| Author |
Message |
st247
New Member
Joined: Apr 19, 2006
Posts: 19
|
 Posted:
Wed Apr 11, 2007 6:18 am |
|
I just installed a fresh Ravennuke 7.6 v. 2.1 and imported all data from my old Nuke 7.4 site. It's the first time I'm using NukeSentinel (I used protector before).
I'm having some problems with the flood blocker. I noticed I was getting blocked for just trying to access a certain item, like FAQ, forum,... I increased the Flood Delay to 5 seconds and switched the Flood blocker to Email & Forward. I've been receiving quite some mails since then. There are different url's : encyclopedia, forum, downloads, content,...
I don't now if it's my fault, maybe I misconfigured something.
I do want people to get blocked, but only when it's a real flood attack.
Anyone any idea what might be wrong ?
Thanks  |
| |
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Sat Apr 14, 2007 1:53 pm |
|
Did you ever resolve this or is it still an issue? |
| |
|
|
|
|
st247
|
| Posted:
Sat Apr 14, 2007 2:36 pm |
|
It's still the same. I turned it off completely now. But if I could get it to work correctly that would be great. |
| |
|
|
|
|
Raven
|
| Posted:
Sat Apr 14, 2007 2:52 pm |
|
|
|
|
|
st247
|
| Posted:
Sun Apr 15, 2007 12:00 pm |
|
I don't know if you were referring to the settings ?
Mine are :
Page delay : 5
Flood delay : 5
Dos protection : on
Block proxies : mild level
My flood blockers setting is now off, but was Email, block & default, and after that email and forward
write to htaccess : no
IP block type : full
I'm sorry if this is a stupid question, but this thing is new to me.
Is there a way to know from the mails if it happened by 'accident' or if it's a real attack ? Because I received an email from someone who got blocked just by accessing my site from google.
And another stupid question 
I got a blocked abuse (filter) where get/post string was something like this :
www.mysite.be/index.php?file=XXXXXXX
Could anyone tell me what could happen if something like this wasn't blocked ? |
| |
|
|
|
|
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
| Posted:
Sun Apr 15, 2007 4:02 pm |
|
sorry st247 but i edited your posted url.....it was a php.backdoor trojan.
so to answer the last hack....yes that was a dirty one. |
| |
|
|
|
|
Raven
|
| Posted:
Sun Apr 15, 2007 4:25 pm |
|
|
|
|
|
st247
|
| Posted:
Mon Apr 16, 2007 1:26 am |
|
| hitwalker wrote: | sorry st247 but i edited your posted url.....it was a php.backdoor trojan.
so to answer the last hack....yes that was a dirty one. |
No problem, I didn't have an idea what it was. Glad Sentinel blocked it then BTW, the ip address it was referring to was different from the attacker's ip. Does it help if I also block the sites ip ?
Any ideas about the flood blocker ? |
| |
|
|
|
|
hitwalker
|
| Posted:
Mon Apr 16, 2007 3:34 am |
|
no but a question.....is there a reason to use the flood blocker ?
If not ...then turn it off..
i strongly believe that you should turn it on only when you have to....
as for banning the ip's,sentinel will do its job ....dont worry about that.. |
| |
|
|
|
|
st247
|
| Posted:
Mon Apr 16, 2007 10:02 am |
|
No I don't think there's a reason. I guess when they're really attacking I'll notice ?
So I'll just keep it turned off then, thanks |
| |
|
|
|
|
hitwalker
|
| Posted:
Mon Apr 16, 2007 11:10 am |
|
well its needed you will know.... |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
