Check sentinel working?

New Member Joined: Jan 03, 2005 Posts: 3

That's a good question - what designates the "God" account as God? I changed my name (one of my Authors was raised in a Catholic school system, and I don't want to run around with "God" on my site posting...) by just changing the name "God" to my Admin Username in the DB, but now it looks like there is no more God Account in the Author Panel.

registered · Posted: Tue Jan 11, 2005 11:03 am

If your getting links like /.php?op=ABxxxxx then you either have NukeSentinel for 7.6 running on a PHP-Nuke between 6.5 and 7.5 . You will need to get NukeSentinel Universal instead.

Posted: Tue Jan 11, 2005 12:29 pm

I did grab the correct version, the problem was that I had modified the God account so it didn't read "God" any more. Once I put it back, everything started working properly.

That'll teach me to mess with God... Wink

Posted: Thu Jan 27, 2005 9:46 am

There are reasons for the God account Wink

Posted: Thu Feb 03, 2005 5:50 pm

I tried the test using the "name=Downloads&d_op=viewdownloads&sid=-1/* */UNION/* */" code. It was blocked okay as far as I could tell, however, I did find anything in the nuke_nsnst_blocked_ips SQL table. It is totally empty.

Then I realized the stuff in the black page didn't seem accurate. It stated:
You have been blocked from entering this site.

You have attempted a Union attack on this site.

All of the following information has been gathered to assist the webmaster should this need to be report to local or federal officers.

User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Alexa Toolbar)
Remote Address: 68.225.147.125
Client IP: none
Forwarded For: none
Date Blocked: 1969-12-31 18:00:00
Block expires: Permanent

The I.P. Address is mine, no question about it. But look at that date and time. It should have been something like 2005-02-03 16:50:00.

Any ideas what happened????

Posted: Mon Feb 07, 2005 2:44 am

The reason it didn't add you to the blocked ip table is that you are a protected admin. Log out of admin and retry the attack Smile

Just be sure you have phpMyAdmin so you can remove the block Wink

New Member Joined: Feb 14, 2005 Posts: 6

You are getting the http://www.knightrealms.com/.php?op=ABAuthList link because you need to ad the admin file to your config.php. Add this line to your config.php, right after your database settings:

$admin_file = "admin";

that should fix the 404 page too, Muffin.

I am having the same problem as Billthecat. Sentinel emails, but doesn't write the IP to the blocked list in my databse OR my .htaccess file. I manually can add blocked IPs, but Sentinel cannot do it by itself. ANyone have any suggestions?

New Member Joined: Feb 12, 2005 Posts: 2

What does it mean UNION attack or CLIKE attach ?

Posted: Wed Feb 16, 2005 11:50 am

Okay, I finally fixed the BLANK PAGE error when attempting a hack test. I uploaded all new sentinel files including nsnst.php. Ran:

Quote:

http://www.yoursite.com/nsnst.php DESTALL

Then

http://www.yoursite.com/nsnst.php INSTALL NEW

This will remove and rebuild all of the sentinel tables in your MySQL database. After that, it should work fine. It did for me.

Posted: Wed Feb 16, 2005 12:46 pm

Okay, I'm hoping Raven can help me out here.

I am having a non admin do some hack tests on my site. The ADMIN block works. But when I have him run some UNION or C-LIKE tests, all he gets is a blank page with no IP block.

ADMIN, BLOCK, and CLIKE are all set to the same thing. EMAIL, BLOCK & Default Page.

Heres a little more info, When I switch it from "EMAIL, BLOCK, & DEFAULT PAGE" to just "DEFAULT PAGE", he gets the Default Page. So I'm guessing the problem is either in blocking or emailing.

But, since the ADMIN block worked completely, I am steering away from the email problem. So could it be having problems accessing the database tables when using UNION and CLIKE scripts?

I am at a loss and I hope you or someone here can help me out. Thanks...

Posted: Wed Feb 16, 2005 12:54 pm

AZism, Make sure you have it set to BLOCK and not just DEFAULT PAGE. My site gives me that SAME Date when I have it set to just the Default Page.