Clan Themes, We Make Clans Look Good!

www.clan-themes.co.uk :: View topic - No unwanted access

Welcome To Clan Themes
	As the board grows please remember the Search Option and we hope you find our community useful. We also monitor Private Messages to stop members from abusing our sites system. If you are asking for assistance please provide your site link and nuke version, Thanks.

No unwanted access

11 Replies / 431 Views


www.clan-themes.co.uk Forum Index » Hacks n Mods	View previous topic :: View next topic

Untergang
Reputation: 593.6
votes: 4
Local time: 3:56 AM
Location: Lommel

Status: Offline
0.46 posts per day
Medals: 0

Joined: May 08, 2007
Last Visit: 07 Sep 2008
Posts: 227
Points: 5652

No unwanted access Posted: Mon Jun 09, 2008 5:26 pm

Hi,

I read this in the tutorials section:
http://www.clan-themes.co.uk/tutorials-view-146-prevent-unwanted-access-to-adminphp.html
I would like to install it, but I have a dynamic ip adress, the first 5 numbers are always the same.
The rest isn't. Is it possible to let it only check the first 5?
I allready blocks a lot of ip's so.

Angry-Fly
Reputation: 0.6
Local time: 9:56 PM

Status: Offline
0.05 posts per day
Medals: 0

Joined: May 20, 2008
Last Visit: 10 Jun 2008
Posts: 6
Points: 151

No unwanted access Posted: Tue Jun 10, 2008 3:32 am
Shop Purchases:Multi Gaming (Warrior) Theme

wildcard maybe...

such as 192.16*.***.***

I am not sure if this would work and I would definately make sure you back up the original file before you do any edit to it.

Bayler
Reputation: 748.3
votes: 9
Local time: 9:56 PM

Status: Offline
0.99 posts per day
Medals: 1 (View more...)

Joined: Nov 01, 2007
Last Visit: 20 Aug 2008
Posts: 310
Points: 6636

No unwanted access Posted: Tue Jun 10, 2008 7:03 am

ok... you have my curiosity peeked....

First Question is 'Why'... If your IP is dynamic...why would you want to IP lock the Access?
Example...you go to work, school, friends house, little red riding hoods grandmothers home...or wherever.... You wouldn't be able to even access the administration from any location but your own home... you'd basically be ( SOL ) if you ever needed to access your own site.

Second Question is 'Why' the need for added security ? Has something happened to your site in the past that causes you to think your site will result in a hostile take over? If your Operating Nuke, then your security system is based on Nuke Sentinel...it really DOESN'T get much better then that...

Dont get me wrong..im a NAZI when it comes to security myself...but if you think that someone can exploit your site, from the simple ability to navigate to the admin login link, you need to understand what ( Session Controls ) are...

You will not recieve help from me if i have to go digging for your CMS information and version, If i have to take the time to play 21 questions, then you can take the time to google! No Copyright, no support either!

Untergang
Reputation: 593.6
votes: 4
Local time: 3:56 AM
Location: Lommel

Status: Offline
0.46 posts per day
Medals: 0

Joined: May 08, 2007
Last Visit: 07 Sep 2008
Posts: 227
Points: 5652

Re: No unwanted access Posted: Tue Jun 10, 2008 9:15 am

1. I only access my admin panel when im at home,
and I read it and thought why the hell not.
More security -> better :D

2. I have some chinese spammers on my site so.
The make new accounts all the time,
so my temp users table is always filled with chinese guys,
but I think I managed to block .cn now.
I'm using phpnuke 7.9 atm, so no sentinel.
And the ip adress of chinese doesn't start with 88.197 I think.

Bayler
Reputation: 748.3
votes: 9
Local time: 9:56 PM

Status: Offline
0.99 posts per day
Medals: 1 (View more...)

Joined: Nov 01, 2007
Last Visit: 20 Aug 2008
Posts: 310
Points: 6636

No unwanted access Posted: Tue Jun 10, 2008 1:46 pm

considering your NOT using Nuke Sentinel ...im going to warn you to switch to a more Secured CMS...( Thats my Best Advice to you)

As for the rest....read up on ( HTACCESS )..its a text file thats comonly used for access restrictions..among other things.

http://home.golden.net/htaccess.html

Its better to set access by username...

Also...you can restrict domain access ( example block anyone from a ' .cn ' domain. )!!

Untergang
Reputation: 593.6
votes: 4
Local time: 3:56 AM
Location: Lommel

Status: Offline
0.46 posts per day
Medals: 0

Joined: May 08, 2007
Last Visit: 07 Sep 2008
Posts: 227
Points: 5652

Re: No unwanted access Posted: Tue Jun 10, 2008 1:54 pm

So if I want that only I can access the admin map, then I have to make a .htaccess file and put this in it:
<Limit GET POST>
require username Untergang
</Limit>

And to block .cn this:
<Limit GET POST>
order allow,deny
allow from all
deny from .cn
</Limit>

Am I correct or?

And about PHPNuke, I installed RavenNuke yesterday to test modules and themes ...,
I'll switch to RavenNuke probably, when I have the time to do so.

Thanks

Bayler
Reputation: 748.3
votes: 9
Local time: 9:56 PM

Status: Offline
0.99 posts per day
Medals: 1 (View more...)

Joined: Nov 01, 2007
Last Visit: 20 Aug 2008
Posts: 310
Points: 6636

No unwanted access Posted: Tue Jun 10, 2008 2:02 pm

pretty much!

here is a resource link with a bit more information:
http://home.golden.net/htaccess.html

Should get you started.

Untergang
Reputation: 593.6
votes: 4
Local time: 3:56 AM
Location: Lommel

Status: Offline
0.46 posts per day
Medals: 0

Joined: May 08, 2007
Last Visit: 07 Sep 2008
Posts: 227
Points: 5652

Re: No unwanted access Posted: Tue Jun 10, 2008 2:21 pm

Can't seem to get it to work.
I can only allow my own ip or deny it.
Guess it will just be a switch to ravennuke then.

Thanks anyway.

Greets

Bayler
Reputation: 748.3
votes: 9
Local time: 9:56 PM

Status: Offline
0.99 posts per day
Medals: 1 (View more...)

Joined: Nov 01, 2007
Last Visit: 20 Aug 2008
Posts: 310
Points: 6636

No unwanted access Posted: Tue Jun 10, 2008 4:21 pm

this is a copy of the default .htaccess file located in the base directory of Nuke Evolution:

Code:

##########################################################################
# Nuke-Evolution Basic: Enhanced PHP-Nuke Web Portal System #
##########################################################################

# -------------------------------------------
# Comment this out if PHP is run as CGI
# -------------------------------------------

# PHP_FLAG register_globals On
# PHP_FLAG output_buffering On

Options All -Indexes
# -------------------------------------------
# Swap index.html index.php for html start page
# -------------------------------------------
DirectoryIndex index.php index.html

Options +FollowSymlinks
<IfModule mod_rewrite.c>
RewriteEngine on
# -------------------------------------------
# Security Rewrites
# -------------------------------------------

RewriteCond %{THE_REQUEST} (\?act\=) [NC,OR]
RewriteCond %{THE_REQUEST} (sql_login) [NC,OR]
RewriteCond %{THE_REQUEST} (basepath) [OR]
RewriteCond %{THE_REQUEST} (libpath) [OR]
RewriteCond %{THE_REQUEST} (absolute_path) [OR]
RewriteCond %{THE_REQUEST} (vwar_root) [OR]
RewriteCond %{THE_REQUEST} (includedir) [OR]
RewriteCond %{THE_REQUEST} (file=http:\/\/) [OR]
RewriteCond %{THE_REQUEST} (name=http:\/\/) [OR]
RewriteCond %{THE_REQUEST} (phpbb_root_path)
RewriteRule ^.*$ http://127.0.0.1/ [R=301,L]
# -------------------------------------------
# Lazy Google Tap
# -------------------------------------------

RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)\.html$ /modules.php?name=$1&$2=$3&$4=$5&$6=$7&$8=$9 [L]

RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)\.html#(.*)$ /modules.php?name=$1&$2=$3&$4=$5&$6=$7#$8 [L]
RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)\.html$ /modules.php?name=$1&$2=$3&$4=$5&$6=$7 [L]

RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)\.html#(.*)$ /modules.php?name=$1&$2=$3&$4=$5#$6 [L]
RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)\.html$ /modules.php?name=$1&$2=$3&$4=$5 [L]

RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)\.html#(.*)$ /modules.php?name=$1&$2=$3#$4 [L]
RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)\.html$ /modules.php?name=$1&$2=$3 [L]

RewriteRule ^Evo-index.html#(.*)$ /index.php#$1 [L]
RewriteRule ^Evo-index.html$ /index.php [L]

RewriteRule ^Evo-(.*)\.html#(.*)$ /modules.php?name=$1#$2 [L]
RewriteRule ^Evo-(.*)\.html$ /modules.php?name=$1 [L]

RewriteCond %{HTTP_USER_AGENT} ^libwww-perl
RewriteRule ^.*$ http://127.0.0.1 [R,L]

RewriteCond %{HTTP_USER_AGENT} ^libwww-perl/[0-9].[0-9]*
RewriteRule ^.*$ http://127.0.0.1 [R,L]
</IfModule>

# for hosts that don't allow the above, we won't give people anything to look at
<IfModule mod_autoindex.c>
IndexIgnore *
</IfModule>

# -------------------------------------------
# Start of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
<Files .htaccess>
deny from all
</Files>

<Files .staccess>
deny from all
</Files>

# <Files admin.php>
# <Limit GET POST PUT>
# require valid-user
# </Limit>
# AuthName "Restricted"
# AuthType Basic
# AuthUserFile /PATH/TO/YOUR/.staccess
# </Files>
# -------------------------------------------
# Start of NukeSentinel(tm) DENY FROM area
# -------------------------------------------

# Disable .htaccess viewing from browser
<files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</files>

# Disable config.php viewing from browser
<files ~ "\config.php$">
deny from all
</files>

# deny most common except .php/.html
<FilesMatch "\.(inc|tpl|h|ihtml|sql|ini|conf|class|bin|spd|theme|module|exe)$">
deny from all
</FilesMatch>
# -------------------------------------------
# Setup caching
# -------------------------------------------

<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault A0

# Set up caching on media files for 1 year (forever?)
<FilesMatch "\.(ico|flv|pdf|mov|mp3|wmv|ppt)$">
ExpiresDefault A29030400
Header append Cache-Control "public"
</FilesMatch>

# Set up caching on media files for 1 week
<FilesMatch "\.(gif|jpg|jpeg|png|swf|bmp)$">
ExpiresDefault A604800
Header append Cache-Control "public"
</FilesMatch>

# Set up 2 Hour caching on commonly updated files
<FilesMatch "\.(xml|txt|html|js|css)$">
ExpiresDefault A7200
Header append Cache-Control "private, proxy-revalidate, must-revalidate"
</FilesMatch>
</IfModule>

# -------------------------------------------
# Start of NukeSentinel(tm) DENY FROM area
# -------------------------------------------

# Banned Bad Bots

As you can see, it takes some research to find the goal your trying to achieve..as i said..i wouldnt be locking yourself to an IP...i would be locking the admin file to a list of usernames.

If your frustrated because of your Distro..dont think another is going to be any easier to use ( Advanced Security ).

Untergang
Reputation: 593.6
votes: 4
Local time: 3:56 AM
Location: Lommel

Status: Offline
0.46 posts per day
Medals: 0

Joined: May 08, 2007
Last Visit: 07 Sep 2008
Posts: 227
Points: 5652

Re: No unwanted access Posted: Tue Jun 10, 2008 4:49 pm

No I just wanted to change to ravennuke for more security thats all.
I just don't understand the .htaccess thing,
with php I can work quite well.

Untergang
Reputation: 593.6
votes: 4
Local time: 3:56 AM
Location: Lommel

Status: Offline
0.46 posts per day
Medals: 0

Joined: May 08, 2007
Last Visit: 07 Sep 2008
Posts: 227
Points: 5652

Re: No unwanted access Posted: Wed Jun 11, 2008 3:22 pm

I got the .htaccess to work.
I use oscommerce too and the admin section is accesable by anyone.
But thanks to htaccess it isn't anymore,
so now I've put it on my phpnuke site aswell that only I can access admin.php.

Thanks

Bayler
Reputation: 748.3
votes: 9
Local time: 9:56 PM

Status: Offline
0.99 posts per day
Medals: 1 (View more...)

Joined: Nov 01, 2007
Last Visit: 20 Aug 2008
Posts: 310
Points: 6636

No unwanted access Posted: Thu Jun 12, 2008 3:13 pm

After reading a bit more..turns out Nuke Evolution added a rather odd script to its list of features:

IPS.php which allows IP Ranges to access set files ( admin.php for example) and so forth...

Its even got the feature to allow both usernames locks to an Ip range...