Check sentinel working?

New Member Joined: Aug 19, 2004 Posts: 15

Is there anyway to check whether sentinel is actually working? Currently got sentinel 2.1.2 and phpnuke 7.6.
Thanks

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Logoff from your website, both user and admin. Then type this in your browser url:

http://YOURDOMAIN.com/modules.php?name=Feedback%union%

This assumes that you have set the union protection on. After you are banned you will need to use phpMyAdmin to remove your IP from the nsnst_blocked_ips table. Then, if you are writing to .htaccess, you will have to remove your IP from there too.

Posted: Sun Dec 19, 2004 1:08 pm

Okay... it doesnt seem to be working Sad

. It just says Sorry, this Module isn't active!...

Posted: Sun Dec 19, 2004 2:48 pm

Well, try using a module that is active.

Posted: Sun Dec 19, 2004 5:07 pm

The module is active, I can access it via "feedback.html", however when I add the union tag "feedback.html%union%", it says that the module is inactive... Im guessing it thinks of it as a completely different module ?!?

Thanks.

Posted: Sun Dec 19, 2004 5:23 pm

Try name=Downloads&d_op=viewdownloads&sid=-1/* */UNION/* */

Posted: Sun Dec 19, 2004 5:30 pm

Yay! atlast im banned from my site Very Happy

... actually, im sure not sure if that supposed to be a good thing Razz

.
Thanks for you help Raven!!!!

Worker Joined: Dec 22, 2004 Posts: 135

Hey Raven, I'm running 7.6patched and Sentinel 2.1.2. I tried both scripts from above... here's the scripts and what I get on screen:

http://YOURDOMAIN.com/modules.php?name=Feedback%union%
Sorry, files does not exist...

http://YOURDOMAIN.com/modules.php?name=Downloads&d_op=viewdownloads&sid=-1/* */UNION/* */
this takes me back to index.php

I've run all kinds of scripts and I never get banned, I either get the popup login from .htaccess or "you leave this site now" or "file deos not exist" et. Is this because I'm running 7.6patched or is Sentinel not working correctly?

Posted: Fri Dec 24, 2004 1:45 pm

And you've modified the mainfile.php for NukeSentinel? Are you using any other 'protection' that could be interferring?

Posted: Sun Dec 26, 2004 7:14 pm

Yep, I modified all 3 files that the readme file said (javascript, mainfile, header)

Posted: Thu Dec 30, 2004 11:02 pm

I'm getting the same results. The http://YOURDOMAIN.com/modules.php?name=Feedback%union% also returns Sorry, files does not exist...

The test of modules.php?name=Downloads&d_op=viewdownloads&sid=-1/* */UNION/* */ brought up the banned screen but didn't block my IP - I was still able to login and the blocked_ip list did not contain my IP.

Posted: Thu Dec 30, 2004 11:12 pm

Do you have NukeSentinel configured to block and write your IP? Have you removed all other protection methods - even Chatserv's mainfile and admin code?

Posted: Fri Dec 31, 2004 7:42 am

I fixed mine.... I didn't have "BLOCK" on, only the default page.

Posted: Fri Dec 31, 2004 10:22 am

-I had Protector running but it has been removed.
-Write to .htaccess is ON (mode is 666) in root.
-I get the E-mails but am not blocked.
-I searched for Chatserv's mainfile and admin code but couldn't find it so I assume it isn't there.
-Mods to the three files were made.
PHP version 4.3.10
phpNuke 6.5 release
mysql Ver 8.40 Distrib 4.0.16

Bill Catz

Posted: Fri Dec 31, 2004 10:28 am

Oh yeah, check to make sure that you actualyl have Sentinel configured to DO something. I was sp stupid I thought that installing Sentinel alone was enough, but you have to go into "Sentinel Configuration" and turn on all the blocks. Have you done that?

Posted: Fri Dec 31, 2004 10:36 am

It won't write the ban if you have an admin cookie also if your just using .htaccess as the path try the full server path or vice versa.

Posted: Fri Dec 31, 2004 11:35 am

Yes, every filter is ON to write to .htaccess.
I had a recent attack and received the E-mail
- nothing written to .htaccess
- nothing in the Blocked_IPs list
So, it looks like the write IP function is what's not working. Write E-mail works.
I had the full path to .htaccess but changed it to the web root path. Neither works. I've had two legitimate attacks and received the E-mails saying they were blocked but they were not.

Something that may help...
In the Sentinel Admin menu everything has a link to configure EXCEPT:
IP to Country
Admin Auth List
Scan for New Admins
Database Maintenance

Also, In the NukeSentinel Admin page, where it says You MUST set ALL admin passwords before activating HTTPAuth or CGIAuth!, clicking on "MUST" just returns me to the same page - /admin.php?op=ABAuthList link returns me to /admin.php?op=ABMain

I do not have cgiAuth installed.

Bill Catz

Posted: Fri Dec 31, 2004 3:09 pm

I know you said your .htaccess file had 666 permissions but check again. When I added the code to .htaccess to stop the Sanity worm and other attacks, my update forced my permissions back to 644. Might have been a admin panel thing. I had to change it back to 666 before sentinel could write to it again.

montego

Posted: Fri Dec 31, 2004 4:29 pm

Yeh sometimes ftp can't change the permissions of system files either and you have to do it from the webmin or CPanel whatever the host has provided.

Posted: Fri Dec 31, 2004 4:51 pm

I telneted to the system and verified that all is as it should be (mode=666).
Even if it wasn't, that wouldn't explain why the database isn't being updated also. I can manually enter IPs to block but the scripts do not update the tables.

Bill Catz

p.s. When I manually block an IP, it DOES write to the .htaccess file. So it appears to be when an attack happens, the E-mail is sent and that's all but from the E-mail, I can manually block the IP and then it's in both the database and the .htaccess file.

Hopefully this will help.

Thanks in advance!!!
Bill

Posted: Mon Jan 10, 2005 5:47 pm

I reinstalled Sentinel and everything is now working as before. The E-mail is sent but the IP is NOT blocked. If I manually block the IP, then it gets added to both the database and the .htaccess.

Any ideas?
Thanks in advance

Posted: Mon Jan 10, 2005 8:39 pm

Ok, the easy stuff is out of the way... Sad

You may wish to contact your web hosting company (unless that is YOU of course). I didn't mention this perviously because I had a different problem where Apache wasn't recognizing my Rewrite rules placed in the .htaccess file. After hours of frustration I finally contacted my web hosting company to see if there was something in the configuration stopping this from working. Although Apache was compiled with mod_rewrite module, they had to change some setting to get it to work.

I realize that your issue has nothing to do with Rewrite, but I think you may be down to finding out if they can identify any reason why Sentinel cannot write to .htaccess.

Sorry...
montego

registered · Posted: Mon Jan 10, 2005 9:22 pm

After all of the scans looking for hackable copies of PHPBB recently, I'm happy to say that Sentinel is working over here. Had somethingn like 600 IPs blocked within a 2 day period.

-drmike

New Member Joined: Jan 03, 2005 Posts: 3

BillTheCat wrote:

Also, In the NukeSentinel Admin page, where it says You MUST set ALL admin passwords before activating HTTPAuth or CGIAuth!, clicking on "MUST" just returns me to the same page - /admin.php?op=ABAuthList link returns me to /admin.php?op=ABMain

I am running into the same thing - but in my case, the link on MUST is missing the word "admin" - the URL is http://www.knightrealms.com/.php?op=ABAuthList - which is definatley odd. When I manually type in the word Admin, I get bounced, as Bill does.

I've tried re-uploading the files, in case something failed or died in transfer. I even re-downloaded the tar.gz file to make sure.

I'm not sure if this is related or not, but the links for Admin Auth List, Scan for New Admins, and Database Maintenance are also dead (they aren't links).

Client Joined: Apr 10, 2004 Posts: 649 Location: UK

When I click on the link MUST I get a 404 page lol

Are you sure you're logged in as God, because if not then those links won't be active to check for new Admins.