You are using an Invalid IP to access this site! (part 3)

New Member Joined: Aug 08, 2006 Posts: 14

Hi,

Here in the Netherlands many people are switching from phone and adsl (for internet) to phone and adsl combined. All their ip-adresses start with 77. When they come on a nuke sentinal protected site they get the message: You are using an Invalid IP to access this site!. But they also get this message on many dutch sites.
Now I am already using ravennuke 2.02.02 so that means I am using the newest ip2country data ??
What do I do. If I am right I need to Add a range in the nuke sentinal admin area , right ? When I was looking in the ip2country database date I saw that the ranges are added in a difficult way for example:
3559686144 3559694335
3559702656 3559702719
3559718912 3559727103
etc
Why not just 3500000000 to 3600000000 ? Isn't that much easier ?
So how do I add the 77 range. 7700000000 to 7800000000 or is that wrong ?

registered · Site Admin Joined: Jun 04, 2004 Posts: 6437

If you search the forums here, you should find instructions for turning off / disabling the IP check. It's a proactive check, and not based on an actual attack.

New Member Joined: Sep 03, 2006 Posts: 21

I've turned mine off and still have a lot of people telling me they get Invalid IP message.I've even added a couple of guys to the protected range with no changes.
Last guy was from Canada and couldn't get in.
Since the new 2.10 will be released in a few days I stoped trying to fix it.

registered · Posted: Sun Feb 25, 2007 8:44 pm

Did you indeed update the IP2Countries data from the latest package at Nuke Scripts?

You can easily add ranges using Sentinel. Of course, the actual storage is a different IP number, as it has to translate 77.xxx.xxx.xxx into real binary ranges.

Involved Joined: Oct 09, 2006 Posts: 413 Location: UK

if you simply have 2.02 of RN76 then your sentinel will be way out of date. You need to goto nukescripts.net as Evaders99 said and get the latest Sentinel package.

Posted: Mon Feb 26, 2007 4:36 pm

Just went and got the update uploding it now hope that will fix it.
THX

Posted: Mon Feb 26, 2007 4:39 pm

no problem

Bear in mind 2.02 is nearly a year old, and in the 6 months ive been using it, ive (i think) had 4 sentinel updates. Remember tho Sentinel is an add-on that comes with RN, but is still a seperate product.

Posted: Tue Feb 27, 2007 3:01 am

I will wait until the new sentinal come's out. I just don't get the use of the Ip to country just yet. Maybe someone can shine some more light on this. Are the ip's in the ip to country table ip that will be blocked or are it ip that are valid ? Or is it just to see what ip belonges to what country. Than ..still..why does sentinal say "invallid ip" because it isn't in the ip to country table...? Or am I totely misunderstanding it ? I also understand that sentinal works with an empty ip to country table.

Posted: Tue Feb 27, 2007 6:56 am

You will need to run the upgrade script for Sentinel one version at a time, so I would start upgrading now, then when the new version is released you've only got one more upgrade to do.

The IP to country is exactly what it says, to relate the users IP to the country they are from. I believe there is also a check to see if the users IP is in the database, if it is not present then you will get the Invalid IP error, that is my understanding anyway.

Posted: Tue Feb 27, 2007 6:23 pm

if you are not running 2.5..... then you are vastly out of date my friend, dont wait for the next version, get the current.

Invalid Ip shoud be cured by turning the check off.as i myself highlighted as a fix months ago.

registered · Posted: Thu Mar 01, 2007 6:58 am

No issues with upgrading NukeSentinel. If I were you, I would ALWAYS keep current on NukeSentinel, as it is trying to stay current with exploits and bug fixes. The RN 2.10 upgrade script will recognize your version and only upgrade to a newer version if required.

Posted: Thu Mar 01, 2007 11:16 am

While I agree with all that's been said about keeping current, it still seems to me that it would be worthwhile if sometime Bob or Raven (and I know how busy they both are with more important issues, so I'll be patient) can take a look at the logic that leads to the invalid ip message and maybe post something that us weaker programmers can understand. I posted a query back in January that went like this:

I think maybe we have an "urban legend" going on in these Forums with respect to the invalid IP issue. After a user at my test site complained, I started looking at reimporting the IP2country data because that seems to be the solution recommended here. But I'm not sure.

I have tried tracing back thru Nukesentinel.php to determine the origin of this message. The immediate kick off for the message being generated (and I'm using the latest 2.5.05 code) is this:

Code:

// Invalid ip check


if(isset($bypassNukeSentinelInvalidIPCheck) AND $bypassNukeSentinelInvalidIPCheck) {;}


elseif($nsnst_const['remote_ip']=="none") {


  echo abget_template("abuse_invalid.tpl");


  die();


}

That's at line 118. So then we'd need to see how 'remote_ip' gets set to "none". It's tracing this that leads into a labyrinth of functions starting with get_ip. I have to confess that I can't follow all the logic in there. I know that at one point there is a get_remote_addr function that in turn calls a get_env function which should be returning the $_SERVER(remote_addr) which according to the documentation for PHP should be the IP of the client. So if that's missing I guess we could get an invalid IP. But looking at the logic in get_ip has me baffled and I'm just not sure what conditions would lead to this error.

Perhaps at some point we can get Bob or Gaylen to offer us an explanation, or perhaps someone else who knows about this can assist because it does seem to be a very common and vexing problem that's leading knowledgeable folks to just turn off the feature. Does this problem have any relation to IP2country and IP addresses that might be missing from there? Or is it somehow the client's failure to send a valid IP that's causing this? Or something else entirely?

registered · Posted: Thu Mar 01, 2007 11:31 am

In my own case, my AOL users and a few guys browsing my site from their work locations were seeing the invalid IP abuse screen. That is the primary reason I set $bypassNukeSentinelInvalidIPCheck to true in my config.php. Since I haven't banned by country (yet), I didn't see any need at this time to have Sentinel validate IP addresses.

And the first go around of the quick fix patch (thanks Technocrat) for the Sentinel exploit was also denying my AOL users. I'm guessing AOL is just not providing a valid client IP address somehow?

Posted: Thu Mar 01, 2007 11:52 am

Quote:

I'm guessing AOL is just not providing a valid client IP address somehow?

Yeah, that's what's bugging me Gremmie; I think there is more to this than is lying on the surface. If the code was just trying to match the client's IP address against a record in the IP2Country table I'd think it would just take the incoming record and do a lookup and if the number of rows was zero give a simple message. And if that's the case I'd wonder if we aren't just chasing our collective tails by trying to validate IP's this way. Because IP's are always going to be added and no matter how often you update the IP2country table you are always going to be behind the curve, so to speak, and anyway we all know that hackers can fake IP's easily so it is most likely to be some clueless and harmless user who gets the invalid IP message.

In other words, what's the "specification" for this feature, what is it trying to accomplish and do we really need it. I know that the check can be turned off but I'm not sure that's really a good solution. I'm just curious about whether the feature really adds security and whether it's really needed in the first place.