NukeSentinel™ 2.0 is the premier security enhancement for websites using the PHP-Nuke content management system. NukeSentinel™ does this by validating all database requests made through standard PHP-Nuke methods (that is, through the mainfile.php functions).

NukeSentinel™ was written by:

Bob Marion, NukeScripts.net, official download site

Raven, RavenPHPScripts.com, official support site

Chatserv, NukeFixes.com

GanjaUK, GanjaUK.com, official download for PCKiller templates

What NukeSentinel™ is NOT

NukeSentinel™ will NOT prevent server-level attacks such as Denial of Service (DoS) attacks. It also will not prevent attacks on other applications or modules that do not use standard PHP-Nuke methods for accessing the database.

PHP-Nuke and PHP-based websites in general have been susceptible to various types of improper access and defacement via techniques like cross-site scripting (XSS), SQL injection, and others. The worldwide popularity, modular design, public access to all source code and database design, and multiple public support websites are both a blessing and a curse to the hundreds of thousands of web masters using PHP-Nuke-based websites.

Unlike those of proprietary systems, PHP-Nuke's security flaws are available for all to see. These flaws are further exaggerated by similar issues with both PHP itself and the commonly used open-source database MySQL, which is used by the majority of PHP-Nuke websites. This volatile mix has given birth to a plethora of web “gangs” - teams of (usually young, attention-seeking) miscreants (often referred to as “script kiddies”) who use published attacks on PHP-Nuke web sites. Since the majority of these attacks are attempts to gain improper access to the PHP-Nuke database, NukeSentinel™ can provide a highly effective level of protection.

Follow the instructions in the README.txt file that is included in the distribution.

In a nutshell:

Extract the files, including directories

Rename the javascript.tmp file to javascript.php in the /includes directory

Edit your mainfile.php and add *include("includes/sentinel.php");* just after the opening Upload/FTP everything in the /html directory

load the nsnst.php file in your browser (e.g. http://www.mydomain.com/nsnst.php)

select the appropriate installation option (e.g. new installation or upgrade from a previous release)

see the instructions for configuring NukeSentinel™

delete the nsnst.php and nsnib.php from the Nuke directory

From the installation script (nsnstp.php), click the Goto NukeSentinel™ Admin link. From the Admin page, select the NukeSentinel™ link.

You will likely notice many red circles with a question mark inside (). You can click these for more information or explanations about the setting or link next to the circle.

The NukeSentinel™ Administration menu is displayed on all NukeSentinel™ administration / configuration pages. It contains links to:

NukeSentinel™ Administration

NukeSentinel™ Configuration

Site Administration

Blocked IP Addresses

Add IP Address

Clear All IP addresses

Clear Expired Blocks

Protected Admins List

Admin HTTPAuth List

Scan for New Admins

The NukeSentinel™ Administration is displayed. On this page, you can set:

Side Box Settings

Site Status

Proxy Blocker Status

Administrative Settings

List Page Settings

Selecting NukeSentinel™ Configuration displays the configuration menu, where you can set options for the following blockers:

Admin

C-Like

Union

Filters

Harvester

Referer

Scripting

Request Method

String

Each blocker has its own:

Activation Level (what to do when an attack is detected)

Setting to Write to .htaccess (if appropriate and set in the NukeSentinel™ Administration settings)

Forward To address/URL (if the activation level includes Forward)

IP Block Type (if the activation level includes Block)

Default Page (if the activation level includes Default)

Email IP Lookup (if available and the activation level includes Email)

Reason

Block Duration (if the activation level includes Block)

The Activation Level can be to one or more of the following:

email the admin

block the IP in database and, optionally, .htaccess

forward the offending user to a default / template page

forward the offending user to a specified forward address / URL

Some blockers require additional information. You must specify a list of harvesters, referers, request methods and strings to block attacks using these techniques. A default list is installed for harvesters and referers.

It is important to understand that NukeSentinel™ will prevent improper access regardless of the blocker settings, with the exception of referers and harvesters. The blocker settings simply specify what, if anything, else NukeSentinel™ will do when an attempt to gain improper access occurs.

Actually, the database is used by default. If your server runs Apache AND you choose to set the configuration such that your .htaccess path is defined AND you set the configuration for one or more blockers to use .htaccess, it will add blocked IPs to both your database and the .htaccess file.

Since your server (again, assuming you have Apache) checks the .htaccess file BEFORE allowing access to your website, you can prevent access from specified IPs at the server level. If you do not block at the server level via .htaccess, NukeSentinel™ will look at the database to determine which will be blocked.

If you have a high volume site, you might prefer to use the .htaccess since that method will require less effort than having PHP-Nuke via NukeSentinel™ check the database.

One disadvantage of using the htaccess is that it adds another layer of complexity to what NukeSentinel™ does. If NukeSentinel™ doesn't correctly update the .htaccess file, it could cause server errors and prevent all access to your site. I experienced this when manually adding blocked IPs, but I simply edited the .htaccess file and removed the bad characters to correct.

If you don't have a high volume site or you don't feel comfortable editing the .htaccess file (it's pretty straightforward, I think, and you most likely won't need to do so), I'd suggest just using the database (i.e. let NukeSentinel™ do the work).

Templates are...

Adding IP addresses, adding to lists, etc

Common problems...