| Author |
Message |
viper155
Regular
Joined: Feb 18, 2006
Posts: 99
|
 Posted:
Wed Feb 22, 2006 11:53 am |
|
I just installed nuke sent and it has banned a few people, however I want to get anyones opinion on if a few of these shoulda been banned.
Code:Date & Time: 2006-02-22 08:20:40 PST GMT -0800
Blocked IP: 82.42.224.207
User ID: Anonymous (1)
Reason: Abuse-Referer
String Match: xxxx:
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Query String: tysontalk.com/index.php
Get String: tysontalk.com/index.php
Post String: tysontalk.com/index.php
Forwarded For: none
Client IP: none
Remote Address: 82.42.224.207
Remote Port: 4219
Request Method: GET
|
Code:Date & Time: 2006-02-22 04:37:19 PST GMT -0800
Blocked IP: 195.93.21.38
User ID: Anonymous (1)
Reason: Abuse-Referer
String Match: xxxx:
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1)
Query String: www.tysontalk.com/index.php
Get String: www.tysontalk.com/index.php
Post String: www.tysontalk.com/index.php
Forwarded For: none
Client IP: none
Remote Address: 195.93.21.38
Remote Port: 50981
Request Method: GET
|
|
| |
|
 
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
| Posted:
Wed Feb 22, 2006 12:43 pm |
|
The last one is an attack attempt so thats good.
The other two are debatable. The ban occured because they had a referer string of 'xxxx' which means they came from a site with 'xxxx' in the url - the connection is obvious!
I get quite a few of those myself and even though my email address is presented to them during the banning process and a message saying 'if you think you were banned unfairly, please email me' - no one has yet to email me.
Sentinel has banned a few people for other things and those people have always contacted me by email so you may draw your own conclusions. |
| |
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Wed Feb 22, 2006 7:41 pm |
|
A referer of XXXX usually means their firewall software supresses the referrer url. Usually it is just masking the real referer by replacing all letters with x
i.e. xxxx://xxxxxxxxxxxx |
_________________
- Only registered users can see links on this board! Get registered or login! -
Need help? Only registered users can see links on this board! Get registered or login! |
|
|
|
|
Guardian2003
|
| Posted:
Wed Feb 22, 2006 8:24 pm |
|
Hmm, so we wouldnt want that then as I can see this causing a problem for legitimate users who just happen to have decent firewalls installed |
| |
|
|
|
|
FireATST
RavenNuke(tm) Development Team
Joined: Jun 12, 2004
Posts: 654
Location: Ohio
|
| Posted:
Wed Feb 22, 2006 8:57 pm |
|
So to prevent legitimate ones to get thru should I set the referrer to off in the settings. My understanding that it was so that questionable referrers were the ones blocked such as ones from porn sites. |
| |
|
  |
|
viper155
|
| Posted:
Thu Feb 23, 2006 1:23 pm |
|
So is this how the referrers system works..
If someone is currently browsing xxxchyangel.com and then they come to my site they would get banned, or does it have to be a link they clicked that was on xxxchyangel.com?
thanks
Oh and I did get a email from a guy today that was banned bc of the xxxx: referrer.. I dont know much but from what I read I dont think im taking to much of a risk to remove xxxx: from the list correct? |
| |
|
|
|
|
evaders99
|
| Posted:
Thu Feb 23, 2006 5:12 pm |
|
No, I believe they have to actually click a link on that site that goes to your site. That should be the only way the browsers do it. However, referral spammers can still fake things.. so you shouldn't trust that all the referrals are true users
I don't believe there is a risk to deleting xxxx: - unless there is a site that xxxx: is a valid "spammed" address |
| |
|
|
|
|
tulisan
New Member
Joined: Aug 31, 2005
Posts: 1
|
| Posted:
Sun Aug 06, 2006 8:50 pm |
|
the xxxx: string in the referer's list is what causing some people being banned. Im a bit confused since this is the only string in the referers list that is not in a URL format. Deleting this seems to solve the problem. However, The latest nuke sentinel still has this in the install sql file. should this string just be deleted? |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
