Topic Title: Welcome Aboard

Posted: Thu Jun 03, 2004 7:04 am

In light of the recent activities in the Sentinel forum at Nukecops, this forum has been opened for the discussion of security issues. Rant, rave, bash your way around. Or, discuss relevant issues of PHPNuke security Smile

Joined: Mar 29, 2003 Posts: 1038 Location: Cambs,UK

I thought the issues that they all have with each other make for very enjoyable reading (even missed my breakfast this morning)!!! Very Happy

Seriously though, as a multiple nuke user, which is the best to use. I am using Sentinel and it seems to do the job (had fun banning myself!!!).

I guess it will come down to the most popular wins through (eg VHS, Betamax, etc) all the job but the winner is the one that gets the most exposure (thx to NC that seems to be Sentinel)!

Posted: Thu Jun 03, 2004 11:30 am

i used a heavily modified version of fortress, which writes out to a file and bans the IP via iptables. portsentry is also in use on this site, as is a 404 error handler which catches common script kiddie attempts (like those aimed at the _vti_bin directory, etc).

Joined: Sep 28, 2004 Posts: 29

I currently run PHP-Nuke 7.5 HA v.1.2 (http://hackerassassins.com)
pre-installed Sentinel™, Admin Secure, Chatserv Patches, and more..
does a great job keepin peeps out that dont belong..
Has error docs addon,
GoogleTap ect..

give it a try, its a pretty nice package..

currently setting up
Easy IP Ban Reference - eC-IPBR (http://www.ec-clan.org/downloads.html)

Posted: Thu Sep 30, 2004 8:22 am

i'm still tweaking the IP Ban module here on this site, but for starters, here's what's going on behind the scenes:
- Portsentry monitors access attempts. Any blacklisted ports are automatically added to the iptables filter table.
- I have a 404 handler which notifies me of all 404's on the site. Most are innocent enough (typos, etc). But some are the script kiddies trying to break in. Any unauthorized attempts are immediately added to the iptables filter table.
- A cron job runs every 15 minutes to read the Portsentry log and updates the database.
- Once a week, I query all 4 top level registries (ARIN, RIPE, LAC, APNIC) and update my country database with the IP address ranges associate with each country.

All of these work together to form the IPBan module on this site. I'm testing mod_security [modsecurity.org] on another machine to quantify any performance impact, and will hopefully roll that into production soon.

I'm still working on some fine tuning of the information display pages, etc. Once I'm pleased with the final look/feel and the results, I will release it as a module. Unfortunately, due to it's dependance on iptables, it will be restricted to those who own/run their own servers.

Author	Message
Post Title: Welcome Aboard
dari Joined: Mar 03, 2003 Posts: 6287 Location: Washington Township, NJ, USA	Posted: Thu Jun 03, 2004 7:04 am In light of the recent activities in the Sentinel forum at Nukecops, this forum has been opened for the discussion of security issues. Rant, rave, bash your way around. Or, discuss relevant issues of PHPNuke security

Author	Message
Post Title: Re: Welcome Aboard
slackbladder Joined: Mar 29, 2003 Posts: 1038 Location: Cambs,UK	Posted: Thu Jun 03, 2004 11:28 am I thought the issues that they all have with each other make for very enjoyable reading (even missed my breakfast this morning)!!! Seriously though, as a multiple nuke user, which is the best to use. I am using Sentinel and it seems to do the job (had fun banning myself!!!). I guess it will come down to the most popular wins through (eg VHS, Betamax, etc) all the job but the winner is the one that gets the most exposure (thx to NC that seems to be Sentinel)!

Author	Message
Post Title: Re: Welcome Aboard
dari Joined: Mar 03, 2003 Posts: 6287 Location: Washington Township, NJ, USA	Posted: Thu Jun 03, 2004 11:30 am i used a heavily modified version of fortress, which writes out to a file and bans the IP via iptables. portsentry is also in use on this site, as is a 404 error handler which catches common script kiddie attempts (like those aimed at the _vti_bin directory, etc).

Author	Message
Post Title: Re: Welcome Aboard
Crypton Joined: Sep 28, 2004 Posts: 29	Posted: Wed Sep 29, 2004 1:12 pm I currently run PHP-Nuke 7.5 HA v.1.2 (http://hackerassassins.com) pre-installed Sentinel™, Admin Secure, Chatserv Patches, and more.. does a great job keepin peeps out that dont belong.. Has error docs addon, GoogleTap ect.. give it a try, its a pretty nice package.. currently setting up Easy IP Ban Reference - eC-IPBR (http://www.ec-clan.org/downloads.html)

Author	Message
Post Title: Re: Welcome Aboard
dari Joined: Mar 03, 2003 Posts: 6287 Location: Washington Township, NJ, USA	Posted: Thu Sep 30, 2004 8:22 am i'm still tweaking the IP Ban module here on this site, but for starters, here's what's going on behind the scenes: - Portsentry monitors access attempts. Any blacklisted ports are automatically added to the iptables filter table. - I have a 404 handler which notifies me of all 404's on the site. Most are innocent enough (typos, etc). But some are the script kiddies trying to break in. Any unauthorized attempts are immediately added to the iptables filter table. - A cron job runs every 15 minutes to read the Portsentry log and updates the database. - Once a week, I query all 4 top level registries (ARIN, RIPE, LAC, APNIC) and update my country database with the IP address ranges associate with each country. All of these work together to form the IPBan module on this site. I'm testing mod_security [modsecurity.org] on another machine to quantify any performance impact, and will hopefully roll that into production soon. I'm still working on some fine tuning of the information display pages, etc. Once I'm pleased with the final look/feel and the results, I will release it as a module. Unfortunately, due to it's dependance on iptables, it will be restricted to those who own/run their own servers.