| Author |
Message |
kradsith
New Member
Joined: Mar 02, 2005
Posts: 2
|
 Posted:
Wed Mar 02, 2005 7:31 am |
|
I am having a problem with getting sentinel to block referers.
Write to .htaccess "ON"
Path is correct to .htaccess
I have tested my site with the "union" test and it blocks it perfectly both with sentinel and the .htaccess.
all files have been chmod'd correctly... as well as completed reinstall by dropping tables and re-uploading source.
I am using the CGIauth with the .staccess and all is fine with that part.
Has anyone ran into something like this before?
Cheers,
Henry
Phpnuke Platinum 7.6
Autotheme 1.7
Sentinel 2.1.3
Hosted by Lunarpages.com |
| |
|
|
|
JohnGotti
New Member
Joined: Mar 04, 2005
Posts: 8
|
| Posted:
Fri Mar 04, 2005 8:41 pm |
|
I'm having a similar problem... I have the following referers that I cant seem to block:
1. book.skip.pl 4
2. am.kylos.net 3
3. books.livenet.pl 3
4. book.kylos.pl 2
I've blocked these sites through UNC, and through IP, but they keep coming back! I'm using Nuke 7.5.
Any help is GREATLY appreciated!  |
| |
|
|
|
|
BobMarion
Former Admin in Good Standing
Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)
|
| Posted:
Fri Mar 04, 2005 11:29 pm |
|
Goto NukeSentinel "Configuration". From the resulting menu select "Referer Blocker". Turn it on and set it to write to the .htaccess file. Now goto the text box and add those domains. Click the save button and from then one anyone coming to the site from one of those domains will automatically be banned by ip. |
_________________
Bob Marion
Codito Ergo Sum
Only registered users can see links on this board! Get registered or login! |
|
 
|
|
Holbrookau
Hangin' Around
Joined: Jun 25, 2004
Posts: 32
|
| Posted:
Sat Mar 05, 2005 12:19 am |
|
I hate to tell you this Bob but I have the same referers (plus some others) as JohnGotti not being blocked and have Sentinel (2.13 on 7.4) set up as you describe. All the offending URLs lead to the same page. |
| |
|
|
|
|
JohnGotti
|
| Posted:
Sat Mar 05, 2005 7:31 am |
|
Agreed... All my other referers are being blocked in the manner in which they are suppose to.. For some reason, the sites I listed above, all point back to the same place, and yet they seem to get around the block list.
As I said before, I have blocked them through both URL and IP address, and have been unsuccessfull.  |
| |
|
|
|
|
kradsith
|
| Posted:
Sat Mar 05, 2005 7:32 am |
|
I thought it was something to do with my web host at first... but the odd thing is the "union" test works and the .htaccess is updated to ban my ip. but anything that is added to the referers list does not.
I noticed that nothing is added to the .htaccess at all for referers. Just Strange.
I figure if one part works so should the other.
Cheers, |
| |
|
|
|
|
64bitguy
The Mouse Is Extension Of Arm
Joined: Mar 06, 2004
Posts: 1164
|
| Posted:
Sat Mar 05, 2005 7:51 am |
|
I'm wondering (as the provided examples are 3 octet listings) if the referrers blocker is able to distinguish subdomains in scanning? Just a thought. |
_________________
Steph Benoit
100% Section 508 and W3C HTML5 and CSS Compliant (Truly) Code, because I love compliance. |
|
|
|
|
JohnGotti
|
| Posted:
Sat Mar 05, 2005 9:07 am |
|
| 64bitguy wrote: | | I'm wondering (as the provided examples are 3 octet listings) if the referrers blocker is able to distinguish subdomains in scanning? Just a thought. |
Thats a good possibility... But shouldn't the IP be enough as well? Both are listed ( URL and IP ). |
| |
|
|
|
|
2McAbre
New Member
Joined: Feb 16, 2005
Posts: 20
|
| Posted:
Sun Mar 06, 2005 10:01 am |
|
Well I would suggest doing what my pals and I have been doing with our affectionately name Apache Fatwah.
We simply block the entire range of IPs by using the CIDR as opposed to simply the resolved individual IP.
Try adding the following lines to your .htaccess fileā¦ See if it stops them. If not then its possible the referrers are originating from various visitors. IE they are located on an offending page, then use a bookmark or type in your sites URL. They will generate a referrer from their IP, which can also generate a referrer from the offending site "through" their IP.
We've been seeing this a lot, especially of machines that are infected with some sort of malware or another.
deny from 66.199.224.0/19
deny from 67.18.0.0/15
deny from 69.93.0.0/16
Our Apache Fatwah is "Hard Core" in that we show no mercy to the ISP hosting the offenders. By blocking the entire range if the ISP periodically reassigns IP's (dynamic) then the IP's can change to any available in that range.
The risk of blocking an "Actual" legitimate person from that range is minimal.
I can attest though that this quite effectively blocks them, and you will see a growth in the hits on your 403 page in your logs! |
| |
|
|
|
|
BobMarion
|
| Posted:
Sun Mar 06, 2005 2:37 pm |
|
Let me make sure I understand correctly, part of the referers list is getting blocked but the another part isn't?
Are you blocking by www.xxxxx.xxx or by xxxxx.xxx? The latter is the best way as it will match against subdomains as well.
You have the referer Blocker set to Block, Email, and Forward or Block, Email, and Default Page? |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
