Clan Adverts

Sponsors

CT on Facebook

Latest Product

Mech Warrior Online Xtreme Theme
Mech Warrior Online Xtreme Theme

User Box

Anonymous
38.107.179.216
Nickname:

Password:

Security Code
Security Code
Type Security Code


PND Downloads Feed

Phpnuke Downloads
How to Delete or Reset yo...
How to Delete or Reset your PHPNuke Admin Account
Lost your admin password ?  Cant login to your admin account ? This s...
Back Online & Stuff
Back Online & Stuff
Look at us with our nifty website back up and running… Seriously...
How to edit the admins in...
How to edit the admins in the forums
Here is a way to make someone admin in your forums on your Evo site. I...
Demo Splash Screen
Demo Splash Screen
Ped @ Clan Themes has released a simple splash screen entrance hack. ...
Free Phpnuke Business The...
Free Phpnuke Business Theme 6
This is the 6th Business theme for Phpnuke that Clan Themes has releas...
Tricked Out Slider
Tricked Out Slider
We have seen some great new things come out of Tricked Out News and th...

Custom Work

PHP Nuke Custom Work

www.clanthemes.com :: View topic - No unwanted access
No unwanted access

11 Replies / 3029 Views
Post new topic   Reply to topic  

   www.clanthemes.com Forum Index » Hacks n Mods

View previous topic :: View next topic

Untergang
Reputation: 642.5 Add RepSubtract Rep
votes: 6
Local time: 10:42 AM
Location: Lommel
belgium.gif

 Stand-by Stand-by
Stand-by Stand-by

0.19 posts per day
Medals: 0
Joined: May 08, 2007
Last Visit: 31 Oct 2011
Posts: 346
Points: 22131 
Post No unwanted access Posted: Mon Jun 09, 2008 5:26 pm
Hi,

I read this in the tutorials section:
http://www.clan-themes.co.uk/tutorials-view-146-prevent-unwanted-access-to-adminphp.html
I would like to install it, but I have a dynamic ip adress, the first 5 numbers are always the same.
The rest isn't. Is it possible to let it only check the first 5?
I allready blocks a lot of ip's so.
 

UDesigns.be  
View user's profileSend private messageSend e-mailVisit poster's website Reply with quote

Angry-Fly
Reputation: 0.6 Add RepSubtract Rep
Local time: 4:42 AM


 Noob
Noob

0.00 posts per day
Medals: 0
Joined: May 20, 2008
Last Visit: 14 Sep 2008
Posts: 6
Points: 100 
Post No unwanted access Posted: Tue Jun 10, 2008 3:32 am
Shop Purchases:Multi Gaming (Warrior) Theme
wildcard maybe...

such as 192.16*.***.***

I am not sure if this would work and I would definately make sure you back up the original file before you do any edit to it.
 

 
View user's profileSend private message Reply with quote

Bayler
Reputation: 856.9 Add RepSubtract Rep
votes: 10
Local time: 4:42 AM

usa.gif

 Fire In The Hole
Fire In The Hole

0.16 posts per day
Medals: 1 (View more...)
Site Supporter (Amount: 1)

Joined: Nov 01, 2007
Last Visit: 08 May 2009
Posts: 275
Points: 2038 
Post No unwanted access Posted: Tue Jun 10, 2008 7:03 am
ok... you have my curiosity peeked....

First Question is 'Why'... If your IP is dynamic...why would you want to IP lock the Access?
Example...you go to work, school, friends house, little red riding hoods grandmothers home...or wherever.... You wouldn't be able to even access the administration from any location but your own home... you'd basically be ( SOL ) if you ever needed to access your own site.

Second Question is 'Why' the need for added security ? Has something happened to your site in the past that causes you to think your site will result in a hostile take over? If your Operating Nuke, then your security system is based on Nuke Sentinel...it really DOESN'T get much better then that...

Dont get me wrong..im a NAZI when it comes to security myself...but if you think that someone can exploit your site, from the simple ability to navigate to the admin login link, you need to understand what ( Session Controls ) are...
 

You will not recieve help from me if i have to go digging for your CMS information and version, If i have to take the time to play 21 questions, then you can take the time to google! No Copyright, no support either!  
View user's profileSend private messageMSN Messenger Reply with quote


Untergang
Reputation: 642.5 Add RepSubtract Rep
votes: 6
Local time: 10:42 AM
Location: Lommel
belgium.gif

 Stand-by Stand-by
Stand-by Stand-by

0.19 posts per day
Medals: 0
Joined: May 08, 2007
Last Visit: 31 Oct 2011
Posts: 346
Points: 22131 
Post Re: No unwanted access Posted: Tue Jun 10, 2008 9:15 am
1. I only access my admin panel when im at home,
and I read it and thought why the hell not.
More security -> better :D

2. I have some chinese spammers on my site so.
The make new accounts all the time,
so my temp users table is always filled with chinese guys,
but I think I managed to block .cn now.
I'm using phpnuke 7.9 atm, so no sentinel.
And the ip adress of chinese doesn't start with 88.197 I think.
 

 
View user's profileSend private messageSend e-mailVisit poster's website Reply with quote

Bayler
Reputation: 856.9 Add RepSubtract Rep
votes: 10
Local time: 4:42 AM

usa.gif

 Fire In The Hole
Fire In The Hole

0.16 posts per day
Medals: 1 (View more...)
Site Supporter (Amount: 1)

Joined: Nov 01, 2007
Last Visit: 08 May 2009
Posts: 275
Points: 2038 
Post No unwanted access Posted: Tue Jun 10, 2008 1:46 pm
considering your NOT using Nuke Sentinel ...im going to warn you to switch to a more Secured CMS...( Thats my Best Advice to you)

As for the rest....read up on ( HTACCESS )..its a text file thats comonly used for access restrictions..among other things.

http://home.golden.net/htaccess.html

Its better to set access by username...

Also...you can restrict domain access ( example block anyone from a ' .cn ' domain. )!!
 

 
View user's profileSend private messageMSN Messenger Reply with quote

Untergang
Reputation: 642.5 Add RepSubtract Rep
votes: 6
Local time: 10:42 AM
Location: Lommel
belgium.gif

 Stand-by Stand-by
Stand-by Stand-by

0.19 posts per day
Medals: 0
Joined: May 08, 2007
Last Visit: 31 Oct 2011
Posts: 346
Points: 22131 
Post Re: No unwanted access Posted: Tue Jun 10, 2008 1:54 pm
So if I want that only I can access the admin map, then I have to make a .htaccess file and put this in it:
<Limit GET POST>
require username Untergang
</Limit>

And to block .cn this:
<Limit GET POST>
order allow,deny
allow from all
deny from .cn
</Limit>

Am I correct or?

And about PHPNuke, I installed RavenNuke yesterday to test modules and themes ...,
I'll switch to RavenNuke probably, when I have the time to do so.

Thanks
 

 
View user's profileSend private messageSend e-mailVisit poster's website Reply with quote


Bayler
Reputation: 856.9 Add RepSubtract Rep
votes: 10
Local time: 4:42 AM

usa.gif

 Fire In The Hole
Fire In The Hole

0.16 posts per day
Medals: 1 (View more...)
Site Supporter (Amount: 1)

Joined: Nov 01, 2007
Last Visit: 08 May 2009
Posts: 275
Points: 2038 
Post No unwanted access Posted: Tue Jun 10, 2008 2:02 pm
pretty much!

here is a resource link with a bit more information:
http://home.golden.net/htaccess.html

Should get you started.
 

 
View user's profileSend private messageMSN Messenger Reply with quote

Untergang
Reputation: 642.5 Add RepSubtract Rep
votes: 6
Local time: 10:42 AM
Location: Lommel
belgium.gif

 Stand-by Stand-by
Stand-by Stand-by

0.19 posts per day
Medals: 0
Joined: May 08, 2007
Last Visit: 31 Oct 2011
Posts: 346
Points: 22131 
Post Re: No unwanted access Posted: Tue Jun 10, 2008 2:21 pm
Can't seem to get it to work.
I can only allow my own ip or deny it.
Guess it will just be a switch to ravennuke then.

Thanks anyway.

Greets
 

 
View user's profileSend private messageSend e-mailVisit poster's website Reply with quote

Bayler
Reputation: 856.9 Add RepSubtract Rep
votes: 10
Local time: 4:42 AM

usa.gif

 Fire In The Hole
Fire In The Hole

0.16 posts per day
Medals: 1 (View more...)
Site Supporter (Amount: 1)

Joined: Nov 01, 2007
Last Visit: 08 May 2009
Posts: 275
Points: 2038 
Post No unwanted access Posted: Tue Jun 10, 2008 4:21 pm
this is a copy of the default .htaccess file located in the base directory of Nuke Evolution:

Code:

##########################################################################
# Nuke-Evolution Basic: Enhanced PHP-Nuke Web Portal System              #
##########################################################################


# -------------------------------------------
# Comment this out if PHP is run as CGI
# -------------------------------------------

# PHP_FLAG register_globals On
# PHP_FLAG output_buffering On


Options All -Indexes
# -------------------------------------------
# Swap index.html index.php for html start page
# -------------------------------------------
DirectoryIndex index.php index.html

Options +FollowSymlinks
<IfModule mod_rewrite.c>
RewriteEngine on
# -------------------------------------------
# Security Rewrites
# -------------------------------------------

RewriteCond %{THE_REQUEST} (\?act\=) [NC,OR]
RewriteCond %{THE_REQUEST} (sql_login) [NC,OR]
RewriteCond %{THE_REQUEST} (basepath) [OR]
RewriteCond %{THE_REQUEST} (libpath) [OR]
RewriteCond %{THE_REQUEST} (absolute_path) [OR]
RewriteCond %{THE_REQUEST} (vwar_root) [OR]
RewriteCond %{THE_REQUEST} (includedir) [OR]
RewriteCond %{THE_REQUEST} (file=http:\/\/) [OR]
RewriteCond %{THE_REQUEST} (name=http:\/\/) [OR]
RewriteCond %{THE_REQUEST} (phpbb_root_path)
RewriteRule ^.*$ http://127.0.0.1/ [R=301,L]
# -------------------------------------------
# Lazy Google Tap
# -------------------------------------------

RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)\.html$ /modules.php?name=$1&$2=$3&$4=$5&$6=$7&$8=$9 [L]

RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)\.html#(.*)$ /modules.php?name=$1&$2=$3&$4=$5&$6=$7#$8 [L]
RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)\.html$ /modules.php?name=$1&$2=$3&$4=$5&$6=$7 [L]

RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)\.html#(.*)$ /modules.php?name=$1&$2=$3&$4=$5#$6 [L]
RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)\.html$ /modules.php?name=$1&$2=$3&$4=$5 [L]

RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)\.html#(.*)$ /modules.php?name=$1&$2=$3#$4 [L]
RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)\.html$ /modules.php?name=$1&$2=$3 [L]

RewriteRule ^Evo-index.html#(.*)$ /index.php#$1 [L]
RewriteRule ^Evo-index.html$ /index.php [L]

RewriteRule ^Evo-(.*)\.html#(.*)$ /modules.php?name=$1#$2 [L]
RewriteRule ^Evo-(.*)\.html$ /modules.php?name=$1 [L]

RewriteCond %{HTTP_USER_AGENT} ^libwww-perl
RewriteRule ^.*$ http://127.0.0.1 [R,L]

RewriteCond %{HTTP_USER_AGENT} ^libwww-perl/[0-9].[0-9]*
RewriteRule ^.*$ http://127.0.0.1 [R,L]
</IfModule>

# for hosts that don't allow the above, we won't give people anything to look at
<IfModule mod_autoindex.c>
 IndexIgnore *
</IfModule>

# -------------------------------------------
# Start of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
<Files .htaccess>
  deny from all
</Files>

<Files .staccess>
  deny from all
</Files>

# <Files admin.php>
#    <Limit GET POST PUT>
#      require valid-user
#    </Limit>
#    AuthName "Restricted"
#    AuthType Basic
#    AuthUserFile /PATH/TO/YOUR/.staccess
# </Files>
# -------------------------------------------
# Start of NukeSentinel(tm) DENY FROM area
# -------------------------------------------

# Disable .htaccess viewing from browser
<files ~ "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</files>

# Disable config.php viewing from browser
<files ~ "\config.php$">
    deny from all
</files>

# deny most common except .php/.html
<FilesMatch "\.(inc|tpl|h|ihtml|sql|ini|conf|class|bin|spd|theme|module|exe)$">
deny from all
</FilesMatch>
# -------------------------------------------
# Setup caching
# -------------------------------------------

<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault A0

# Set up caching on media files for 1 year (forever?)
<FilesMatch "\.(ico|flv|pdf|mov|mp3|wmv|ppt)$">
  ExpiresDefault A29030400
  Header append Cache-Control "public"
</FilesMatch>

# Set up caching on media files for 1 week
<FilesMatch "\.(gif|jpg|jpeg|png|swf|bmp)$">
ExpiresDefault A604800
Header append Cache-Control "public"
</FilesMatch>

# Set up 2 Hour caching on commonly updated files
<FilesMatch "\.(xml|txt|html|js|css)$">
  ExpiresDefault A7200
  Header append Cache-Control "private, proxy-revalidate, must-revalidate"
</FilesMatch>
</IfModule>

# -------------------------------------------
# Start of NukeSentinel(tm) DENY FROM area
# -------------------------------------------

# Banned Bad Bots


As you can see, it takes some research to find the goal your trying to achieve..as i said..i wouldnt be locking yourself to an IP...i would be locking the admin file to a list of usernames.

If your frustrated because of your Distro..dont think another is going to be any easier to use ( Advanced Security ).
 

 
View user's profileSend private messageMSN Messenger Reply with quote


Untergang
Reputation: 642.5 Add RepSubtract Rep
votes: 6
Local time: 10:42 AM
Location: Lommel
belgium.gif

 Stand-by Stand-by
Stand-by Stand-by

0.19 posts per day
Medals: 0
Joined: May 08, 2007
Last Visit: 31 Oct 2011
Posts: 346
Points: 22131 
Post Re: No unwanted access Posted: Tue Jun 10, 2008 4:49 pm
No I just wanted to change to ravennuke for more security thats all.
I just don't understand the .htaccess thing,
with php I can work quite well.
 

 
View user's profileSend private messageSend e-mailVisit poster's website Reply with quote

Untergang
Reputation: 642.5 Add RepSubtract Rep
votes: 6
Local time: 10:42 AM
Location: Lommel
belgium.gif

 Stand-by Stand-by
Stand-by Stand-by

0.19 posts per day
Medals: 0
Joined: May 08, 2007
Last Visit: 31 Oct 2011
Posts: 346
Points: 22131 
Post Re: No unwanted access Posted: Wed Jun 11, 2008 3:22 pm
I got the .htaccess to work.
I use oscommerce too and the admin section is accesable by anyone.
But thanks to htaccess it isn't anymore,
so now I've put it on my phpnuke site aswell that only I can access admin.php.

Thanks
 

 
View user's profileSend private messageSend e-mailVisit poster's website Reply with quote

Bayler
Reputation: 856.9 Add RepSubtract Rep
votes: 10
Local time: 4:42 AM

usa.gif

 Fire In The Hole
Fire In The Hole

0.16 posts per day
Medals: 1 (View more...)
Site Supporter (Amount: 1)

Joined: Nov 01, 2007
Last Visit: 08 May 2009
Posts: 275
Points: 2038 
Post No unwanted access Posted: Thu Jun 12, 2008 3:13 pm
After reading a bit more..turns out Nuke Evolution added a rather odd script to its list of features:

IPS.php which allows IP Ranges to access set files ( admin.php for example) and so forth...

Its even got the feature to allow both usernames locks to an Ip range...
 

 
View user's profileSend private messageMSN Messenger Reply with quote

Post new topic   Reply to topic  
   www.clanthemes.com Forum Index » Hacks n Mods


 
11 Replies / 3029 Views
Page 1 of 1
All times are GMT
Display posts from previous:   
 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
 

Company Information
Home · About Us · Affiliates · Advertising
Link To Us · Newsletter · Contact Us · Site Map
All content © Clan Themes 2006 - 2012
Based on RavenNuke