Some help

Hangin' Around Joined: Nov 28, 2004 Posts: 29

Hello, Im not quite sure about what all the options in sentinel are, so is there somewhere I can find a guide to the optimum settings to have? A master list of bad IPs , bad IP ranges, or something of that sort? Any help would be greatly appreciated.

Thanks,

Diego

Posted: Sun Nov 28, 2004 5:02 pm

bumpzors ;]

registered · Site Admin Joined: Jun 04, 2004 Posts: 6437

For help with settings, check out the Only registered users can see links on this board! Get registered or login!.

As for a master list of bad IPs, ranges, there is no clear choice. You could try copying the posted list here, at Nukescripts.net, or other Sentinel sites that posted bad IPs. I think beetraham posted a list here (search the news) with a utility for loading a list into Sentinel.

Subject Matter Expert Joined: Feb 23, 2004 Posts: 358

It's hard to define 'optimum' settings, because they vary from server environment to server environment and depend a great deal on what you expect Sentinal to do for you... the downfall to any program this robust and feature-rich is that it requires you to know a thing or two about how your server environment is setup.

I'll say that most of the default settings should get you a basic protection scheme up and running. Your main concern with protections will lie in Sentinal Configuration and the Blockers section. That's where all of the filters work which will stop the harvesters and script kiddeez. The other stuff, like the Admin protection areas (which takes Sentinal into another universe compared to other protection systems) aren't mission-critical and do require you to be armed with a little info up front. You can play around in there a bit, but be prepared with a good FTP client and phpMyAdmin in case you lock yourself out accidentally Wink

If your server environment won't let you get the Admin protection working 100%, then at the very least use .htaccess to add a second-level user/pass protection to admin.php in the Nuke root, and index.php in the folder {nuke-root}/modules/Forums/admin. I've been doing that since around 2 years ago and haven't been Admin hacked yet.

PHrEEk

Posted: Sun Nov 28, 2004 7:33 pm

Is there a way to import settings? I tried looking for that thing mentioned above but to no avail.

Posted: Sun Nov 28, 2004 7:42 pm

When you install it, default settings are created. You should review the User Guide to determine if you need to change the settings to be appropriate for your site. If you aren't sure about a specific setting, post a message here.

Posted: Sun Nov 28, 2004 8:38 pm

alright, how about importing IP list and ranges?

Posted: Sun Nov 28, 2004 10:00 pm

I believe kguske is trying to direct you to this page:

http://www.ec-clan.org/MySQL-DumpGen/README-INSTALL.php

That will allow you to quickly add entire country ranges, although I'm not sure that's what you're trying to do... can you be more specific as to what IP ranges you want to block? You can add them one by one through Sentinal Config, but this would only be necessary if right off the bat you want a particular block or range banned and a good reason why. Other than that, leave all that stuff alone and Sentinal will start building the banned IP list in your DB depending on who is trying to jack up or scan/harvest your site. I have always had South America banned (200.*.*.*) through .htaccess for years now, but have never needed to ban any other region (knock on wood). Make sure you understand the differences between:

-> an individual IP
-> a range of IP's
-> a block of IP's

All 3 are different things, and if you don't completely understand these differences, just don't mess with it and let Sentinal handle it on its own.

PHrEEk

Posted: Sun Nov 28, 2004 10:35 pm

Thanks, PHrEEkie, that was what I was looking for, but got distracted. Beetraham's article about this is Only registered users can see links on this board! Get registered or login!.

Posted: Mon Nov 29, 2004 4:29 pm

I meant like for example,. taking this sites list of bad IP's and ip ranges and importing them to my Sentinel

Posted: Mon Nov 29, 2004 4:51 pm

That's up to the site owner, Raven. You might send him a PM requesting an extract, or you could copy and paste the public list and format it into SQL statements before importing. But I'm not sure what the benefit of that will be - if you have Sentinel running and someone tries to access your site improperly, Sentinel will ban them at that time, assuming you have it configured to do that.

Posted: Mon Nov 29, 2004 7:10 pm

Diego, if the confusion lies in you thinking that you need to add IP's up front, you don't! Sentinal adds them as it detects suspicious activity! Raven may very well have added a few by hand, but most of what you see his block showing were added by Sentinal over the past months. It takes time for that fill up on its own (in a best-case scenario, it wouldn't fill up at all! hehe ok, one could wish for a script-kiddee free environment!) Like I said in an earlier post, if you have a REASON to block a particular IP, range or block, then Sentinal allows you to add them by hand. That is not the usual way to do things... just let Sentinal add them as necessary..

PHrEEk

Posted: Mon Nov 29, 2004 7:15 pm

Alright I understand. Also, is there anyway to increase the number under the banner saying the board is protected? IE

"we have caught 10 shameful hackers" I jsut want to make it so it seems the system works to prevent people from trying

Posted: Mon Nov 29, 2004 7:35 pm

LOL... sure, just go into Sentinal Config IP blocker and hand add in some stuff... you could use some inside-LAN ip's that would never appear on the internet. Just make sure not to block out your localhost (typically 127.0.0.1). There's thousands of IP's you could use which will not intefere with your site vistors.

Posted: Mon Nov 29, 2004 7:44 pm

Here's a more permanent fix:

Go into blocks/block-Hacker_Beware.php

Find:

Code:

$total_ips = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_nsnst_blocked_ips" ));

Underneath, add:

Code:

$total_ips = intval($total_ips) + 10;

Save changes and refresh your site.

You will always have the total number of true hackers caught plus 10 (which in the case of 0, would be 10). Once you have enough hack attemtps to satisfy you, you can delete that new line.

PHrEEk

Posted: Mon Nov 29, 2004 8:07 pm