Maybe your web hotel does not have mod_rewrite, which is needed for this to work. This has worked for almost all that have tested it.
I suggest that you change password for admins and then protect admin.php as I suggested.
Then create a copy of your site on your PC with Xampp. Then you can test to install Sentinel on it without being stressed by negatively affecting your ordinary site.
makuks Nuke Soldier
Joined: Aug 26, 2008
Posts: 14
Posted:
Wed Aug 27, 2008 1:52 am
Thanks for the replys, I got the rewrite thing to work, so thanks for that, I have added a .htpsswd file on my site and protected my admin.php script
When I added the IP address allow for the admin.php file it wouldn;t let me access the page even though I am on a fixed IP.
I will take a look at Xampp that sounds very interesting.
Thanks for your help.
Slackervaara Captain
Joined: Sep 13, 2003
Posts: 314
Posted:
Wed Aug 27, 2008 2:59 am
The only time I have not been able to access admin.php have been, when my ip-adress have changed. You could check your ip-adress at this page:
http://www.nukescripts.net/
When I patched my site and added Sentinel I run an exact copy of my site with Xampp. When everything worked I just uploaded it and the run the upgrade scripts. This worked very well. No problems.
makuks Nuke Soldier
Joined: Aug 26, 2008
Posts: 14
Posted:
Wed Aug 27, 2008 5:17 am
Do you think the password protection via .htaccess and .htpasswd will be secure enough or should I attempt to get Sentinel running.
Slackervaara Captain
Joined: Sep 13, 2003
Posts: 314
Posted:
Wed Aug 27, 2008 5:27 am
You are pretty safe with password protection and protection against cross scripting. I have similar protection in my .htaccess and it is rarely that Sentinel gives extra protection. It might be enough for you perhaps. How long have you had your site without being hacked? For me it took approximately a year.
perfect-games Site Admin
Joined: Jun 18, 2004
Posts: 210
Posted:
Wed Aug 27, 2008 9:20 am
i would also sudgest if you own the server install some good security , myself i use alot of custom rules target around phpnuke and mod security 2 is really great to stop offsite urls and will stop it right away.
also pending on youe setup cpanel i would install config server firewall
if not that a good setup of apf and bfd even good brute force protection on apache which if i recall is called Mod_Evasive i know they chaged there name in the past so you might want to google this.
also i find best way to stop admin.php access is either you are running 7.6 if i recall where they introduced $admin_file rename your admin file it will prevent but not always the solution.
make sure your running latest php and also harden php project also great which secures alot of those holes in the code base.
till i owned my own server i was hacked daily and every year i may of had my nuke site compromised even the server compromised in the past and had complete lockout but i hope this information is helpfull.
but if you dont have server access please install sentinal its the only solution on shared hosts, and you need to secure your site on shared sites not just for the sake of your site but your host provide could have there server at rick and some hosts dont like that sort of thing and are known to boot people , even happened to me many years ago
i hope this information is helpfull to those that need it
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
