Joined: Mar 03, 2003 Posts: 6221 Location: Washington Township, NJ, USA
Posted: Thu Jun 03, 2004 7:04 am Post subject: Welcome Aboard
In light of the recent activities in the Sentinel forum at Nukecops, this forum has been opened for the discussion of security issues. Rant, rave, bash your way around. Or, discuss relevant issues of PHPNuke security _________________
Joined: Mar 29, 2003 Posts: 1038 Location: Cambs,UK
Posted: Thu Jun 03, 2004 11:28 am Post subject: Re: Welcome Aboard
I thought the issues that they all have with each other make for very enjoyable reading (even missed my breakfast this morning)!!!
Seriously though, as a multiple nuke user, which is the best to use. I am using Sentinel and it seems to do the job (had fun banning myself!!!).
I guess it will come down to the most popular wins through (eg VHS, Betamax, etc) all the job but the winner is the one that gets the most exposure (thx to NC that seems to be Sentinel)! _________________ "The only difference between me and a madman is that I'm not mad."
Joined: Mar 03, 2003 Posts: 6221 Location: Washington Township, NJ, USA
Posted: Thu Jun 03, 2004 11:30 am Post subject: Re: Welcome Aboard
i used a heavily modified version of fortress, which writes out to a file and bans the IP via iptables. portsentry is also in use on this site, as is a 404 error handler which catches common script kiddie attempts (like those aimed at the _vti_bin directory, etc). _________________
I currently run PHP-Nuke 7.5 HA v.1.2 (http://hackerassassins.com)
pre-installed Sentinel™, Admin Secure, Chatserv Patches, and more..
does a great job keepin peeps out that dont belong..
Has error docs addon,
GoogleTap ect..
give it a try, its a pretty nice package..
currently setting up
Easy IP Ban Reference - eC-IPBR (http://www.ec-clan.org/downloads.html)
Joined: Mar 03, 2003 Posts: 6221 Location: Washington Township, NJ, USA
Posted: Thu Sep 30, 2004 8:22 am Post subject: Re: Welcome Aboard
i'm still tweaking the IP Ban module here on this site, but for starters, here's what's going on behind the scenes:
- Portsentry monitors access attempts. Any blacklisted ports are automatically added to the iptables filter table.
- I have a 404 handler which notifies me of all 404's on the site. Most are innocent enough (typos, etc). But some are the script kiddies trying to break in. Any unauthorized attempts are immediately added to the iptables filter table.
- A cron job runs every 15 minutes to read the Portsentry log and updates the database.
- Once a week, I query all 4 top level registries (ARIN, RIPE, LAC, APNIC) and update my country database with the IP address ranges associate with each country.
All of these work together to form the IPBan module on this site. I'm testing mod_security [modsecurity.org] on another machine to quantify any performance impact, and will hopefully roll that into production soon.
I'm still working on some fine tuning of the information display pages, etc. Once I'm pleased with the final look/feel and the results, I will release it as a module. Unfortunately, due to it's dependance on iptables, it will be restricted to those who own/run their own servers. _________________
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Forum FAQ
Statistics
Search
Usergroups
