Author |
Message |
skeetch
New Member
Joined: Oct 20, 2007
Posts: 20
|
Posted:
Sat Feb 13, 2010 1:08 pm |
|
I'm a ravennuke user , and I have had several different sites. I'm currently working on yet another php project, and I'm wondering if sentinel can be re-fit to work with other php sites?
How hard would it be, can it be modified to work, or would it require a total re-write?
I guess I'm asking if there is any way it can be run on other scripts, or as a third party protection agent?
Thanks! |
|
|
|
|
jakec
Site Admin
Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom
|
Posted:
Sat Feb 13, 2010 1:35 pm |
|
Unfortunately there is no way to run it with other scripts without heavy modification. |
|
|
|
|
skeetch
|
Posted:
Sat Feb 13, 2010 1:38 pm |
|
Do you know of a way to export the blocked ranges, and the ip2country data to a .htaccess file for use on other sites? |
|
|
|
|
jakec
|
Posted:
Sat Feb 13, 2010 1:47 pm |
|
ip2country data is freely available on the internet. Blocked ip's should also appear in the .htaccess, assuming you have it set to write them to the .htaccess. |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
Posted:
Sat Feb 13, 2010 2:23 pm |
|
skeetch wrote: | Do you know of a way to export the blocked ranges, and the ip2country data to a .htaccess file for use on other sites? |
Also, you can always use phpMyAdmin to export the data in any table in your database. |
|
|
|
|
skeetch
|
Posted:
Sat Feb 13, 2010 2:51 pm |
|
Thanks for the reply, very helpful! |
|
|
|
|
Raven
|
Posted:
Sat Feb 13, 2010 4:45 pm |
|
|
|
|
fkelly
Former Moderator in Good Standing
Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY
|
Posted:
Sun Feb 14, 2010 6:17 pm |
|
NukeSentinel is a great product and I use it on all my sites. Wouldn't be without it ... for now anyway ... but I'd also like to see us write a core product that would make it obsolete. In part it was designed and programmed because the owner of PHPNUKE refused to incorporate security in the core his product. Just as a for instance, form variables should be filtered and sanitized before being used on a system or put in a data base. Base Nuke does little of that. Ravennuke does a lot more but it's not perfect. NukeSentinel provides a bandaid by filtering all GET and POST data (if you turn those filters on) but really the filters should be in the core and Sentinel should not be needed for those purposes. If you are working on another PHP project maybe you will have the influence to see that they do their filtering correctly.
Likewise, a number of your questions relate to IP addresses both banned ones and IP2Country. Hackers can easily simulate legitimate IP addresses so banning individual IP's or whole countries is only going to get you so far. It may provide more an illusion of security than it's substance -- I'm not sure about that. |
|
|
|
|
skeetch
|
Posted:
Mon Feb 15, 2010 8:20 am |
|
I agree, it will do more for illusion purposes, but also blocking unsecured/open proxies is the key... and that, we cannot do with sentinel... ahhhh.. to dream! |
|
|
|
|
|