack

Run blockers, not admins. Be sure to do the inserts also.

Posted: Sun Aug 08, 2004 12:34 am

Same problems still exist as mentioned in the original post. I do however see referrer data even though I can't enable it. (See the modified post above for my manual SQL reload of the nuke_nsnst tables.

Also note that I DID delete blockers and NOT admins; however, the SQL code apparently didn't care about that.. Smile

The only solution was to drop all of the tables.

Next, I wanted to point out that maybe there should be a Sentinal 2.0.1 ICON (for the admin screen).

The inside does say 2.0.1

Posted: Sun Aug 08, 2004 12:52 am

The admin image was made available earlier today (see download block) and was added to the full download http://www.ravenphpscripts.com/article-447--0-0.html a bit ago.

What I was trying to tell you was that you deleted the blockers table but ran sql for admins.

Posted: Sun Aug 08, 2004 1:19 am

Yeah... I know what you are saying but after dropping that table, as I only have the SQL as 1 file (nsnst.sql), when I ran it (given that admin is the first table created), I'm assuming that since it existed that is where my problems came in to get the reported error.

Anyway, after dropping all of the tables and running it, it produced the output that I cut and pasted above. Does anything look wrong in there?

I re-downloaded 2.0.1 and got the image but someone's been fudging the math on the datestamp since I download 2.0.1 with the old ICON at 6:18PM EST here tonight. Smile

Happy to get the new ICON regardless.

Thanks for the update... I'm hoping the only change was the ICON. Smile

Any ideas on where I'm going south regarding Union / Referrer?

Should I have edited ANYTHING in the nsnst.sql file?

My browse of the table reveals this:

Quote:

blocker block_name activate block_type email_lookup forward reason template duration htaccess list
0 other 0 0 0 Abuse-Other abuse_default.tpl 0 0
1 union 0 0 0 Abuse-Union abuse_union.tpl 0 0
2 clike 4 0 0 http://www.fbi.gov Abuse-CLike abuse_clike.tpl 0 1
3 harvester 2 3 0 http://www.fbi.gov Abuse-Harvest abuse_harvester.tpl 0 1 @yahoo.com
alexibot
alligator
anonymiz
asteria...
4 script 5 0 0 Abuse-Script abuse_script.tpl 0 0
5 author 4 0 0 http://www.fbi.gov Abuse-Author abuse_author.tpl 0 1
6 referer 0 0 0 Abuse-Referer abuse_referer.tpl 0 0 121hr.com
1st-call.net
1stcool.com
5000n.com
6...
7 filter 4 0 0 http://www.fbi.gov Abuse-Filter abuse_filter.tpl 0 0
8 request 3 0 0 Abuse-Request abuse_request.tpl 0 0
9 string 3 0 0 Abuse-String abuse_string.tpl 0 0

Posted: Sun Aug 08, 2004 7:46 am

Finally, I have resorted to turning Hack Alert back on to protect me from Union attempts.

This is what my mainfile.php looks like now (less the comments):

Code:




<?php 


include("includes/sentinel.php"); 





$queryString = strtolower($_SERVER['QUERY_STRING']); 


if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($querystring,'c2nyaxb0')) { 


   header("Location: hackattempt.php?$queryString"); 


   die(); 


} 


$phpver = phpversion();

Is that Okay? (versus the old way?)

Posted: Sun Aug 08, 2004 8:22 am

There was no fudging of the datestamp. We don't do that nor would we. The image was added to the distribution around 1:24am today, regardless of what the date is on the file. I was suggesting NOT that you run the entire sql file, but only the sql for the blockers table that you dropped. The reason you are receiving all the errors is that the other tables already exist.

Now, as to why you are not able to install this, I don't know. Seriously, we have had no reports at all of anyone not being able to install it. I would recommend deleting all the Sentinel tables. Then reupload all the 2.0.1 files. Then, log in as a God admin and run the nsnst.php installation files. Make sure you make the manual file modifications in the README. That should install it. I am also modifying your post above because it's stretching this forum into my back yard Laughing

Posted: Sun Aug 08, 2004 9:11 am

So if I am still running Sentinel 1.2.0 ... what is my best course of action? Delete it completely and installing 2.0.1? If I do, what do I do to carry over the current bans and ensure they will be carried over? Or is there a good working upgrade script from 1.2.0 to 2.0.1? Thanks in advance....

Posted: Sun Aug 08, 2004 10:15 am

Replace all files and run the nsnst.php upgrade script. Should work just fine. I have no explanation for wht 64bit has experienced. I have used the upgrade scripts all along, as have hundreds of others without any incident.

Posted: Sat Aug 21, 2004 1:28 pm

Well... I have no idea where things went awry, but after 2 weeks of frustrating nights I decided the best way to attack the problem was start doing some updates.

Over the past few days I've updated my site from 7.0 to 7.4 continuously running into the same problem as described above.

Today, I reloaded the "Virgin" 7.4 and then followed that up immediately with the Chatserv updates..... and... VOILA!

Now note that I did not reload the database tables, nor did I ever successfully get a load (always got the error messages above). What I did do is go into the database (yesterday) and manually update the fields for the referrers and Union protection. This of course did nothing to affect how Sentinal worked as (until today) when I would return to the maintenance menu it would show those two features as "Off" or non-functioning if you will.

Today, after the Virgin and Chatserv 7.4 uploads, when I returned to the Sentinal configuration menu it showed those features as enabled (using the manual settings that I implemented in myPHP)... SO THIS IS A FIRST!

I'm now going to dive back in and remove my Raven's Hack Alert scripts and can hopefully conduct further testing today. I intend on also uninstalling Sentinal and attempting a reload just to see if it will actually install the way it does for everyone else (after all, my site is customized, but it's not THAT customized!)....

Thanks for your everyones attempts to help resolve this frustrating problem! It seems that maybe, just maybe, something in the nuke files got messed up just enough to prevent Sentinal from doing what it should. I have no idea WHAT that was, but apparently, uploading new files, updating and patching may have finally laid it to rest!

Again THANKS ALL!

Posted: Sat Aug 21, 2004 10:34 pm

We're seeing some issues where people believe they uploaded updated files and either the ftp client didn't force over writes and some of the old files were causing issues. I've gotten into the practice of deleting the system files manually prior to uploading the new ones. Its a time consuming pain in the rear but makes sure the files are really the ones I want up loaded.

New Member Joined: Oct 25, 2003 Posts: 19

I had a problem with this too, using PHPNuke 6.9 and the latest Sentine 211, it took a while to figure out the problem - deinstalling the tables, reinstalling, removing the files, reuploading but no luck.

I couldn't update the Union Blocker settings no matter how many times I changed the settings it still kept coming back to "Off" even when doing it via PHPMYadmin. This was for both Union and Referrer blockers.

In the end I tracked it down to something in the db/mysql.php file which I must have modified for some reason - maybe fortress???

I'd got this around line 101...

Code:

      // Remove any pre-existing queries


      unset($this->query_result);


      if($query != "" AND !stristr($query, "UNION"))

I just took a fresh copy of the file and uploaded it which seems to have done the trick.

Hope this helps, it took me a while but I'm glad I persevered.

Worker Joined: Aug 06, 2004 Posts: 192

I had this problem too. What it does is changes the word union from going into the database by changing the 'o' in union to '0'(number zero).

Involved Joined: Dec 28, 2003 Posts: 276 Location: Israel

johnnycard wrote:

I had a problem with this too, using PHPNuke 6.9 and the latest Sentine 211, it took a while to figure out the problem - deinstalling the tables, reinstalling, removing the files, reuploading but no luck.

I couldn't update the Union Blocker settings no matter how many times I changed the settings it still kept coming back to "Off" even when doing it via PHPMYadmin. This was for both Union and Referrer blockers.

In the end I tracked it down to something in the db/mysql.php file which I must have modified for some reason - maybe fortress???

I'd got this around line 101...

Code:

      // Remove any pre-existing queries


      unset($this->query_result);


      if($query != "" AND !stristr($query, "UNION"))

I just took a fresh copy of the file and uploaded it which seems to have done the trick.

Hope this helps, it took me a while but I'm glad I persevered.

This is my exact same problem, and I was so sure replacing the mysql.php will fix the problem...
Unfortunately, it didn't Sad

Is there any other place it dissallow union and referer blockers?

Posted: Wed May 11, 2005 4:34 pm

If you are unable to change the settings in NukeSentinel, then it sounds like the tables are not installed correctly. Delete all the tables and rerun nsnst.php.