Perm block - Can not remove it?

Hangin' Around Joined: May 23, 2006 Posts: 40

Hi -

I am currently getting the following message from my website:

User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7
Remote Address: ***.***.***.***
Client IP: none
Forwarded For: none
Date Blocked: 2007-10-08 @ 00:10:58 EDT GMT -0400
Block expires: Permanent

Notice the BLOCK DATE is 10-8-07 --- I cleared the blocked_ip table, and still get this message, I also checked .htaccess.

Where is this getting 10-8-07 from? That was 11 days ago... I do not understand

Thanks Wink

registered · Posted: Thu Oct 18, 2007 9:04 pm

Is there any message before this.. ala why you are being blocked?

Subject Matter Expert Joined: Feb 23, 2004 Posts: 358

Sounds like a cache issue. If you've cleared the blocked_ips table (technically, it's EMPTY...) and there are no .htaccess issues, then clear your cookies and empty your internet temp files.

If you still get that message, we'll need to contact Fox Mulder... = )

PHrEEk

Posted: Fri Oct 19, 2007 5:56 am

The reason is as follows:

You have been blocked from entering this site.

You have attempted to bypass the Filter System on this site.

---

I have emptied cache and temp files, and still get the same message.

Fox Mulder - Plz help

Thanks!

Posted: Fri Oct 19, 2007 10:30 am

Hi ccac !
Do you use the latest Nuke Sentinel version?
If not better update to 2.5.13 beneed this you can always change the settings of the filter blocker e.g. the expires date.

Posted: Fri Oct 19, 2007 3:55 pm

Looking over this thread, at the start it looks like you were blocked like 10 days ago. That message you quoted in the first post comes when your IP is found in the blocked IP table. So, if you've cleared that ... well the posting you did Friday October 19 makes it look like you are getting caught up in the filters from NukeSentinel. These generally filter the contents of POST and GET strings. If you are just going to the index.php of your site you should not see the bypass the filter system message. Your most recent post also makes it look like you are getting banned currently and not based on what happened 10 days ago. Perhaps you could verify that.

Obviously if you can't get into the site, then you can't turn off the filter blockers but that would be what I would recommend on a temporary basis for testing. You might also check the blocked range table and make sure your IP is not somehow in there.

Posted: Sun Oct 21, 2007 2:21 pm

I dont see any reason I am being banned now though -- I am simply going to www.mysite.com

How do I find the version of sentinel I am using? This is frustrating, I can see my site from work, just not the comfort of my home

Any more ideas?

Thanks

Posted: Sun Oct 21, 2007 2:53 pm

Your NS version number is stored in the nsnst_config table in a field called config_value. In later versions of NS it is also displayed on the NS admin screen but I don't recall if that has always been the case.

As Susann indicated you'd be best off getting to the latest version. Installing it might fix your problems ... or not ... but there's at least a chance. Based on the symptoms in your latest post, getting banned from work but not from home, it seems like you might have a banned IP or else maybe a cookie problem. And yes I know that's been discussed earlier in the thread but that's still the way it seems.

Posted: Mon Oct 22, 2007 1:17 pm

Hi fkelly -

Thank you for your insight - my NS version is 2.4.2pl5
I assume this version is very out of date? I noticed that another website running this same version is also banning me, with a different date noted in the block message. Could this all be outdated software issues?

I will again try to clear cache, etc on the local machine.

Thanks!

Posted: Mon Oct 22, 2007 1:54 pm

I can't say that it's NS version 2.4.2pl5 that's banning you per se. But yes that version is very dated. It just sounds to me like you'd be best off biting the bullet and doing a full careful installation of NS2.5.13. I've been looking at NS a bit today and I realized that I misspoke the other day. I said that being blocked by a filter had to do with a POST or GET string and that's not true. POST and GET are involved with a SCRIPT block. However, there is a lot of checking for cookies in the filter blocking area of the code so maybe you have something wrong in the way cookies are set.

Posted: Tue Oct 23, 2007 4:35 pm

Is there anything I need to know about the upgrade? Is it just a simple - ftp up the files and sql the new structure? -- kind of like 'plug-n-play' ?

Posted: Tue Oct 23, 2007 4:54 pm

You´ ll need first to reach NukeSentinel Version 2.5.00 and afterthat download the newest version 2.5.13 and update from 2.5.00 until you reach the current version and you should also use the newest version of IP2Country.
All older versions of NS you can find e.g. at:
http://www.cybertipps.com

I would install 2.5.13 fresh.

Posted: Wed Oct 24, 2007 3:42 pm

So I need to install every update since my version? What do you mean by install 2.5.13 fresh? Smile

I assume that means you would delete and reinstall.

Thanks

Posted: Wed Oct 24, 2007 4:21 pm

Version 2.5.13 contains the upgrade 2.4.2x to 2.5.00 tables and also the upgrades for each version.
I meant with unknown strange errors I would remove the tables and reinstall.

Posted: Wed Oct 24, 2007 4:33 pm

Oh ok - so you are suggesting I delete the current tables that are giving me errors (or assumed to be) and then install all new witht he 2.5.13 upgrade?

Thanks for your quick replies btw - RavenScripts is great! Smile

Thanks again!

Posted: Wed Oct 24, 2007 4:41 pm

Its your decision. But you should not use the old versions longer Smile

Posted: Fri Oct 26, 2007 2:21 pm

please dont get me wrong - I want to intsall the update, I just do not want to create a new issue by gettinng in a hurry.

Thanks Wink

Posted: Fri Oct 26, 2007 3:03 pm

Version 2.5.13 was a critical update therefore I would not wait. Read about all the changes in the change file.

Posted: Fri Oct 26, 2007 9:14 pm

I notice in the README.txt I find this:

http://www.YOURDOMAIN.com/admin.php
2) Then, in the address line of your browser, erase the admin.php and replace it with nsnst.php
For example: http://www.YOURDOMAIN.com/nsnst.php
This will install, upgrade, or uninstall NukeSentinel(tm) database tables.

How will I run the nsnst.php if I am unable to access admin.php because I am blocked?

Can I go into phpmyadmin and replace these files with a sql script?

Also - what are the "EDITS_FOR_CORE_FILES" Folder contents? I do not understand where to install these.

Thanks Again you guys are great!

Posted: Sat Oct 27, 2007 2:49 am

If you want to speed this up just a little bit, drop me a line in my Private Message box and I'll go in and fix it for you.

PHrEEk

Posted: Sat Oct 27, 2007 1:14 pm

Protected Ranges will not be Blocked.Add your IP there.
Maybe login from a friends PC but afterthat clean cookie and cache and don´t forget to log out.
Edit for core files:
I believe you only need to remove nsbypass from your root because this file moved in vers. 2.5.05 to inclues/directory but maybe check also your header for the right code after you upgraded.

Posted: Wed Oct 31, 2007 10:04 pm

Does Raven offer an upgrade service? These are non-profit sites and I do not have the time right now to fix them.

Please let me know - PM me if possible.

Thanks

Posted: Thu Nov 01, 2007 12:40 pm

Raven offers different services there is a "contact us" link at the main page but I quess he doesn´t have enough time to upgrade your NukeSentinel version which is more or less a simple thing. Thought you or PHrEEkie had it already fixed.

Posted: Sat Nov 03, 2007 10:46 am

Not yet... I havent had time - If no one is available to provide the service (paid of course) I will attempt it this weekend - maybe tonight Smile

I do appreciate all your help! Smile

This community is great

Posted: Sat Nov 03, 2007 7:28 pm

Ok - You folks are just amazing - the updgrade was SO user friendly!!!! SUPER user friendly!

I think I have done everything correctly, if not I will be back after being hacked haha.

Thanks!