| Author |
Message |
azism
Worker
Joined: Feb 02, 2005
Posts: 145
Location: Tucson, AZ
|
 Posted:
Thu Mar 02, 2006 7:25 pm |
|
I have a user who sent me the following blocking messagte:
| Quote: |
You have been blocked from entering this site.
You have attempted an unknown attack on this site.
All of the following information has been gathered to assist the webmaster should this need to be reported to local or federal law enforcement.
If you think this is a mistake you can contact the site webmaster at admin(at)ti99ers(dot)org.
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Remote Address: 212.205.167.226
Client IP: none
Forwarded For: none
Date Blocked: 2006-03-02 @ 02:53:36 EST GMT -0500
Block expires: Permanent
|
The only thing is that I can't find anyplace where this IP address is blocked. Any idea what I should be looking for. He is a legitimate user, so I would like to fix this. |
_________________
Webmaster
TI99ers On-Line User Group
http://www.ti99ers.org/ |
|
  
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Thu Mar 02, 2006 10:50 pm |
|
Look in your blocker configuration settings when you only send email and defauly page. |
| |
|
|
|
|
southern
Client
Joined: Jan 29, 2004
Posts: 624
|
| Posted:
Mon Apr 24, 2006 1:19 pm |
|
I'm too lazy to start a new topic 
I've had this problem a while now and finally decided to get some advice fixing it: I get a lot of emails from NukeSentinel after it blocks one variety of miscreant or another. All of my blocker configuration settings are set to Email, Block and Default Page, I get the emails, NS writes some octets to .htaccess and the miscreant is blocked... but blocked IPs aren't displayed on NS' Blocked IPs page. There seems nothing in the database. Here are some screenshots to illustrate: Only registered users can see links on this board! Get registered or login! |
_________________
Computer Science is no more about computers than astronomy is about telescopes.
- E. W. Dijkstra |
|
|
|
|
Raven
|
| Posted:
Mon Apr 24, 2006 2:11 pm |
|
What version of NukeSentinel(tm) are you using? Have you examined your server error log, via cPanel , to see if there are any error messages being thrown when it attempts to write to the database? Have you used phpMyAdmin and verified that the bocked_ips table is tryly empty? Try running a REPAIR on the table to see if that helps. |
| |
|
|
|
|
southern
|
| Posted:
Mon Apr 24, 2006 6:58 pm |
|
I am using NS 2.4.2pl5. I've never seen any errors in the cpanel error log pertaining to this. I first noticed the problem sometime last year when I noted that only old 2004 blocks were being displayed, I assumed that updating NS would fix the problem but it hasn't. I am sure that the database blocked_ips is empty cause I emptied it through NS' Clear Blocked IPs function. Since I cleared the database yesterday I've gotten more sc ripts blocked and one un ion and none is showing on the Blocked IPs page. |
| |
|
|
|
|
southern
|
| Posted:
Tue Apr 25, 2006 11:11 am |
|
|
|
|
|
southern
|
| Posted:
Tue Apr 25, 2006 2:52 pm |
|
Looked in PhPMyAdmin, nuke_nsnst_blocked_ips is empty, ran NS' Repair... still no blocked IPs showing. Next suggestion? |
| |
|
|
|
|
Raven
|
| Posted:
Tue Apr 25, 2006 4:28 pm |
|
Make sure that your schema matches the schema for pl5. |
| |
|
|
|
|
southern
|
| Posted:
Tue Apr 25, 2006 7:16 pm |
|
Schema? What's a schema? I'm using the PC Killer templates not the standard NS ones... |
| |
|
|
|
|
Raven
|
| Posted:
Tue Apr 25, 2006 8:49 pm |
|
The schema is the database table layout. Use phpMyAdmin and look at the structure. Make positive that your version exactly matches the pl5 version. |
| |
|
|
|
|
southern
|
| Posted:
Tue Apr 25, 2006 9:02 pm |
|
I'm not sure I'd know if the schema I have matches the schema of pl5. The update from pl4 to pl5 was successful and w/o errors so I supposed all database tables were correct. I'm going to take a screenshot of the tables and you can tell me if the schema matches and what to do if not. |
| |
|
|
|
|
Raven
|
| Posted:
Tue Apr 25, 2006 9:12 pm |
|
Better yet, here is what it should look like:
 |
| |
|
|
|
|
southern
|
| Posted:
Tue Apr 25, 2006 9:39 pm |
|
Oh me... I'm afraid I took the wrong screenshot. I put it in the above link... back anon. |
| |
|
|
|
|
southern
|
| Posted:
Tue Apr 25, 2006 10:01 pm |
|
My nuke_nsnst_blocked_ips schema looks just like that, see in link above. What can the problem be, then? |
| |
|
|
|
|
gregexp
The Mouse Is Extension Of Arm
Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol
|
| Posted:
Wed Apr 26, 2006 12:41 am |
|
check ur schema verses ravens..notice raven has 2 more rows within the schema..now im not totally sure but if it cant fill in all the data it wont fill in any at all...and since there is no data within that table...id drop the table and make it again with an updated query.
just use thisCode:DROP TABLE IF EXISTS nuke_nsnst_blocked_ips;
CREATE TABLE nuke_nsnst_blocked_ips (
`ip_addr` varchar(15) NOT NULL,
`user_id` int(11) DEFAULT '1' NOT NULL,
`username` varchar(60) NOT NULL,
`user_agent` text NOT NULL,
`date` int(20) DEFAULT '0' NOT NULL,
`notes` text NOT NULL,
`reason` tinyint(1) DEFAULT '0' NOT NULL,
`query_string` text NOT NULL,
`get_string` text NOT NULL,
`post_string` text NOT NULL,
`x_forward_for` varchar(32) NOT NULL,
`client_ip` varchar(32) NOT NULL,
`remote_addr` varchar(32) NOT NULL,
`remote_port` varchar(11) NOT NULL,
`request_method` varchar(10) NOT NULL,
`expires` int(20) DEFAULT '0' NOT NULL,
`c2c` char(2) DEFAULT '00' NOT NULL,
PRIMARY KEY (ip_addr),
KEY c2c (c2c),
KEY date (date),
KEY expires (expires),
KEY reason (reason)
);
|
this will drop the table and then make it again...this is the correct setup for the tables so no worries...it will still make a correct table.
now once this is run do not expect the ips to just show up...goto your sentinel admin panel and block an ip..any ip...the ips blocked with the .htaccess are blocked as well as they can get...now if this solves your problem...go into your config.php and find
Code:$display_errors = false
|
change that to
Code:$display_errors = true
|
good idea even if it doesnt work...i do this when i have an unknown error...it may sometimes confuse you but it will almost always point you in the right direction  |
| |
|
 
  |
|
southern
|
| Posted:
Wed Apr 26, 2006 8:37 am |
|
Thanks very much, darklord, this looks like it will fix it. I'll go run the query and do the rest and see how it goes. |
| |
|
|
|
|
southern
|
| Posted:
Wed Apr 26, 2006 9:32 am |
|
The query wouldn't run, I got an 'error on page'. Could the syntax be off? I looked at the install.php for NS242pl5:
Code:
CREATE TABLE `".$prefix."_nsnst_blocked_ips` (`ip_addr` varchar(15) NOT NULL default '', `user_id` int(11) NOT NULL default '1', `username` varchar(60) NOT NULL default '', `user_agent` text NOT NULL, `date` int(20) NOT NULL default '0', `notes` text NOT NULL, `reason` tinyint(1) NOT NULL default '0', `query_string` text NOT NULL, `get_string` text NOT NULL, `post_string` text NOT NULL, `x_forward_for` varchar(32) NOT NULL default '', `client_ip` varchar(32) NOT NULL default '', `remote_addr` varchar(32) NOT NULL default '', `remote_port` varchar(11) NOT NULL default '', `request_method` varchar(10) NOT NULL default '', `expires` int(20) NOT NULL default '0', `c2c` char(2) NOT NULL default '00', PRIMARY KEY (`ip_addr`), KEY `c2c` (`c2c`), KEY `date` (`date`), KEY `expires` (`expires`), KEY `reason` (`reason`))");
|
but I dunno enough to tell about syntax. |
| |
|
|
|
|
Raven
|
| Posted:
Wed Apr 26, 2006 9:42 am |
|
Of course you need to change
CREATE TABLE `".$prefix."_nsnst_blocked_ips`
to
CREATE TABLE `nuke_nsnst_blocked_ips` |
| |
|
|
|
|
southern
|
| Posted:
Wed Apr 26, 2006 10:34 am |
|
That's not the query I tried to run, it is just for comparison with the one darklord posted. I used the query he suggested and it wouldn't run so I compared it to the table in install.php. I hope I'm not so dumb as to run a manual sql query with '$prefix' instead of 'nuke' lol |
| |
|
|
|
|
southern
|
| Posted:
Wed Apr 26, 2006 6:46 pm |
|
Took a break for supper which wasn't fish BTW lol and then I re-ran the sql query darklord provided. This time it was a success and two new rows were added to my nuke_nsnst_blocked_ips table. I then went to my site admin and banned 'any' IP and the banned IP displays as it should. See link above. Thanks very much Raven and darklord!
 |
| |
|
|
|
|
Raven
|
| Posted:
Wed Apr 26, 2006 10:55 pm |
|
|
|
|
|
southern
|
| Posted:
Wed Apr 26, 2006 11:02 pm |
|
Gotta admit I'm a believer  |
| |
|
|
|
|
southern
|
| Posted:
Thu Apr 27, 2006 9:57 am |
|
So the next day I get four sc ript hits and I go off to my admin page to admire the blocked IPs displayed... and I find a blank page in NS' Display Blocked IPs! I look at the module Blocked_IPs and the hits are displayed but not correctly. See link above. I checked the error log in cpanel and there are no errors pertaining to this, just the IPs of the sc ript kiddies that got blocked. I looked at the file ABBlockedIPs and there is no blank lines at the end. What to do? |
| |
|
|
|
|
southern
|
| Posted:
Thu Apr 27, 2006 1:03 pm |
|
C'mon, I'm almost through one strap... |
| |
|
|
|
|
gregexp
|
| Posted:
Thu Apr 27, 2006 10:00 pm |
|
if its in ur admin panel.. i cant see it..the block is working correctly...it may be also that ur site or server was gettin dossed which will sometimes cause just a blank page...but in time it should refresh and work just right...as for the code...i exported that code from my sql database and did a simple copy and paste..hey im a true believer in sentinel...let us know what happens |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
